Solved Mom's laptop is too slow

B

blairman

Posts: 146   +1
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2017
Ran by Owner (administrator) on OWNER-PC (28-10-2017 20:29:57)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AOL Inc.) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(MyWebSearch.com) C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
(MyWebSearch.com) C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
(AOL Inc.) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\MSN Messenger\msnmsgr.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Second Nature Software, Inc.) C:\SLIDESHW\Snsicon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(MyWebSearch.com) C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
(Sprint Spectrum, L.L.C) C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Realtek Semiconductor Corp.) C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_27_0_0_159_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MyWebSearch\bar\2.bin\M3PLUGIN.DLL,UPF
HKLM\...\Run: [MyWebSearch Email Plugin] => C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE [32838 2009-04-30] (MyWebSearch.com)
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE [24688 2009-04-30] (MyWebSearch.com)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1241352817\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [ddoctorv2] => C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [202560 2008-04-24] (SupportSoft, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Run: [MsnMsgr] => C:\Program Files\MSN Messenger\MsnMsgr.Exe [6856704 2007-09-04] (Microsoft Corporation)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Run: [MyWebSearch Email Plugin] => C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE [32838 2009-04-30] (MyWebSearch.com)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\32-bit Second Nature.scr [132608 1998-08-12] (Panasonic)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forget Me Not.lnk [2008-11-18]
ShortcutTarget: Forget Me Not.lnk -> C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Multimedia Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-09-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-07-26]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snsicon.lnk [2010-07-21]
ShortcutTarget: Snsicon.lnk -> C:\SLIDESHW\Snsicon.exe (Second Nature Software, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-125872590-1481980480-1854466539-1003] => :0
AutoConfigURL: [S-1-5-21-125872590-1481980480-1854466539-1003] => :0
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D68943E1-646B-43AE-9F15-85D946CCF8F4}: [DhcpNameServer] 68.87.66.234 68.87.64.230
Tcpip\..\Interfaces\{EDEA49A3-65C5-4B60-8A0C-88D530E5D8CC}: [DhcpNameServer] 192.168.254.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.comcast.net/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.us.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/?ncid=toolbar
URLSearchHook: HKLM - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
SearchScopes: HKLM -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aol-ie&s_qt=sb&tb_uuid=20110710223541204&tb_oid=10-07-2011&tb_mrud=16-02-2014
SearchScopes: HKLM -> ComcastSearch URL = hxxp://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aol-ie&s_qt=sb&tb_uuid=20110710223541204&tb_oid=10-07-2011&tb_mrud=16-02-2014
SearchScopes: HKLM -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2..../mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}&si=74797
SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aol-ie&s_qt=sb&tb_uuid=20110710223541204&tb_oid=10-07-2011&tb_mrud=16-02-2014
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> ComcastSearch URL = hxxp://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aol-ie&s_qt=sb&tb_uuid=20110710223541204&tb_oid=10-07-2011&tb_mrud=16-02-2014
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2..../mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}&si=74797
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> {E519AA1F-E8A8-47ED-92E3-BCFB65055819} URL = hxxp://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
BHO: MyWebSearch Search Assistant BHO -> {00A6FAF1-072E-44cf-8957-5838F569A31D} -> C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL [2009-04-30] (MyWebSearch.com)
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: mwsBar BHO -> {07B18EA1-A523-4961-B6BB-170DE4475CCA} -> C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2009-04-30] (MyWebSearch.com)
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll [2014-02-07] (AOL Inc.)
BHO: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files\Common Files\Homepage Protection\HomepageProtection.dll [2009-08-28] (AOL Products)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03] (Egis Incorporated.)
Toolbar: HKLM - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2009-04-30] (MyWebSearch.com)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2014-02-07] (AOL Inc.)
Toolbar: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll [2014-02-07] (AOL Inc.)
Toolbar: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2009-04-30] (MyWebSearch.com)
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cz3fd5h.default [2017-10-13]
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cz3fd5h.default\user.js [2014-02-16]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4cz3fd5h.default -> AOL Search
FF Homepage: Mozilla\Firefox\Profiles\4cz3fd5h.default -> hxxp://www.aol.com
FF Keyword.URL: Mozilla\Firefox\Profiles\4cz3fd5h.default -> hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF Extension: (AOL Toolbar) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cz3fd5h.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2014-02-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-06] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\aolsearch.xml [2014-02-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-13] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-13] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll [2009-04-30] (MyWebSearch.com)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-10-15]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-16]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-16]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR crx: C:\Program Files\Google\Chrome\Application\43.0.2357.132\default_apps\search.crx [2015-07-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-28] (Adobe Systems Incorporated) [File not signed]
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 MyWebSearchService; C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE [28762 2009-04-30] (MyWebSearch.com) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SPCSUtilityService; C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe [131072 2007-08-29] (Sprint Spectrum, L.L.C) [File not signed]
R2 sprtsvc_ddoctorv2; C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-02-09] (NewTech Infosystems, Inc.) [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [24456 2007-08-10] ()
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-28 20:29 - 2017-10-28 20:30 - 000020016 _____ C:\Users\Owner\Desktop\FRST.txt
2017-10-28 20:29 - 2017-10-28 20:29 - 000000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2017-10-28 20:29 - 2017-10-28 20:29 - 000000000 ____D C:\FRST
2017-10-28 20:28 - 2017-10-28 20:29 - 001799680 _____ (Farbar) C:\Users\Owner\Desktop\frst.exe
2017-10-14 03:33 - 2015-08-13 10:15 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-14 03:33 - 2015-08-13 10:15 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-14 03:32 - 2016-01-29 23:09 - 000429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2017-10-14 03:32 - 2016-01-29 23:09 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2017-10-14 03:32 - 2016-01-29 23:09 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2017-10-14 03:32 - 2016-01-29 23:09 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2017-10-14 03:32 - 2016-01-29 23:09 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2017-10-14 03:32 - 2016-01-29 23:09 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2017-10-14 03:32 - 2016-01-29 23:08 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2017-10-14 03:32 - 2016-01-29 23:08 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2017-10-14 03:32 - 2016-01-29 23:08 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2017-10-14 03:32 - 2016-01-29 21:32 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2017-10-14 03:31 - 2015-07-21 12:07 - 000140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2017-10-14 03:31 - 2015-07-21 12:07 - 000056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-10-14 03:31 - 2015-07-21 12:03 - 000564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2017-10-14 03:31 - 2015-07-21 12:03 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-10-14 03:30 - 2015-09-02 17:26 - 001402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-10-14 03:30 - 2015-09-02 17:26 - 001253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-10-14 03:29 - 2016-02-01 13:21 - 001208776 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-14 03:29 - 2016-01-29 23:15 - 003609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-10-14 03:29 - 2016-01-29 23:15 - 003556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-14 03:29 - 2016-01-29 23:09 - 001316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-10-14 03:29 - 2016-01-29 23:09 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-14 03:29 - 2016-01-29 23:08 - 000894976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-14 03:29 - 2016-01-29 23:07 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-14 03:29 - 2016-01-29 23:07 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-14 03:29 - 2016-01-29 21:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-14 03:28 - 2015-07-31 15:27 - 000103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-10-14 03:27 - 2015-06-17 12:50 - 002264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-10-14 03:27 - 2015-06-17 11:09 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-10-14 03:25 - 2015-12-05 13:03 - 002873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-14 03:25 - 2015-12-05 13:03 - 001567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 001377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 001326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-10-14 03:25 - 2015-12-05 13:03 - 001114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-10-14 03:25 - 2015-12-05 13:03 - 000767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-10-14 03:25 - 2015-12-05 13:03 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-10-14 03:25 - 2015-12-05 13:02 - 000853504 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2017-10-14 03:25 - 2015-12-05 13:02 - 000613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-10-14 03:25 - 2015-12-05 13:02 - 000391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-10-14 03:25 - 2015-12-05 13:02 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-10-14 03:25 - 2015-12-05 13:02 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-10-14 03:25 - 2015-12-05 12:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2017-10-14 03:24 - 2015-12-05 13:03 - 000506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-10-14 03:24 - 2015-12-05 13:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-10-14 03:24 - 2015-07-10 15:37 - 002067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-10-14 03:23 - 2016-01-07 11:21 - 002068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-14 03:23 - 2015-11-06 13:05 - 000627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-10-14 03:23 - 2015-11-06 12:32 - 001029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-10-14 03:23 - 2015-11-06 12:32 - 000219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-10-14 03:23 - 2015-11-06 12:32 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-10-14 03:23 - 2015-11-06 12:32 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-10-14 03:23 - 2015-11-06 11:27 - 001172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-10-14 03:23 - 2015-11-06 11:26 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-10-14 03:23 - 2015-11-06 11:20 - 001073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-10-14 03:23 - 2015-11-06 11:20 - 000682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-10-14 03:23 - 2015-11-06 11:19 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-10-14 03:22 - 2015-11-13 12:56 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-10-14 03:22 - 2015-11-13 12:56 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-10-14 03:22 - 2015-11-13 11:27 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-10-14 03:22 - 2015-10-13 10:31 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-10-14 03:22 - 2015-10-13 10:31 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-10-14 03:20 - 2015-11-02 13:04 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-10-14 03:13 - 2015-07-18 12:03 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-10-14 03:12 - 2015-09-02 17:26 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-10-14 03:12 - 2015-09-02 15:54 - 000297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-14 03:11 - 2015-08-05 11:59 - 000602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-10-14 03:11 - 2015-07-28 20:46 - 011588096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-10-14 03:10 - 2015-11-05 03:26 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-10-14 03:10 - 2015-05-31 04:11 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2017-10-14 03:06 - 2015-12-05 13:02 - 000298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-14 03:05 - 2016-01-07 11:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-10-14 03:05 - 2015-11-10 13:03 - 001208832 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-10-14 03:05 - 2015-11-10 13:03 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-10-14 03:05 - 2015-10-10 12:02 - 000526272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-10-14 03:05 - 2015-07-09 10:25 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-10-14 03:05 - 2015-07-09 10:25 - 000151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-10-14 03:05 - 2015-07-01 11:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-10-14 03:02 - 2016-01-09 13:06 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-14 03:02 - 2015-11-05 03:34 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-10-14 03:01 - 2015-09-26 12:05 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-14 03:01 - 2015-09-26 12:04 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-14 03:01 - 2015-09-26 09:21 - 000274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-14 03:01 - 2015-09-22 09:11 - 000440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-14 03:01 - 2015-06-27 12:02 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-14 03:01 - 2015-06-27 10:21 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-14 03:01 - 2015-06-27 10:21 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-14 03:01 - 2015-01-08 20:17 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-13 13:48 - 2016-01-25 00:59 - 001815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-13 13:48 - 2016-01-25 00:57 - 012391424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-13 13:48 - 2016-01-25 00:55 - 000367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-13 13:48 - 2016-01-25 00:54 - 009753600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-13 13:48 - 2016-01-25 00:54 - 001140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-13 13:48 - 2016-01-25 00:53 - 001129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 001804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 001427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-13 13:48 - 2016-01-25 00:52 - 000718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 000607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-13 13:48 - 2016-01-25 00:52 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 002382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-13 13:48 - 2016-01-25 00:51 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-10-13 13:48 - 2016-01-25 00:51 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-10-13 10:41 - 2017-10-13 10:42 - 072822184 _____ (Oath Inc.) C:\Users\Owner\Downloads\Install_AOL_Desktop.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-28 20:28 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\inf
2017-10-28 20:28 - 2006-11-02 06:33 - 000826598 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-28 20:21 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\rescache
2017-10-28 20:14 - 2012-10-11 13:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-10-28 20:14 - 2011-06-26 14:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-10-28 20:14 - 2008-02-09 01:38 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-28 19:39 - 2006-11-02 08:47 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-28 19:39 - 2006-11-02 08:47 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-28 19:38 - 2006-11-02 09:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-15 13:30 - 2006-11-02 09:01 - 000032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-15 13:14 - 2009-04-27 19:54 - 000000000 ____D C:\Users\Owner\AppData\Local\Deployment
2017-10-15 12:31 - 2006-11-02 08:47 - 000403120 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-15 12:29 - 2008-02-09 01:37 - 000000000 ____D C:\Windows\system32\RTCOM
2017-10-15 12:29 - 2006-11-02 08:37 - 000000000 ____D C:\Windows\system32\XPSViewer
2017-10-15 12:29 - 2006-11-02 08:37 - 000000000 ____D C:\Program Files\Windows Journal
2017-10-15 12:29 - 2006-11-02 08:37 - 000000000 ____D C:\Program Files\Windows Collaboration
2017-10-14 03:20 - 2013-08-15 03:10 - 000000000 ____D C:\Windows\system32\MRT
2017-10-14 03:14 - 2006-11-02 06:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-10-13 19:27 - 2013-12-16 16:45 - 000001949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-13 19:27 - 2013-12-16 16:45 - 000001937 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2008-07-13 21:54 - 2013-03-16 10:04 - 000013312 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-10 20:08 - 2008-09-10 21:49 - 000001127 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
2014-02-12 22:56 - 2014-02-12 22:56 - 000115816 _____ (AOL Inc.) C:\Users\Owner\AppData\Local\Temp\AcsInstall.dll
2010-07-21 22:10 - 2010-07-21 22:10 - 002605008 _____ (Adobe Systems, Inc.) C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
2011-07-10 18:36 - 2011-07-10 18:36 - 000382648 _____ (AOL Products) C:\Users\Owner\AppData\Local\Temp\homepage-protection190C.exe
2013-06-30 03:40 - 2013-06-30 03:40 - 000208896 _____ (Realtek Semiconductor Corp.) C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
2003-10-23 14:27 - 2003-10-23 14:27 - 000022528 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\SHFOLDER.DLL
2010-07-21 22:16 - 2010-07-21 22:16 - 000002560 _____ () C:\Users\Owner\AppData\Local\Temp\~GL_105D.EXE
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-28 20:18
==================== End of FRST.txt ============================
 
Addition post


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Owner (28-10-2017 20:31:13)
Running from C:\Users\Owner\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-03-04 15:04:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-125872590-1481980480-1854466539-500 - Administrator - Disabled)
Guest (S-1-5-21-125872590-1481980480-1854466539-501 - Limited - Disabled)
Owner (S-1-5-21-125872590-1481980480-1854466539-1003 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2004 Mahjongg (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\2004 Mahjongg) (Version: 1.0.0.0 - eGames)
3100_3200_3300_Help (HKLM\...\{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
3100_3200_3300trb (HKLM\...\{E0A43EF2-46A5-4de2-916A-C515D8AA1618}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
3300 (HKLM\...\{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Acer Assist (HKLM\...\Acer Assist) (Version: - Acer Incorporated)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.69.110 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.31.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
American Greetings® CreataCard® Platinum 5 (HKLM\...\American Greetings CreataCard 5.0) (Version: - )
AOL Mail and AIM Gadget (HKLM\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)
AOL Toolbar (HKLM\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Toolbar (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\AOL Toolbar) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Brain Block's Arcade Mah Jongg Gold 1.23 (HKLM\...\Brain Block's Arcade Mah Jongg Gold_is1) (Version: - Brain Block Interactive)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
BufferChm (HKLM\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Championship Mah Jongg (HKLM\...\Championship Mah Jongg) (Version: - )
Comcast High-Speed Internet Install Wizard (HKLM\...\ComcastHSI) (Version: - Comcast Cable Communications, LLC)
Copy (HKLM\...\{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast)
Destinations (HKLM\...\{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DIGOpt (HKLM\...\{4F1CECBC-670F-4DAA-81D6-944B12450917}) (Version: 9.0.0917.2 - Your Company Name) Hidden
DocProc (HKLM\...\{49F2B650-2D7B-4F59-B33D-346F63776BD3}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (HKLM\...\{87E2B986-07E8-477a-93DC-AF0B6758B192}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Download Updater (AOL Inc.) (HKLM\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (HKLM\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GearDrvs (HKLM\...\{206FD69B-F9FE-4164-81BD-D52552BC9C23}) (Version: 5.0.0.2 - Symantec Corporation) Hidden
GearDrvs (HKLM\...\{CB84F0F2-927B-458D-9DC5-87832E3DC653}) (Version: 1.00.0000 - GEAR Software) Hidden
getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Homepage Protection (HKLM\...\Homepage Protection) (Version: - AOL Products)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{818ABC3C-635C-4651-8183-D0E9640B7DD1}) (Version: 5.002.001.004 - Hewlett-Packard)
HPProductAssistant (HKLM\...\{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (HKLM\...\{CE386A4E-D0DA-4208-8235-BCE43275C694}) (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Mahjongg Empire (HKLM\...\Mahjongg Empire) (Version: - )
Mahjongg Jr. (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Jr.) (Version: 1.0.0.0 - eGames)
Mahjongg Master 4 (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master 4) (Version: 1.0.0.0 - eGames)
Mahjongg Master 5 (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master 5) (Version: 1.0.0.0 - eGames)
Mahjongg Master Egyptian Edition (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master Egyptian Edition) (Version: 1.0.0.0 - eGames)
Mahjongg Patience (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Patience) (Version: 1.0.0.0 - eGames)
Mahjongg Tiles of Time Lite (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Tiles of Time Lite) (Version: 1.0.0.0 - eGames)
MarketResearch (HKLM\...\{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}) (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version: - )
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSN Messenger 7.0 (HKLM\...\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}) (Version: 7.0.0820 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Web Search (Webfetti) (HKLM\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTION
NTI Backup NOW! 4.7 (HKLM\...\{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI Shadow (HKLM\...\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.35 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.35 - NewTech Infosystems)
Photo Organizer (HKLM\...\Photo Organizer 1.8) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3704d.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Scan (HKLM\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Second Nature - Reefs to Rainforests by Charles Lynn Bragg (HKLM\...\Second Nature - Reefs to Rainforests by Charles Lynn Bragg) (Version: - )
SolutionCenter (HKLM\...\{A36CD345-625C-4d6c-B3E2-76E1248CB451}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sprint Mobile Broadband (Sierra) (HKLM\...\{6DCBB845-0FA4-4723-A40A-1F320C221C30}) (Version: 3.05.004 - Sierra Wireless)
Status (HKLM\...\{978C25EE-5777-46e4-8988-732C297CBDBD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
System Checkup 3.4 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (HKLM\...\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Toolbox (HKLM\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{FF075778-6E50-47ed-991D-3B07FD4E3250}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Twilight Mahjongg v4e.2c.7 (HKLM\...\Twilight Mahjongg_is1) (Version: - )
Ultimate Mahjongg (HKLM\...\Ultimate Mahjongg) (Version: - )
Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - )
UnloadSupport (HKLM\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
WebReg (HKLM\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Worlds Best Mahjongg Games (HKLM\...\{92B0DD85-4CAC-4F7D-96A6-5D6FAAFC942D}) (Version: 1.00.0000 - Valusoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{0D7FDC12-4366-3687-B4C4-93C84983BEB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{368CB9E8-3035-3AA5-B0D1-50FE1C930319}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{4431F57E-8B58-387E-AC60-6DD3E7850CD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{60E1979E-326D-3D30-A96C-C6ADCDD2AF66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{634C733B-EABF-3922-BA49-5CB3927D480C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{BB048B39-D3CB-37BF-A746-068C9F9FF26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-01-03] (Egis Incorporated.)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-01-03] (Egis Incorporated.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2007-08-20] (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15E53C83-93C7-4598-8770-E8B1878D7ADF} - System32\Tasks\Acer\Acer Assist\New Message Check - Owner => C:\Program Files\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)
Task: {37485A59-0EA7-4FE4-846B-A99FD708F9BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
Task: {6AD53F7B-8BF4-437D-B5E0-5B7CEBEAC655} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-28] (Adobe Systems Incorporated)
Task: {7CEA54CD-9966-4353-B0A2-A815EB3E8E88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2008-03-04 10:56 - 2007-08-20 16:10 - 000249856 _____ () C:\Windows\system32\igfxTMM.dll
2014-02-13 16:10 - 2014-02-13 16:10 - 000059392 _____ () c:\program files\common files\aol\1241352817\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
2008-03-04 11:17 - 2007-11-27 22:54 - 000110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-03-04 11:17 - 2007-11-27 19:08 - 000032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-03-04 11:15 - 2007-02-13 10:26 - 000016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-03-04 11:15 - 2007-02-13 10:26 - 000016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-04 11:16 - 2007-12-19 22:09 - 000024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-03-04 11:16 - 2007-12-19 22:09 - 000118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-03-04 11:16 - 2007-12-19 22:08 - 000032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 000397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 000475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 06:23 - 2006-09-18 17:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{08CB69C8-3D97-4F65-9B42-C547236DAF8E}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{48A1EC39-0507-4A76-AF52-FDD026045F0D}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{8246BFCF-3896-4D43-9EB8-BA4C798A1F1C}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{B1C022B9-E78C-4956-A5BF-CB5C78B6CFF3}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{A340BE6B-D897-4BD1-8EE6-B483FA162563}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{0F8D350C-7262-4C29-ADB9-DA07F145F843}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{F79AB403-30CA-4562-99EE-AA4A5F20C754}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{072F0B8A-4338-4BD5-8C19-AB49A468599A}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{5B34CE2F-18DE-4ECC-9666-002DA863572A}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{EDBB2721-F160-4D78-AB67-E6213435D071}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{53A913FF-CBDD-45C1-B5FE-1A2E0FF99D4B}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{21EBA145-6B20-4874-87FC-4ECF81D17D43}] => (Allow) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
FirewallRules: [{59E3C47F-357A-493A-9940-39111FB7EAC8}] => (Allow) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
FirewallRules: [{1AF7BC53-44B8-483E-8B3B-1047FD57568D}] => (Allow) C:\Program Files\AOL 9.1\waol.exe
FirewallRules: [{2D2B84F8-9CE4-49E4-AF80-579A38AF8ED3}] => (Allow) C:\Program Files\AOL 9.1\waol.exe
FirewallRules: [{88EE403C-CB7C-4544-8895-49CDD36DA042}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{CE375E87-EE45-427D-AAE3-2DA9961D602D}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4473A02D-7333-4D05-ACEE-CB6A07BADE97}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe
FirewallRules: [{14FA81A4-D5A2-4932-9302-2F428AA5D446}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe
FirewallRules: [{098B1DC6-4001-4E1B-A550-57F57DF8FCE3}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe
FirewallRules: [{B2C43393-30DE-4973-9668-F7ACFA9E75FC}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe
FirewallRules: [{AF5D5E36-2B32-482F-9E67-3B3BCAD0792F}] => (Allow) LPort=80
FirewallRules: [{B08349D2-6E29-4F5F-BB69-8FA426CD88B3}] => (Allow) LPort=80
FirewallRules: [{C6C635D8-31E0-4DFC-975D-4CBD652FBBB3}] => (Allow) LPort=80
FirewallRules: [{95CE2D57-17F7-41CD-AC7F-65FEDCD6FFCC}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{76DC43A8-EA7A-4EAE-A856-927F367B7073}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{CDF0D6B0-4660-44FB-B3D0-F1B2F783A111}] => (Allow) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{D19DB3F2-69C3-4B36-8EB8-750F5E718FF5}] => (Allow) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{B24CFA4B-7121-4EE0-8113-833DB8D855B4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C0A900E8-B272-4DD8-A9DA-8B32FE5AE0E0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
14-10-2017 03:00:57 Windows Update
15-10-2017 13:24:30 Windows Update
28-10-2017 19:57:26 Windows Update
==================== Faulty Device Manager Devices =============
Name: isatap.{6C88932B-58B5-4BAD-8C2E-9C2A0C52264D}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================
Application errors:
==================
Error: (10/28/2017 07:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99, faulting module HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99, exception code 0xc0000005, fault offset 0x000099b1,
process id 0x724, application start time 0x01d350462f8098b0.
Error: (10/28/2017 07:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/15/2017 01:28:44 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/15/2017 01:28:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
Error: (10/15/2017 12:32:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/15/2017 12:29:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/14/2017 03:27:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/14/2017 03:27:06 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
Error: (10/14/2017 03:19:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (10/14/2017 03:19:54 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

System errors:
=============
Error: (10/28/2017 08:02:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (10/28/2017 08:02:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
Error: (10/28/2017 08:02:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}
Error: (10/28/2017 07:59:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Software Shadow Copy Provider service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (10/28/2017 07:59:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.
Error: (10/28/2017 07:59:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server:
{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Error: (10/28/2017 07:41:21 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{EDEA49A3-65C5-4B60-8A0C-88D530E5D8CC}.
The backup browser is stopping.
Error: (10/28/2017 07:39:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (10/15/2017 01:28:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Event-ID 20
Error: (10/15/2017 01:22:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2013-06-30 02:54:25.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:24.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:55.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.786
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.372
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 77%
Total physical RAM: 2037.68 MB
Available physical RAM: 455.23 MB
Total Virtual: 4318.64 MB
Available Virtual: 2318.29 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:51.01 GB) (Free:10.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:51.01 GB) (Free:40.66 GB) NTFS
Drive f: (HP USB FD) (Removable) (Total:3.8 GB) (Free:3.79 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: D392C44F)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)
==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================

redtarget.gif
Uninstall following unwanted programs:

Download Updater
My Web Search

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.11.21.0 [Oct 23 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 10/28/2017 22:02:22 (Duration : 00:41:54)
Switches : -refid
¤¤¤ Processes : 2 ¤¤¤
[PUP.Gen1|VT.Hijacker.MyWebSearch] MWSOEMON.EXE(1936) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE[-] -> Found
[PUP.Gen1|VT.MyWebSearch Toolbar] mwsoestb.dll(1708) -- C:\Program Files\MyWebSearch\bar\2.bin\mwsoestb.dll[-] -> Found
¤¤¤ Registry : 29 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} (C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} (C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} -> Found
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{C658F505-7C8B-45FA-A4C7-4CF8D56BAD59} (C:\Program Files\AOL Toolbar\aoltbServerPS.dll) -> Found
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{CC4AFE4D-D64D-4535-9A09-9D8BDC5F4C46} (C:\Program Files\AOL Toolbar\aoltbServerPS.dll) -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\FocusInteractive -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Fun Web Products -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\FunWebProducts -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\MetaStream -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\MyWebSearch -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Viewpoint -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\FunWebProducts -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\MyWebSearch -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\AppDataLow\Software\Fun Web Products -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\AppDataLow\Software\FunWebProducts -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\AppDataLow\Software\MyWebSearch -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUP.Gen0|PUP.Gen1|VT.Hijacker.MyWebSearch] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MyWebSearchService (C:\PROGRA~1\MyWebSearch\bar\2.bin\mwssvc.exe) -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : :0 -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.comcast.net/ -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com/?ncid=toolbar -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://en.us.acer.yahoo.com -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D68943E1-646B-43AE-9F15-85D946CCF8F4} | DhcpNameServer : 68.87.66.234 68.87.64.230 ([-][United States]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{D68943E1-646B-43AE-9F15-85D946CCF8F4} | DhcpNameServer : 68.87.66.234 68.87.64.230 ([-][United States]) -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 10 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\AOL Toolbar -> Found
[PUP.Gen1][Folder] C:\ProgramData\Viewpoint -> Found
[PUP.Gen1][Folder] C:\Users\Owner\AppData\Local\AOL Toolbar -> Found
[PUP.Gen1][Folder] C:\ProgramData\AOL Toolbar -> Found
[PUP.Gen1][Folder] C:\ProgramData\Viewpoint -> Found
[PUP.Gen1][Folder] C:\Program Files\AOL Toolbar -> Found
[PUP.Gen1][Folder] C:\Program Files\comcasttb -> Found
[PUP.Gen1][Folder] C:\Program Files\FunWebProducts -> Found
[PUP.Gen1][Folder] C:\Program Files\MyWebSearch -> Found
[PUP.Gen1][Folder] C:\Program Files\Viewpoint -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Firefox:Config] 4cz3fd5h.default : user_pref("browser.startup.homepage", "http://www.aol.com"); -> Found
[PUM.SearchEngine][Firefox:Config] 4cz3fd5h.default : user_pref("browser.search.selectedEngine", "AOL Search"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1200BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 45858804ca922e7f99040dda100d523e
[BSP] 7933e4350353dc097d2293ccba9934f5 : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 52238 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 127465472 | Size: 52233 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
on to malwarebytes
 
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 10/29/17
Scan Time: 2:54 AM
Log File: fe63b5ea-bc75-11e7-a553-001d722386b1.json
Administrator: Yes
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3122
License: Trial
-System Information-
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: System
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 246188
Threats Detected: 98
Threats Quarantined: 98
Time Elapsed: 10 min, 24 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 9
PUP.Optional.IoloSC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1, Quarantined, [2119], [349237],1.0.3122
PUP.Optional.FunWebProducts, HKU\S-1-5-21-125872590-1481980480-1854466539-1003\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [6385], [238589],1.0.3122
PUP.Optional.FunWebProducts, HKU\S-1-5-21-125872590-1481980480-1854466539-1003\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [6385], [238590],1.0.3122
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [2072], [241108],1.0.3122
PUP.Optional.MyWebSearch, HKU\S-1-5-21-125872590-1481980480-1854466539-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [2072], [241108],1.0.3122
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\FunWebProducts, Quarantined, [6385], [238591],1.0.3122
PUP.Optional.IoloSC, HKLM\SOFTWARE\IOLO\System Checkup, Quarantined, [2119], [349242],1.0.3122
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\MICROSOFT\CODE STORE DATABASE\DISTRIBUTION UNITS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [6385], [168022],1.0.3122
PUP.Optional.FunWebProducts, HKU\S-1-5-21-125872590-1481980480-1854466539-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [6385], [168022],1.0.3122
Registry Value: 2
PUP.Optional.MyWebSearch, HKU\S-1-5-21-125872590-1481980480-1854466539-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}|URL, Quarantined, [2072], [241108],1.0.3122
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}|URL, Quarantined, [2072], [241109],1.0.3122
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 18
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\ScreenSaver\Images, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Installr\Cache, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\ScreenSaver, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Installr, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Shared, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Data, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\USERS\OWNER\APPDATA\LOCALLOW\FUNWEBPRODUCTS, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Settings, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\History, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\USERS\OWNER\APPDATA\LOCALLOW\MYWEBSEARCH, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.IoloSC, C:\PROGRAM FILES\IOLO\SYSTEM CHECKUP, Quarantined, [2119], [349237],1.0.3122
PUP.Optional.IoloSC, C:\PROGRAMDATA\IOLO\SCU, Quarantined, [2119], [349238],1.0.3122
File: 69
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Data\avatar.dat, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Data\zbucks.dat, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Installr\Cache\01646F9A.exe, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Installr\Cache\files.ini, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\0209CA2B.urr, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.FunWebProducts, C:\Users\Owner\AppData\LocalLow\FunWebProducts\Shared\0203ECD8.dat, Quarantined, [6385], [177357],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\avatar.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\bgfader.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\common-x.css, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\common.css, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\ext_def.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\index.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\loader.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\loading.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\logo.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\max_def.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\max_roll.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\min_def.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\min_roll.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\noflash.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\res_def.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\res_roll.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\spacer.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\spacer.swf, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\topgrad.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\000349AC.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\0011B2EA, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\005DA545.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\005DA63E.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\005DA6EA.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\005DA832, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\00FBDCEB.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\00FBDF0D, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\0175AA0B.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\0175AC6C.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\0175AFA6.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\0175B496.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\0175B947.bin, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\01982AB0, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\951619D6, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\History\search3, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\ask_logo.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\center.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\index.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mid_dots.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mws_logo.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\protect.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shocked.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\stop.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systray.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systrayp.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\tp_grad.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\warn.gif, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.MyWebSearch, C:\Users\Owner\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat, Quarantined, [2072], [178642],1.0.3122
PUP.Optional.IoloSC, C:\Program Files\iolo\System Checkup\SystemCheckup.exe, Quarantined, [2119], [349237],1.0.3122
PUP.Optional.IoloSC, C:\Program Files\iolo\System Checkup\uninstscu.exe, Quarantined, [2119], [349237],1.0.3122
PUP.Optional.IoloSC, C:\ProgramData\iolo\SCU\config.dll, Quarantined, [2119], [349238],1.0.3122
PUP.Optional.IoloSC, C:\ProgramData\iolo\SCU\fileinfo.dll, Quarantined, [2119], [349238],1.0.3122
PUP.Optional.IoloSC, C:\USERS\OWNER\DESKTOP\SYSTEM CHECKUP.LNK, Quarantined, [2119], [349239],1.0.3122
Generic.Malware/Suspicious, C:\USERS\OWNER\DOCUMENTS\REPORT.ZIP, Quarantined, [0], [392686],1.0.3122
Physical Sector: 0
(No malicious items detected)

(end)

on to adwcleaner
 
# AdwCleaner 7.0.4.0 - Logfile created on Sun Oct 29 12:49:04 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows Vista (TM) Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Users\Owner\AppData\Local\AOL Toolbar
Deleted: C:\Users\Owner\AppData\LocalLow\comcasttb

***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\FocusInteractive
Deleted: [Key] - HKLM\SOFTWARE\MetaStream
Deleted: [Key] - HKLM\SOFTWARE\Viewpoint
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Deleted: [Key] - HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com\VMP
Deleted: [Key] - HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\FunWebProducts
Deleted: [Key] - HKCU\Software\FunWebProducts
Deleted: [Key] - HKLM\SOFTWARE\Fun Web Products
Deleted: [Key] - HKLM\SOFTWARE\MyWebSearch
Deleted: [Key] - HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\MyWebSearch
Deleted: [Key] - HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\AppDataLow\Software\MyWebSearch
Deleted: [Key] - HKCU\Software\MyWebSearch
Deleted: [Key] - HKCU\Software\AppDataLow\Software\MyWebSearch
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

***** [ Firefox (and derivatives) ] *****
Plugin deleted: AOL Toolbar - AOL Inc.

***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [6914 B] - [2017/10/29 12:41:23]
C:/AdwCleaner/AdwCleaner[S1].txt - [6983 B] - [2017/10/29 12:47:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Owner (Administrator) on Sun 10/29/2017 at 9:00:10.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 40
Successfully deleted: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cz3fd5h.default\user.js (File)
Successfully deleted: C:\Program Files\Common Files\homepage protection (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02KTWXLR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NG55W70 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AJH8IZW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UV39RM6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR1D4M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GSFFYSU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8GJDEOD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP5OB3SE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQPXHNMP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7RGH7RV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O46GHXDT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4V3PAFX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGZEI2SP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMTALVAW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTAFBZ07 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCPSZD0I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT5SDGQ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXIWVFB1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YASJN9QQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02KTWXLR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NG55W70 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AJH8IZW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UV39RM6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3URR1D4M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GSFFYSU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8GJDEOD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP5OB3SE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQPXHNMP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7RGH7RV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O46GHXDT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4V3PAFX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGZEI2SP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMTALVAW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTAFBZ07 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCPSZD0I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT5SDGQ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXIWVFB1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YASJN9QQ (Temporary Internet Files Folder)
Deleted the following from C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cz3fd5h.default\prefs.js
user_pref(keyword.URL, hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=);
user_pref(plugin.blocklisted.npviewpoint, true);
Registry: 6
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/29/2017 at 9:11:43.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 17-10-17.01 - Owner 10/29/2017 18:59:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1122 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
.
.
((((((((((((((((((((((((( Files Created from 2017-09-28 to 2017-10-29 )))))))))))))))))))))))))))))))
.
.
2017-10-29 23:07 . 2017-10-29 23:07 -------- d-----w- c:\users\Owner\AppData\Local\temp
2017-10-29 23:07 . 2017-10-29 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-29 12:35 . 2017-10-29 12:49 -------- d-----w- C:\AdwCleaner
2017-10-29 03:13 . 2017-10-04 17:15 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-10-29 03:13 . 2017-10-29 03:13 -------- d-----w- c:\programdata\Malwarebytes
2017-10-29 03:13 . 2017-10-29 03:13 -------- d-----w- c:\program files\Malwarebytes
2017-10-29 02:02 . 2017-10-29 02:02 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-29 02:01 . 2017-10-29 03:05 -------- d-----w- c:\programdata\RogueKiller
2017-10-29 02:01 . 2017-10-29 02:01 -------- d-----w- c:\program files\RogueKiller
2017-10-29 01:55 . 2009-04-30 11:57 434271 ----a-w- c:\program files\Uninstall Fun Web Products.dll
2017-10-29 00:29 . 2017-10-29 00:31 -------- d-----w- C:\FRST
2017-10-14 07:33 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2017-10-14 07:33 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-10-14 07:31 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2017-10-14 07:31 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2017-10-14 07:31 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll
2017-10-14 07:31 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2017-10-14 07:30 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll
2017-10-14 07:30 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll
2017-10-14 07:29 . 2016-01-30 03:07 802304 ----a-w- c:\windows\system32\advapi32.dll
2017-10-14 07:29 . 2016-01-30 03:09 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2017-10-14 07:29 . 2016-01-30 03:09 1316864 ----a-w- c:\windows\system32\ole32.dll
2017-10-14 07:29 . 2016-01-30 03:07 49664 ----a-w- c:\windows\system32\csrsrv.dll
2017-10-14 07:29 . 2016-01-30 01:24 64000 ----a-w- c:\windows\system32\smss.exe
2017-10-14 07:29 . 2016-02-01 17:21 1208776 ----a-w- c:\windows\system32\ntdll.dll
2017-10-14 07:29 . 2016-01-30 03:15 3609024 ----a-w- c:\windows\system32\ntkrnlpa.exe
2017-10-14 07:29 . 2016-01-30 03:15 3556800 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-10-14 07:28 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-10-14 07:27 . 2015-06-17 16:50 2264576 ----a-w- c:\windows\system32\msi.dll
2017-10-14 07:27 . 2015-06-17 15:09 73216 ----a-w- c:\windows\system32\msiexec.exe
2017-10-14 07:24 . 2015-12-05 17:03 506880 ----a-w- c:\windows\system32\qedit.dll
2017-10-14 07:24 . 2015-12-05 17:02 64000 ----a-w- c:\windows\system32\devenum.dll
2017-10-14 07:24 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll
2017-10-14 07:23 . 2015-11-06 17:05 627712 ----a-w- c:\windows\system32\user32.dll
2017-10-14 07:23 . 2015-11-06 16:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2017-10-14 07:23 . 2015-11-06 16:32 189952 ----a-w- c:\windows\system32\d3d10core.dll
2017-10-14 07:23 . 2015-11-06 16:32 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2017-10-14 07:23 . 2015-11-06 16:32 1029120 ----a-w- c:\windows\system32\d3d10.dll
2017-10-14 07:23 . 2015-11-06 15:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2017-10-14 07:23 . 2015-11-06 15:26 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2017-10-14 07:23 . 2015-11-06 15:20 682496 ----a-w- c:\windows\system32\d2d1.dll
2017-10-14 07:23 . 2015-11-06 15:20 1073152 ----a-w- c:\windows\system32\DWrite.dll
2017-10-14 07:23 . 2015-11-06 15:19 802304 ----a-w- c:\windows\system32\FntCache.dll
2017-10-14 07:23 . 2016-01-07 15:21 2068480 ----a-w- c:\windows\system32\win32k.sys
2017-10-14 07:22 . 2015-11-13 16:56 66560 ----a-w- c:\windows\system32\mapistub.dll
2017-10-14 07:22 . 2015-11-13 15:27 13824 ----a-w- c:\windows\system32\fixmapi.exe
2017-10-14 07:22 . 2015-10-13 14:31 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-10-14 07:22 . 2015-10-13 14:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2017-10-14 07:21 . 2016-01-09 17:06 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2017-10-14 07:21 . 2016-01-09 17:06 672768 ----a-w- c:\program files\Windows Journal\InkSeg.dll
2017-10-14 07:21 . 2016-01-09 17:06 1220608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2017-10-14 07:21 . 2016-01-09 17:06 985600 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2017-10-14 07:21 . 2016-01-09 17:06 967680 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2017-10-14 07:21 . 2016-01-09 15:31 1850880 ----a-w- c:\program files\Windows Journal\Journal.exe
2017-10-14 07:20 . 2015-11-02 17:04 179200 ----a-w- c:\windows\system32\els.dll
2017-10-14 07:20 . 2015-09-01 16:00 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2017-10-14 07:20 . 2015-09-01 16:00 115200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2017-10-14 07:13 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll
2017-10-14 07:11 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll
2017-10-14 07:10 . 2015-11-05 07:26 2048 ----a-w- c:\windows\system32\tzres.dll
2017-10-14 07:10 . 2015-05-31 08:11 225792 ----a-w- c:\windows\system32\cewmdm.dll
2017-10-14 07:06 . 2015-12-05 17:02 298496 ----a-w- c:\windows\system32\gdi32.dll
2017-10-14 07:05 . 2016-01-07 15:18 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2017-10-14 07:05 . 2015-10-10 16:02 526272 ----a-w- c:\windows\system32\drivers\ndis.sys
2017-10-14 07:05 . 2015-07-01 15:57 199680 ----a-w- c:\windows\system32\WebClnt.dll
2017-10-14 07:05 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe
2017-10-14 07:05 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe
2017-10-14 07:05 . 2015-11-10 17:03 1208832 ----a-w- c:\windows\system32\comsvcs.dll
2017-10-14 07:05 . 2015-11-10 17:03 488448 ----a-w- c:\windows\system32\catsrvut.dll
2017-10-14 07:02 . 2015-11-05 07:34 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2017-10-14 07:02 . 2016-01-09 17:06 501760 ----a-w- c:\windows\system32\kerberos.dll
2017-10-14 07:01 . 2015-09-26 16:04 206336 ----a-w- c:\windows\system32\ncrypt.dll
2017-10-14 07:01 . 2015-06-27 16:02 218112 ----a-w- c:\windows\system32\msv1_0.dll
2017-10-14 07:01 . 2015-06-27 14:21 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-10-14 07:01 . 2015-06-27 14:21 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-10-14 07:01 . 2015-01-09 00:17 107008 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-10-14 07:01 . 2015-09-26 16:05 281600 ----a-w- c:\windows\system32\schannel.dll
2017-10-14 07:01 . 2015-09-26 13:21 274432 ----a-w- c:\windows\system32\bcrypt.dll
2017-10-14 07:01 . 2015-09-22 13:11 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-10-13 21:59 . 2017-10-13 21:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C3550C2-9B61-4E81-9A90-561706C3CC60}\offreg.968.dll
2017-10-13 21:46 . 2017-10-13 21:46 11285920 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C3550C2-9B61-4E81-9A90-561706C3CC60}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-10-29 00:31 . 2012-10-11 17:34 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-10-29 00:31 . 2011-06-26 18:52 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HostManager"="c:\program files\Common Files\AOL\1241352817\ee\AOLSoftware.exe" [2010-03-08 41800]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Snsicon.lnk - c:\slideshw\Snsicon.exe [2010-7-21 33280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe /Q [2008-11-18 323584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-03 09:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 20:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 22:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-08 00:25 4853760 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-10-13 23:25 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=toolbar
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cz3fd5h.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AOL Toolbar - c:\program files\AOL Toolbar\uninstall.exe
AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe
AddRemove-Homepage Protection - c:\program files\Common Files\Homepage Protection\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-10-29 19:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2017-10-29 19:09:10
ComboFix-quarantined-files.txt 2017-10-29 23:09
.
Pre-Run: 8,696,143,872 bytes free
Post-Run: 9,026,203,648 bytes free
.
- - End Of File - - D3B21C5218A3462EFD799122CC64919B
6FC6F9186C07BCA94E140F63BFE6E9B4
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2017
Ran by Owner (administrator) on OWNER-PC (29-10-2017 21:09:32)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AOL Inc.) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Sprint Spectrum, L.L.C) C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1241352817\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [ddoctorv2] => C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [202560 2008-04-24] (SupportSoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\32-bit Second Nature.scr [132608 1998-08-12] (Panasonic)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forget Me Not.lnk [2008-11-18]
ShortcutTarget: Forget Me Not.lnk -> C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Multimedia Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-09-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-07-26]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snsicon.lnk [2010-07-21]
ShortcutTarget: Snsicon.lnk -> C:\SLIDESHW\Snsicon.exe (Second Nature Software, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-125872590-1481980480-1854466539-1003] => :0
AutoConfigURL: [S-1-5-21-125872590-1481980480-1854466539-1003] => :0
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D68943E1-646B-43AE-9F15-85D946CCF8F4}: [DhcpNameServer] 68.87.66.234 68.87.64.230
Tcpip\..\Interfaces\{EDEA49A3-65C5-4B60-8A0C-88D530E5D8CC}: [DhcpNameServer] 192.168.254.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.comcast.net/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/?ncid=toolbar
URLSearchHook: HKLM - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll No File
URLSearchHook: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll No File
SearchScopes: HKLM -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKLM -> ComcastSearch URL = hxxp://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> DefaultScope ComcastSearch URL = hxxp://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> ComcastSearch URL = hxxp://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll => No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03] (Egis Incorporated.)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cz3fd5h.default [2017-10-29]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4cz3fd5h.default -> AOL Search
FF Homepage: Mozilla\Firefox\Profiles\4cz3fd5h.default -> hxxp://www.aol.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-06] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\aolsearch.xml [2014-02-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-28] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-13] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-10-29]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-16]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-16]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR crx: C:\Program Files\Google\Chrome\Application\43.0.2357.132\default_apps\search.crx [2015-07-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-28] (Adobe Systems Incorporated) [File not signed]
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SPCSUtilityService; C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe [131072 2007-08-29] (Sprint Spectrum, L.L.C) [File not signed]
R2 sprtsvc_ddoctorv2; C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-02-09] (NewTech Infosystems, Inc.) [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [24456 2007-08-10] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-10-28] ()
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-29 19:09 - 2017-10-29 19:09 - 000016171 _____ C:\ComboFix.txt
2017-10-29 18:57 - 2011-06-26 02:45 - 000256000 _____ C:\Windows\PEV.exe
2017-10-29 18:57 - 2010-11-07 13:20 - 000208896 _____ C:\Windows\MBR.exe
2017-10-29 18:57 - 2009-04-20 00:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-10-29 18:57 - 2000-08-30 20:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-10-29 18:57 - 2000-08-30 20:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-10-29 18:57 - 2000-08-30 20:00 - 000098816 _____ C:\Windows\sed.exe
2017-10-29 18:57 - 2000-08-30 20:00 - 000080412 _____ C:\Windows\grep.exe
2017-10-29 18:57 - 2000-08-30 20:00 - 000068096 _____ C:\Windows\zip.exe
2017-10-29 18:56 - 2017-10-29 19:09 - 000000000 ____D C:\Qoobox
2017-10-29 18:56 - 2017-10-29 19:08 - 000000000 ____D C:\Windows\erdnt
2017-10-29 18:54 - 2017-10-29 18:54 - 005660403 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2017-10-29 09:11 - 2017-10-29 09:11 - 000008078 _____ C:\Users\Owner\Desktop\JRT.txt
2017-10-29 08:56 - 2017-10-29 08:56 - 001790024 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
2017-10-29 08:36 - 2017-10-29 08:36 - 008261584 _____ (Malwarebytes) C:\Users\Owner\Desktop\adwcleaner_7.0.4.0.exe
2017-10-29 08:35 - 2017-10-29 08:49 - 000000000 ____D C:\AdwCleaner
2017-10-29 08:34 - 2017-10-29 08:34 - 008250832 _____ (Malwarebytes) C:\Users\Owner\Desktop\AdwCleaner.exe
2017-10-29 08:24 - 2017-10-29 08:24 - 000014386 _____ C:\Users\Owner\Desktop\Malwarebytes.txt
2017-10-28 23:13 - 2017-10-28 23:13 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-28 23:13 - 2017-10-28 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-28 23:13 - 2017-10-28 23:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-28 23:13 - 2017-10-28 23:13 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-28 23:13 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-10-28 23:07 - 2017-10-28 23:09 - 071535032 _____ (Malwarebytes ) C:\Users\Owner\Desktop\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-28 22:02 - 2017-10-28 22:02 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-10-28 22:01 - 2017-10-28 23:05 - 000000000 ____D C:\ProgramData\RogueKiller
2017-10-28 22:01 - 2017-10-28 22:01 - 000000808 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-10-28 22:01 - 2017-10-28 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-10-28 22:01 - 2017-10-28 22:01 - 000000000 ____D C:\Program Files\RogueKiller
2017-10-28 21:58 - 2017-10-28 21:59 - 036096368 _____ (Adlice Software ) C:\Users\Owner\Desktop\RogueKiller_setup_ref3.exe
2017-10-28 21:55 - 2009-04-30 07:57 - 000434271 _____ (MyWebSearch.com) C:\Program Files\Uninstall Fun Web Products.dll
2017-10-28 20:31 - 2017-10-28 20:31 - 000038009 _____ C:\Users\Owner\Desktop\Addition.txt
2017-10-28 20:29 - 2017-10-29 21:09 - 000014818 _____ C:\Users\Owner\Desktop\FRST.txt
2017-10-28 20:29 - 2017-10-29 21:09 - 000000000 ____D C:\FRST
2017-10-28 20:29 - 2017-10-28 20:29 - 000000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2017-10-28 20:28 - 2017-10-28 20:29 - 001799680 _____ (Farbar) C:\Users\Owner\Desktop\frst.exe
2017-10-14 03:33 - 2015-08-13 10:15 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-14 03:33 - 2015-08-13 10:15 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-14 03:32 - 2016-01-29 23:09 - 000429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2017-10-14 03:32 - 2016-01-29 23:09 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2017-10-14 03:32 - 2016-01-29 23:09 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2017-10-14 03:32 - 2016-01-29 23:09 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2017-10-14 03:32 - 2016-01-29 23:09 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2017-10-14 03:32 - 2016-01-29 23:09 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2017-10-14 03:32 - 2016-01-29 23:08 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2017-10-14 03:32 - 2016-01-29 23:08 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2017-10-14 03:32 - 2016-01-29 23:08 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2017-10-14 03:32 - 2016-01-29 23:08 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2017-10-14 03:32 - 2016-01-29 21:32 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2017-10-14 03:31 - 2015-07-21 12:07 - 000140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2017-10-14 03:31 - 2015-07-21 12:07 - 000056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-10-14 03:31 - 2015-07-21 12:03 - 000564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2017-10-14 03:31 - 2015-07-21 12:03 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-10-14 03:30 - 2015-09-02 17:26 - 001402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-10-14 03:30 - 2015-09-02 17:26 - 001253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-10-14 03:29 - 2016-02-01 13:21 - 001208776 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-14 03:29 - 2016-01-29 23:15 - 003609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-10-14 03:29 - 2016-01-29 23:15 - 003556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-14 03:29 - 2016-01-29 23:09 - 001316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-10-14 03:29 - 2016-01-29 23:09 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-14 03:29 - 2016-01-29 23:08 - 000894976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-14 03:29 - 2016-01-29 23:07 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-14 03:29 - 2016-01-29 23:07 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-14 03:29 - 2016-01-29 21:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-14 03:28 - 2015-07-31 15:27 - 000103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-10-14 03:27 - 2015-06-17 12:50 - 002264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-10-14 03:27 - 2015-06-17 11:09 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-10-14 03:25 - 2015-12-05 13:03 - 002873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-14 03:25 - 2015-12-05 13:03 - 001567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 001377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 001326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-10-14 03:25 - 2015-12-05 13:03 - 001114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-10-14 03:25 - 2015-12-05 13:03 - 000767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-10-14 03:25 - 2015-12-05 13:03 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-10-14 03:25 - 2015-12-05 13:03 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-10-14 03:25 - 2015-12-05 13:02 - 000853504 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2017-10-14 03:25 - 2015-12-05 13:02 - 000613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-10-14 03:25 - 2015-12-05 13:02 - 000391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-10-14 03:25 - 2015-12-05 13:02 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-10-14 03:25 - 2015-12-05 13:02 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-10-14 03:25 - 2015-12-05 13:02 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-10-14 03:25 - 2015-12-05 12:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2017-10-14 03:24 - 2015-12-05 13:03 - 000506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-10-14 03:24 - 2015-12-05 13:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-10-14 03:24 - 2015-07-10 15:37 - 002067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-10-14 03:23 - 2016-01-07 11:21 - 002068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-14 03:23 - 2015-11-06 13:05 - 000627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-10-14 03:23 - 2015-11-06 12:32 - 001029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-10-14 03:23 - 2015-11-06 12:32 - 000219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-10-14 03:23 - 2015-11-06 12:32 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-10-14 03:23 - 2015-11-06 12:32 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-10-14 03:23 - 2015-11-06 11:27 - 001172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-10-14 03:23 - 2015-11-06 11:26 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-10-14 03:23 - 2015-11-06 11:20 - 001073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-10-14 03:23 - 2015-11-06 11:20 - 000682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-10-14 03:23 - 2015-11-06 11:19 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-10-14 03:22 - 2015-11-13 12:56 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-10-14 03:22 - 2015-11-13 12:56 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-10-14 03:22 - 2015-11-13 11:27 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-10-14 03:22 - 2015-10-13 10:31 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-10-14 03:22 - 2015-10-13 10:31 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-10-14 03:20 - 2015-11-02 13:04 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-10-14 03:13 - 2015-07-18 12:03 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-10-14 03:12 - 2015-09-02 17:26 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-10-14 03:12 - 2015-09-02 15:54 - 000297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-14 03:12 - 2015-07-18 09:14 - 000011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-14 03:11 - 2015-08-05 11:59 - 000602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-10-14 03:11 - 2015-07-28 20:46 - 011588096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-10-14 03:10 - 2015-11-05 03:26 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-10-14 03:10 - 2015-05-31 04:11 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2017-10-14 03:06 - 2015-12-05 13:02 - 000298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-14 03:05 - 2016-01-07 11:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-10-14 03:05 - 2015-11-10 13:03 - 001208832 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-10-14 03:05 - 2015-11-10 13:03 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-10-14 03:05 - 2015-10-10 12:02 - 000526272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-10-14 03:05 - 2015-07-09 10:25 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-10-14 03:05 - 2015-07-09 10:25 - 000151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-10-14 03:05 - 2015-07-01 11:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-10-14 03:02 - 2016-01-09 13:06 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-14 03:02 - 2015-11-05 03:34 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-10-14 03:01 - 2015-09-26 12:05 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-14 03:01 - 2015-09-26 12:04 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-14 03:01 - 2015-09-26 09:21 - 000274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-14 03:01 - 2015-09-22 09:11 - 000440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-14 03:01 - 2015-06-27 12:02 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-14 03:01 - 2015-06-27 10:21 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-14 03:01 - 2015-06-27 10:21 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-14 03:01 - 2015-01-08 20:17 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-13 13:48 - 2016-01-25 00:59 - 001815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-13 13:48 - 2016-01-25 00:57 - 012391424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-13 13:48 - 2016-01-25 00:55 - 000367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-13 13:48 - 2016-01-25 00:54 - 009753600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-13 13:48 - 2016-01-25 00:54 - 001140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-13 13:48 - 2016-01-25 00:53 - 001129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 001804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 001427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-13 13:48 - 2016-01-25 00:52 - 000718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 000607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-10-13 13:48 - 2016-01-25 00:52 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-13 13:48 - 2016-01-25 00:52 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 002382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-13 13:48 - 2016-01-25 00:51 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-10-13 13:48 - 2016-01-25 00:51 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-10-13 13:48 - 2016-01-25 00:51 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-10-13 10:41 - 2017-10-13 10:42 - 072822184 _____ (Oath Inc.) C:\Users\Owner\Downloads\Install_AOL_Desktop.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-29 20:51 - 2006-11-02 08:47 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-29 20:51 - 2006-11-02 08:47 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-29 19:07 - 2006-11-02 06:23 - 000000215 _____ C:\Windows\system.ini
2017-10-29 19:06 - 2006-11-02 07:18 - 000000000 ___SD C:\Windows\Downloaded Program Files
2017-10-29 08:57 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\inf
2017-10-29 08:57 - 2006-11-02 06:33 - 000826598 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-29 08:51 - 2006-11-02 09:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-29 08:49 - 2006-11-02 09:01 - 000032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-29 08:36 - 2013-07-11 08:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-29 08:18 - 2013-10-13 19:08 - 000000000 ____D C:\ProgramData\iolo
2017-10-29 08:18 - 2013-10-13 19:08 - 000000000 ____D C:\Program Files\iolo
2017-10-28 21:55 - 2008-10-20 19:29 - 000000000 ____D C:\Program Files\MSN Messenger
2017-10-28 20:31 - 2012-10-11 13:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-10-28 20:31 - 2011-06-26 14:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-10-28 20:31 - 2008-02-09 01:38 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-28 20:21 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\rescache
2017-10-15 13:14 - 2009-04-27 19:54 - 000000000 ____D C:\Users\Owner\AppData\Local\Deployment
2017-10-15 12:31 - 2006-11-02 08:47 - 000403120 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-15 12:29 - 2008-02-09 01:37 - 000000000 ____D C:\Windows\system32\RTCOM
2017-10-15 12:29 - 2006-11-02 08:37 - 000000000 ____D C:\Windows\system32\XPSViewer
2017-10-15 12:29 - 2006-11-02 08:37 - 000000000 ____D C:\Program Files\Windows Journal
2017-10-15 12:29 - 2006-11-02 08:37 - 000000000 ____D C:\Program Files\Windows Collaboration
2017-10-14 03:20 - 2013-08-15 03:10 - 000000000 ____D C:\Windows\system32\MRT
2017-10-14 03:14 - 2006-11-02 06:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-10-13 19:27 - 2013-12-16 16:45 - 000001949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-13 19:27 - 2013-12-16 16:45 - 000001937 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2017-10-28 21:55 - 2009-04-30 07:57 - 000434271 _____ (MyWebSearch.com) C:\Program Files\Uninstall Fun Web Products.dll
2008-07-13 21:54 - 2013-03-16 10:04 - 000013312 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-10 20:08 - 2008-09-10 21:49 - 000001127 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-29 09:15
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Owner (29-10-2017 21:10:20)
Running from C:\Users\Owner\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-03-04 15:04:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-125872590-1481980480-1854466539-500 - Administrator - Disabled)
Guest (S-1-5-21-125872590-1481980480-1854466539-501 - Limited - Disabled)
Owner (S-1-5-21-125872590-1481980480-1854466539-1003 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2004 Mahjongg (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\2004 Mahjongg) (Version: 1.0.0.0 - eGames)
3100_3200_3300_Help (HKLM\...\{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
3100_3200_3300trb (HKLM\...\{E0A43EF2-46A5-4de2-916A-C515D8AA1618}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
3300 (HKLM\...\{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Acer Assist (HKLM\...\Acer Assist) (Version: - Acer Incorporated)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.69.110 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.31.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
American Greetings® CreataCard® Platinum 5 (HKLM\...\American Greetings CreataCard 5.0) (Version: - )
AOL Mail and AIM Gadget (HKLM\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)
AOL Toolbar (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\AOL Toolbar) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Brain Block's Arcade Mah Jongg Gold 1.23 (HKLM\...\Brain Block's Arcade Mah Jongg Gold_is1) (Version: - Brain Block Interactive)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
BufferChm (HKLM\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Championship Mah Jongg (HKLM\...\Championship Mah Jongg) (Version: - )
Copy (HKLM\...\{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast)
Destinations (HKLM\...\{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DIGOpt (HKLM\...\{4F1CECBC-670F-4DAA-81D6-944B12450917}) (Version: 9.0.0917.2 - Your Company Name) Hidden
DocProc (HKLM\...\{49F2B650-2D7B-4F59-B33D-346F63776BD3}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (HKLM\...\{87E2B986-07E8-477a-93DC-AF0B6758B192}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (HKLM\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GearDrvs (HKLM\...\{206FD69B-F9FE-4164-81BD-D52552BC9C23}) (Version: 5.0.0.2 - Symantec Corporation) Hidden
GearDrvs (HKLM\...\{CB84F0F2-927B-458D-9DC5-87832E3DC653}) (Version: 1.00.0000 - GEAR Software) Hidden
getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{818ABC3C-635C-4651-8183-D0E9640B7DD1}) (Version: 5.002.001.004 - Hewlett-Packard)
HPProductAssistant (HKLM\...\{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (HKLM\...\{CE386A4E-D0DA-4208-8235-BCE43275C694}) (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Mahjongg Empire (HKLM\...\Mahjongg Empire) (Version: - )
Mahjongg Jr. (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Jr.) (Version: 1.0.0.0 - eGames)
Mahjongg Master 4 (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master 4) (Version: 1.0.0.0 - eGames)
Mahjongg Master 5 (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master 5) (Version: 1.0.0.0 - eGames)
Mahjongg Master Egyptian Edition (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master Egyptian Edition) (Version: 1.0.0.0 - eGames)
Mahjongg Patience (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Patience) (Version: 1.0.0.0 - eGames)
Mahjongg Tiles of Time Lite (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Tiles of Time Lite) (Version: 1.0.0.0 - eGames)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM\...\{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}) (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version: - )
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSN Messenger 7.0 (HKLM\...\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}) (Version: 7.0.0820 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI Shadow (HKLM\...\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.35 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.35 - NewTech Infosystems)
Photo Organizer (HKLM\...\Photo Organizer 1.8) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3704d.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.21.0 - Adlice Software)
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Scan (HKLM\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Second Nature - Reefs to Rainforests by Charles Lynn Bragg (HKLM\...\Second Nature - Reefs to Rainforests by Charles Lynn Bragg) (Version: - )
SolutionCenter (HKLM\...\{A36CD345-625C-4d6c-B3E2-76E1248CB451}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sprint Mobile Broadband (Sierra) (HKLM\...\{6DCBB845-0FA4-4723-A40A-1F320C221C30}) (Version: 3.05.004 - Sierra Wireless)
Status (HKLM\...\{978C25EE-5777-46e4-8988-732C297CBDBD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (HKLM\...\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Toolbox (HKLM\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{FF075778-6E50-47ed-991D-3B07FD4E3250}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Twilight Mahjongg v4e.2c.7 (HKLM\...\Twilight Mahjongg_is1) (Version: - )
Ultimate Mahjongg (HKLM\...\Ultimate Mahjongg) (Version: - )
Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - )
UnloadSupport (HKLM\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (HKLM\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Worlds Best Mahjongg Games (HKLM\...\{92B0DD85-4CAC-4F7D-96A6-5D6FAAFC942D}) (Version: 1.00.0000 - Valusoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{0D7FDC12-4366-3687-B4C4-93C84983BEB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{368CB9E8-3035-3AA5-B0D1-50FE1C930319}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{4431F57E-8B58-387E-AC60-6DD3E7850CD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{60E1979E-326D-3D30-A96C-C6ADCDD2AF66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{634C733B-EABF-3922-BA49-5CB3927D480C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{BB048B39-D3CB-37BF-A746-068C9F9FF26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-01-03] (Egis Incorporated.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-01-03] (Egis Incorporated.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2007-08-20] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15E53C83-93C7-4598-8770-E8B1878D7ADF} - System32\Tasks\Acer\Acer Assist\New Message Check - Owner => C:\Program Files\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)
Task: {37485A59-0EA7-4FE4-846B-A99FD708F9BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
Task: {6AD53F7B-8BF4-437D-B5E0-5B7CEBEAC655} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-28] (Adobe Systems Incorporated)
Task: {7CEA54CD-9966-4353-B0A2-A815EB3E8E88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2008-03-04 11:17 - 2007-11-27 22:54 - 000110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-03-04 11:17 - 2007-11-27 19:08 - 000032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-03-04 11:15 - 2007-02-13 10:26 - 000016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-03-04 11:15 - 2007-02-13 10:26 - 000016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-04 11:16 - 2007-12-19 22:09 - 000024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-03-04 11:16 - 2007-12-19 22:09 - 000118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-03-04 11:16 - 2007-12-19 22:08 - 000032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 000397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 000475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 06:23 - 2017-10-29 19:07 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{08CB69C8-3D97-4F65-9B42-C547236DAF8E}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{48A1EC39-0507-4A76-AF52-FDD026045F0D}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{8246BFCF-3896-4D43-9EB8-BA4C798A1F1C}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{B1C022B9-E78C-4956-A5BF-CB5C78B6CFF3}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{A340BE6B-D897-4BD1-8EE6-B483FA162563}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{0F8D350C-7262-4C29-ADB9-DA07F145F843}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{F79AB403-30CA-4562-99EE-AA4A5F20C754}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{072F0B8A-4338-4BD5-8C19-AB49A468599A}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{5B34CE2F-18DE-4ECC-9666-002DA863572A}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{EDBB2721-F160-4D78-AB67-E6213435D071}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{53A913FF-CBDD-45C1-B5FE-1A2E0FF99D4B}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{21EBA145-6B20-4874-87FC-4ECF81D17D43}] => (Allow) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
FirewallRules: [{59E3C47F-357A-493A-9940-39111FB7EAC8}] => (Allow) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
FirewallRules: [{1AF7BC53-44B8-483E-8B3B-1047FD57568D}] => (Allow) C:\Program Files\AOL 9.1\waol.exe
FirewallRules: [{2D2B84F8-9CE4-49E4-AF80-579A38AF8ED3}] => (Allow) C:\Program Files\AOL 9.1\waol.exe
FirewallRules: [{88EE403C-CB7C-4544-8895-49CDD36DA042}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{CE375E87-EE45-427D-AAE3-2DA9961D602D}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4473A02D-7333-4D05-ACEE-CB6A07BADE97}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe
FirewallRules: [{14FA81A4-D5A2-4932-9302-2F428AA5D446}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe
FirewallRules: [{098B1DC6-4001-4E1B-A550-57F57DF8FCE3}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe
FirewallRules: [{B2C43393-30DE-4973-9668-F7ACFA9E75FC}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe
FirewallRules: [{AF5D5E36-2B32-482F-9E67-3B3BCAD0792F}] => (Allow) LPort=80
FirewallRules: [{B08349D2-6E29-4F5F-BB69-8FA426CD88B3}] => (Allow) LPort=80
FirewallRules: [{C6C635D8-31E0-4DFC-975D-4CBD652FBBB3}] => (Allow) LPort=80
FirewallRules: [{95CE2D57-17F7-41CD-AC7F-65FEDCD6FFCC}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{76DC43A8-EA7A-4EAE-A856-927F367B7073}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{CDF0D6B0-4660-44FB-B3D0-F1B2F783A111}] => (Allow) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{D19DB3F2-69C3-4B36-8EB8-750F5E718FF5}] => (Allow) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{B24CFA4B-7121-4EE0-8113-833DB8D855B4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C0A900E8-B272-4DD8-A9DA-8B32FE5AE0E0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
14-10-2017 03:00:57 Windows Update
15-10-2017 13:24:30 Windows Update
28-10-2017 19:57:26 Windows Update
29-10-2017 09:00:20 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: isatap.{6C88932B-58B5-4BAD-8C2E-9C2A0C52264D}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================
Application errors:
==================
Error: (10/29/2017 08:51:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/29/2017 08:22:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/28/2017 11:02:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/28/2017 07:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99, faulting module HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99, exception code 0xc0000005, fault offset 0x000099b1,
process id 0x724, application start time 0x01d350462f8098b0.
Error: (10/28/2017 07:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/15/2017 01:28:44 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/15/2017 01:28:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
Error: (10/15/2017 12:32:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/15/2017 12:29:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/14/2017 03:27:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

System errors:
=============
Error: (10/29/2017 07:07:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 07:03:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 06:59:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 06:58:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly. It has done this 1 time(s).
Error: (10/29/2017 08:54:05 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{EDEA49A3-65C5-4B60-8A0C-88D530E5D8CC}.
The backup browser is stopping.
Error: (10/29/2017 08:51:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (10/29/2017 08:48:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ePower Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The eSettings Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The eRecovery Service service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2013-06-30 02:54:25.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:24.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:55.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.786
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.372
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 54%
Total physical RAM: 2037.68 MB
Available physical RAM: 924.09 MB
Total Virtual: 4322.64 MB
Available Virtual: 2342.75 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:51.01 GB) (Free:8.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:51.01 GB) (Free:40.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: D392C44F)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.6 KB · Views: 1
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Owner (29-10-2017 21:10:20)
Running from C:\Users\Owner\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-03-04 15:04:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-125872590-1481980480-1854466539-500 - Administrator - Disabled)
Guest (S-1-5-21-125872590-1481980480-1854466539-501 - Limited - Disabled)
Owner (S-1-5-21-125872590-1481980480-1854466539-1003 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2004 Mahjongg (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\2004 Mahjongg) (Version: 1.0.0.0 - eGames)
3100_3200_3300_Help (HKLM\...\{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
3100_3200_3300trb (HKLM\...\{E0A43EF2-46A5-4de2-916A-C515D8AA1618}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
3300 (HKLM\...\{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Acer Assist (HKLM\...\Acer Assist) (Version: - Acer Incorporated)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.69.110 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.31.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
American Greetings® CreataCard® Platinum 5 (HKLM\...\American Greetings CreataCard 5.0) (Version: - )
AOL Mail and AIM Gadget (HKLM\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)
AOL Toolbar (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\AOL Toolbar) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Brain Block's Arcade Mah Jongg Gold 1.23 (HKLM\...\Brain Block's Arcade Mah Jongg Gold_is1) (Version: - Brain Block Interactive)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
BufferChm (HKLM\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Championship Mah Jongg (HKLM\...\Championship Mah Jongg) (Version: - )
Copy (HKLM\...\{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast)
Destinations (HKLM\...\{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DIGOpt (HKLM\...\{4F1CECBC-670F-4DAA-81D6-944B12450917}) (Version: 9.0.0917.2 - Your Company Name) Hidden
DocProc (HKLM\...\{49F2B650-2D7B-4F59-B33D-346F63776BD3}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (HKLM\...\{87E2B986-07E8-477a-93DC-AF0B6758B192}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (HKLM\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GearDrvs (HKLM\...\{206FD69B-F9FE-4164-81BD-D52552BC9C23}) (Version: 5.0.0.2 - Symantec Corporation) Hidden
GearDrvs (HKLM\...\{CB84F0F2-927B-458D-9DC5-87832E3DC653}) (Version: 1.00.0000 - GEAR Software) Hidden
getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{818ABC3C-635C-4651-8183-D0E9640B7DD1}) (Version: 5.002.001.004 - Hewlett-Packard)
HPProductAssistant (HKLM\...\{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (HKLM\...\{CE386A4E-D0DA-4208-8235-BCE43275C694}) (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Mahjongg Empire (HKLM\...\Mahjongg Empire) (Version: - )
Mahjongg Jr. (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Jr.) (Version: 1.0.0.0 - eGames)
Mahjongg Master 4 (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master 4) (Version: 1.0.0.0 - eGames)
Mahjongg Master 5 (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master 5) (Version: 1.0.0.0 - eGames)
Mahjongg Master Egyptian Edition (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master Egyptian Edition) (Version: 1.0.0.0 - eGames)
Mahjongg Patience (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Patience) (Version: 1.0.0.0 - eGames)
Mahjongg Tiles of Time Lite (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Tiles of Time Lite) (Version: 1.0.0.0 - eGames)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM\...\{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}) (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version: - )
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSN Messenger 7.0 (HKLM\...\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}) (Version: 7.0.0820 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI Shadow (HKLM\...\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.35 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.35 - NewTech Infosystems)
Photo Organizer (HKLM\...\Photo Organizer 1.8) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3704d.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.21.0 - Adlice Software)
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Scan (HKLM\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Second Nature - Reefs to Rainforests by Charles Lynn Bragg (HKLM\...\Second Nature - Reefs to Rainforests by Charles Lynn Bragg) (Version: - )
SolutionCenter (HKLM\...\{A36CD345-625C-4d6c-B3E2-76E1248CB451}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sprint Mobile Broadband (Sierra) (HKLM\...\{6DCBB845-0FA4-4723-A40A-1F320C221C30}) (Version: 3.05.004 - Sierra Wireless)
Status (HKLM\...\{978C25EE-5777-46e4-8988-732C297CBDBD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (HKLM\...\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Toolbox (HKLM\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{FF075778-6E50-47ed-991D-3B07FD4E3250}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Twilight Mahjongg v4e.2c.7 (HKLM\...\Twilight Mahjongg_is1) (Version: - )
Ultimate Mahjongg (HKLM\...\Ultimate Mahjongg) (Version: - )
Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - )
UnloadSupport (HKLM\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (HKLM\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Worlds Best Mahjongg Games (HKLM\...\{92B0DD85-4CAC-4F7D-96A6-5D6FAAFC942D}) (Version: 1.00.0000 - Valusoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{0D7FDC12-4366-3687-B4C4-93C84983BEB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{368CB9E8-3035-3AA5-B0D1-50FE1C930319}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{4431F57E-8B58-387E-AC60-6DD3E7850CD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{60E1979E-326D-3D30-A96C-C6ADCDD2AF66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{634C733B-EABF-3922-BA49-5CB3927D480C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{BB048B39-D3CB-37BF-A746-068C9F9FF26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-01-03] (Egis Incorporated.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-01-03] (Egis Incorporated.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2007-08-20] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15E53C83-93C7-4598-8770-E8B1878D7ADF} - System32\Tasks\Acer\Acer Assist\New Message Check - Owner => C:\Program Files\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)
Task: {37485A59-0EA7-4FE4-846B-A99FD708F9BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
Task: {6AD53F7B-8BF4-437D-B5E0-5B7CEBEAC655} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-28] (Adobe Systems Incorporated)
Task: {7CEA54CD-9966-4353-B0A2-A815EB3E8E88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2008-03-04 11:17 - 2007-11-27 22:54 - 000110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-03-04 11:17 - 2007-11-27 19:08 - 000032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-03-04 11:15 - 2007-02-13 10:26 - 000016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-03-04 11:15 - 2007-02-13 10:26 - 000016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-04 11:16 - 2007-12-19 22:09 - 000024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-03-04 11:16 - 2007-12-19 22:09 - 000118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-03-04 11:16 - 2007-12-19 22:08 - 000032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 000397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 000475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 06:23 - 2017-10-29 19:07 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{08CB69C8-3D97-4F65-9B42-C547236DAF8E}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{48A1EC39-0507-4A76-AF52-FDD026045F0D}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{8246BFCF-3896-4D43-9EB8-BA4C798A1F1C}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{B1C022B9-E78C-4956-A5BF-CB5C78B6CFF3}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{A340BE6B-D897-4BD1-8EE6-B483FA162563}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{0F8D350C-7262-4C29-ADB9-DA07F145F843}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{F79AB403-30CA-4562-99EE-AA4A5F20C754}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{072F0B8A-4338-4BD5-8C19-AB49A468599A}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{5B34CE2F-18DE-4ECC-9666-002DA863572A}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{EDBB2721-F160-4D78-AB67-E6213435D071}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{53A913FF-CBDD-45C1-B5FE-1A2E0FF99D4B}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{21EBA145-6B20-4874-87FC-4ECF81D17D43}] => (Allow) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
FirewallRules: [{59E3C47F-357A-493A-9940-39111FB7EAC8}] => (Allow) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
FirewallRules: [{1AF7BC53-44B8-483E-8B3B-1047FD57568D}] => (Allow) C:\Program Files\AOL 9.1\waol.exe
FirewallRules: [{2D2B84F8-9CE4-49E4-AF80-579A38AF8ED3}] => (Allow) C:\Program Files\AOL 9.1\waol.exe
FirewallRules: [{88EE403C-CB7C-4544-8895-49CDD36DA042}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{CE375E87-EE45-427D-AAE3-2DA9961D602D}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4473A02D-7333-4D05-ACEE-CB6A07BADE97}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe
FirewallRules: [{14FA81A4-D5A2-4932-9302-2F428AA5D446}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe
FirewallRules: [{098B1DC6-4001-4E1B-A550-57F57DF8FCE3}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe
FirewallRules: [{B2C43393-30DE-4973-9668-F7ACFA9E75FC}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe
FirewallRules: [{AF5D5E36-2B32-482F-9E67-3B3BCAD0792F}] => (Allow) LPort=80
FirewallRules: [{B08349D2-6E29-4F5F-BB69-8FA426CD88B3}] => (Allow) LPort=80
FirewallRules: [{C6C635D8-31E0-4DFC-975D-4CBD652FBBB3}] => (Allow) LPort=80
FirewallRules: [{95CE2D57-17F7-41CD-AC7F-65FEDCD6FFCC}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{76DC43A8-EA7A-4EAE-A856-927F367B7073}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{CDF0D6B0-4660-44FB-B3D0-F1B2F783A111}] => (Allow) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{D19DB3F2-69C3-4B36-8EB8-750F5E718FF5}] => (Allow) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{B24CFA4B-7121-4EE0-8113-833DB8D855B4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C0A900E8-B272-4DD8-A9DA-8B32FE5AE0E0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
14-10-2017 03:00:57 Windows Update
15-10-2017 13:24:30 Windows Update
28-10-2017 19:57:26 Windows Update
29-10-2017 09:00:20 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: isatap.{6C88932B-58B5-4BAD-8C2E-9C2A0C52264D}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================
Application errors:
==================
Error: (10/29/2017 08:51:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/29/2017 08:22:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/28/2017 11:02:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/28/2017 07:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99, faulting module HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99, exception code 0xc0000005, fault offset 0x000099b1,
process id 0x724, application start time 0x01d350462f8098b0.
Error: (10/28/2017 07:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/15/2017 01:28:44 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/15/2017 01:28:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
Error: (10/15/2017 12:32:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/15/2017 12:29:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/14/2017 03:27:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

System errors:
=============
Error: (10/29/2017 07:07:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 07:03:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 06:59:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 06:58:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly. It has done this 1 time(s).
Error: (10/29/2017 08:54:05 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{EDEA49A3-65C5-4B60-8A0C-88D530E5D8CC}.
The backup browser is stopping.
Error: (10/29/2017 08:51:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (10/29/2017 08:48:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ePower Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The eSettings Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The eRecovery Service service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2013-06-30 02:54:25.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:24.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:55.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.786
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.372
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 54%
Total physical RAM: 2037.68 MB
Available physical RAM: 924.09 MB
Total Virtual: 4322.64 MB
Available Virtual: 2342.75 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:51.01 GB) (Free:8.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:51.01 GB) (Free:40.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: D392C44F)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Owner (30-10-2017 20:09:42)
Running from C:\Users\Owner\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-03-04 15:04:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-125872590-1481980480-1854466539-500 - Administrator - Disabled)
Guest (S-1-5-21-125872590-1481980480-1854466539-501 - Limited - Disabled)
Owner (S-1-5-21-125872590-1481980480-1854466539-1003 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2004 Mahjongg (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\2004 Mahjongg) (Version: 1.0.0.0 - eGames)
3100_3200_3300_Help (HKLM\...\{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
3100_3200_3300trb (HKLM\...\{E0A43EF2-46A5-4de2-916A-C515D8AA1618}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
3300 (HKLM\...\{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Acer Assist (HKLM\...\Acer Assist) (Version: - Acer Incorporated)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.69.110 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.31.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
American Greetings® CreataCard® Platinum 5 (HKLM\...\American Greetings CreataCard 5.0) (Version: - )
AOL Mail and AIM Gadget (HKLM\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)
AOL Toolbar (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\AOL Toolbar) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Brain Block's Arcade Mah Jongg Gold 1.23 (HKLM\...\Brain Block's Arcade Mah Jongg Gold_is1) (Version: - Brain Block Interactive)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
BufferChm (HKLM\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Championship Mah Jongg (HKLM\...\Championship Mah Jongg) (Version: - )
Copy (HKLM\...\{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast)
Destinations (HKLM\...\{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DIGOpt (HKLM\...\{4F1CECBC-670F-4DAA-81D6-944B12450917}) (Version: 9.0.0917.2 - Your Company Name) Hidden
DocProc (HKLM\...\{49F2B650-2D7B-4F59-B33D-346F63776BD3}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (HKLM\...\{87E2B986-07E8-477a-93DC-AF0B6758B192}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (HKLM\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GearDrvs (HKLM\...\{206FD69B-F9FE-4164-81BD-D52552BC9C23}) (Version: 5.0.0.2 - Symantec Corporation) Hidden
GearDrvs (HKLM\...\{CB84F0F2-927B-458D-9DC5-87832E3DC653}) (Version: 1.00.0000 - GEAR Software) Hidden
getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{818ABC3C-635C-4651-8183-D0E9640B7DD1}) (Version: 5.002.001.004 - Hewlett-Packard)
HPProductAssistant (HKLM\...\{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (HKLM\...\{CE386A4E-D0DA-4208-8235-BCE43275C694}) (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Mahjongg Empire (HKLM\...\Mahjongg Empire) (Version: - )
Mahjongg Jr. (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Jr.) (Version: 1.0.0.0 - eGames)
Mahjongg Master 4 (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master 4) (Version: 1.0.0.0 - eGames)
Mahjongg Master 5 (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master 5) (Version: 1.0.0.0 - eGames)
Mahjongg Master Egyptian Edition (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Master Egyptian Edition) (Version: 1.0.0.0 - eGames)
Mahjongg Patience (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Patience) (Version: 1.0.0.0 - eGames)
Mahjongg Tiles of Time Lite (HKU\S-1-5-21-125872590-1481980480-1854466539-1003\...\Mahjongg Tiles of Time Lite) (Version: 1.0.0.0 - eGames)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM\...\{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}) (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version: - )
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSN Messenger 7.0 (HKLM\...\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}) (Version: 7.0.0820 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI Shadow (HKLM\...\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.35 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.35 - NewTech Infosystems)
Photo Organizer (HKLM\...\Photo Organizer 1.8) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3704d.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.21.0 - Adlice Software)
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Scan (HKLM\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Second Nature - Reefs to Rainforests by Charles Lynn Bragg (HKLM\...\Second Nature - Reefs to Rainforests by Charles Lynn Bragg) (Version: - )
SolutionCenter (HKLM\...\{A36CD345-625C-4d6c-B3E2-76E1248CB451}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sprint Mobile Broadband (Sierra) (HKLM\...\{6DCBB845-0FA4-4723-A40A-1F320C221C30}) (Version: 3.05.004 - Sierra Wireless)
Status (HKLM\...\{978C25EE-5777-46e4-8988-732C297CBDBD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (HKLM\...\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Toolbox (HKLM\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{FF075778-6E50-47ed-991D-3B07FD4E3250}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Twilight Mahjongg v4e.2c.7 (HKLM\...\Twilight Mahjongg_is1) (Version: - )
Ultimate Mahjongg (HKLM\...\Ultimate Mahjongg) (Version: - )
Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - )
UnloadSupport (HKLM\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (HKLM\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Worlds Best Mahjongg Games (HKLM\...\{92B0DD85-4CAC-4F7D-96A6-5D6FAAFC942D}) (Version: 1.00.0000 - Valusoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{0D7FDC12-4366-3687-B4C4-93C84983BEB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{368CB9E8-3035-3AA5-B0D1-50FE1C930319}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{4431F57E-8B58-387E-AC60-6DD3E7850CD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{60E1979E-326D-3D30-A96C-C6ADCDD2AF66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{634C733B-EABF-3922-BA49-5CB3927D480C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-125872590-1481980480-1854466539-1003_Classes\CLSID\{BB048B39-D3CB-37BF-A746-068C9F9FF26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-01-03] (Egis Incorporated.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-01-03] (Egis Incorporated.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2007-08-20] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15E53C83-93C7-4598-8770-E8B1878D7ADF} - System32\Tasks\Acer\Acer Assist\New Message Check - Owner => C:\Program Files\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)
Task: {37485A59-0EA7-4FE4-846B-A99FD708F9BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
Task: {6AD53F7B-8BF4-437D-B5E0-5B7CEBEAC655} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-28] (Adobe Systems Incorporated)
Task: {7CEA54CD-9966-4353-B0A2-A815EB3E8E88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2008-03-04 11:17 - 2007-11-27 22:54 - 000110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-03-04 11:17 - 2007-11-27 19:08 - 000032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-03-04 11:15 - 2007-02-13 10:26 - 000016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-03-04 11:15 - 2007-02-13 10:26 - 000016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-04 11:16 - 2007-12-19 22:09 - 000024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-03-04 11:16 - 2007-12-19 22:09 - 000118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-03-04 11:16 - 2007-12-19 22:08 - 000032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 000397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 000475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 06:23 - 2017-10-29 19:07 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{08CB69C8-3D97-4F65-9B42-C547236DAF8E}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{48A1EC39-0507-4A76-AF52-FDD026045F0D}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{8246BFCF-3896-4D43-9EB8-BA4C798A1F1C}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{B1C022B9-E78C-4956-A5BF-CB5C78B6CFF3}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{A340BE6B-D897-4BD1-8EE6-B483FA162563}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{0F8D350C-7262-4C29-ADB9-DA07F145F843}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{F79AB403-30CA-4562-99EE-AA4A5F20C754}] => (Allow) C:\Program Files\MSN Messenger\msnmsgr.exe
FirewallRules: [{072F0B8A-4338-4BD5-8C19-AB49A468599A}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{5B34CE2F-18DE-4ECC-9666-002DA863572A}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{EDBB2721-F160-4D78-AB67-E6213435D071}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{53A913FF-CBDD-45C1-B5FE-1A2E0FF99D4B}] => (Allow) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{21EBA145-6B20-4874-87FC-4ECF81D17D43}] => (Allow) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
FirewallRules: [{59E3C47F-357A-493A-9940-39111FB7EAC8}] => (Allow) C:\Program Files\Common Files\aol\1241352817\ee\aolsoftware.exe
FirewallRules: [{1AF7BC53-44B8-483E-8B3B-1047FD57568D}] => (Allow) C:\Program Files\AOL 9.1\waol.exe
FirewallRules: [{2D2B84F8-9CE4-49E4-AF80-579A38AF8ED3}] => (Allow) C:\Program Files\AOL 9.1\waol.exe
FirewallRules: [{88EE403C-CB7C-4544-8895-49CDD36DA042}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{CE375E87-EE45-427D-AAE3-2DA9961D602D}] => (Allow) C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4473A02D-7333-4D05-ACEE-CB6A07BADE97}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe
FirewallRules: [{14FA81A4-D5A2-4932-9302-2F428AA5D446}] => (Allow) C:\Program Files\Common Files\aol\Loader\aolload.exe
FirewallRules: [{098B1DC6-4001-4E1B-A550-57F57DF8FCE3}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe
FirewallRules: [{B2C43393-30DE-4973-9668-F7ACFA9E75FC}] => (Allow) C:\Program Files\Common Files\aol\System Information\sinf.exe
FirewallRules: [{AF5D5E36-2B32-482F-9E67-3B3BCAD0792F}] => (Allow) LPort=80
FirewallRules: [{B08349D2-6E29-4F5F-BB69-8FA426CD88B3}] => (Allow) LPort=80
FirewallRules: [{C6C635D8-31E0-4DFC-975D-4CBD652FBBB3}] => (Allow) LPort=80
FirewallRules: [{95CE2D57-17F7-41CD-AC7F-65FEDCD6FFCC}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{76DC43A8-EA7A-4EAE-A856-927F367B7073}] => (Allow) C:\Program Files\AOL Desktop 9.7\waol.exe
FirewallRules: [{CDF0D6B0-4660-44FB-B3D0-F1B2F783A111}] => (Allow) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{D19DB3F2-69C3-4B36-8EB8-750F5E718FF5}] => (Allow) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{B24CFA4B-7121-4EE0-8113-833DB8D855B4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C0A900E8-B272-4DD8-A9DA-8B32FE5AE0E0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
14-10-2017 03:00:57 Windows Update
15-10-2017 13:24:30 Windows Update
28-10-2017 19:57:26 Windows Update
29-10-2017 09:00:20 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: isatap.{6C88932B-58B5-4BAD-8C2E-9C2A0C52264D}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================
Application errors:
==================
Error: (10/29/2017 08:51:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/29/2017 08:22:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/28/2017 11:02:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/28/2017 07:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99, faulting module HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99, exception code 0xc0000005, fault offset 0x000099b1,
process id 0x724, application start time 0x01d350462f8098b0.
Error: (10/28/2017 07:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/15/2017 01:28:44 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/15/2017 01:28:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
Error: (10/15/2017 12:32:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/15/2017 12:29:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/14/2017 03:27:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

System errors:
=============
Error: (10/29/2017 07:07:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 07:03:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 06:59:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/29/2017 06:58:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly. It has done this 1 time(s).
Error: (10/29/2017 08:54:05 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{EDEA49A3-65C5-4B60-8A0C-88D530E5D8CC}.
The backup browser is stopping.
Error: (10/29/2017 08:51:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (10/29/2017 08:48:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ePower Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The eSettings Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/29/2017 08:48:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The eRecovery Service service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2013-06-30 02:54:25.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:25.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-06-30 02:54:24.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:55.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.786
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.372
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-16 10:24:54.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 34%
Total physical RAM: 2037.68 MB
Available physical RAM: 1338.45 MB
Total Virtual: 4322.64 MB
Available Virtual: 2607.94 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:51.01 GB) (Free:8.43 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:51.01 GB) (Free:40.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: D392C44F)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Owner (30-10-2017 20:13:10) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
URLSearchHook: HKLM - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll No File
URLSearchHook: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll No File
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll => No File
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKU\S-1-5-21-125872590-1481980480-1854466539-1003 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
2017-10-28 21:55 - 2009-04-30 07:57 - 000434271 _____ (MyWebSearch.com) C:\Program Files\Uninstall Fun Web Products.dll
2008-07-13 21:54 - 2013-03-16 10:04 - 000013312 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-10 20:08 - 2008-09-10 21:49 - 000001127 _____ () C:\ProgramData\hpzinstall.log
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value removed successfully.
HKLM\Software\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => key removed successfully.
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2} => key removed successfully.
HKLM\Software\Classes\CLSID\{3ef64538-8b54-4573-b48f-4d34b0238ab2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value removed successfully.
HKLM\Software\Classes\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => key removed successfully.
HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value removed successfully.
HKLM\Software\Classes\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => key not found.
HKLM\System\CurrentControlSet\Services\AppMgmt => key removed successfully.
AppMgmt => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
catchme => service removed successfully.
HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully.
IpInIp => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully.
NwlnkFlt => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully.
NwlnkFwd => service removed successfully.
HKLM\System\CurrentControlSet\Services\SymIMMP => key removed successfully.
SymIMMP => service removed successfully.
HKLM\System\CurrentControlSet\Services\mbr => key removed successfully.
mbr => service removed successfully.
C:\Program Files\Uninstall Fun Web Products.dll => moved successfully
C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
==== End of Fixlog 20:13:17 ====
 
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 27.0.0.183
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 22.0 Firefox out of Date!
Google Chrome (43.0.2357.132)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Empowering Technology eSettings Service capuserv.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Malwarebytes Anti-Malware mbamtray.exe
windows defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
2017-11-01 01:11:09.711 Sophos Virus Removal Tool version 2.6.1
2017-11-01 01:11:09.711 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.
2017-11-01 01:11:09.711 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2017-11-01 01:11:09.711 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
2017-11-01 01:11:09.711 Checking for updates...
2017-11-01 01:11:13.580 Update progress: proxy server not available
2017-11-01 01:11:37.745 Option all = no
2017-11-01 01:11:37.745 Option recurse = yes
2017-11-01 01:11:37.745 Option archive = no
2017-11-01 01:11:37.745 Option service = yes
2017-11-01 01:11:37.745 Option confirm = yes
2017-11-01 01:11:37.745 Option sxl = yes
2017-11-01 01:11:37.745 Option max-data-age = 35
2017-11-01 01:11:37.745 Option vdl-logging = yes
2017-11-01 01:11:37.838 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-11-01 01:11:37.838 Machine ID: 183c5679a8f0486d802d3098d9f305d4
2017-11-01 01:11:37.869 Component SVRTcli.exe version 2.6.1
2017-11-01 01:11:37.869 Component control.dll version 2.6.1
2017-11-01 01:11:37.869 Component SVRTservice.exe version 2.6.1
2017-11-01 01:11:37.869 Component engine\osdp.dll version 1.44.1.2286
2017-11-01 01:11:37.869 Component engine\veex.dll version 3.68.6.2286
2017-11-01 01:11:37.869 Component engine\savi.dll version 9.0.7.2286
2017-11-01 01:11:37.901 Component rkdisk.dll version 1.5.31.1
2017-11-01 01:11:37.901 Version info: Product version 2.6.1
2017-11-01 01:11:37.901 Version info: Detection engine 3.68.6
2017-11-01 01:11:37.901 Version info: Detection data 5.44
2017-11-01 01:11:37.901 Version info: Build date 9/19/2017
2017-11-01 01:11:37.901 Version info: Data files added 325
2017-11-01 01:11:37.901 Version info: Last successful update (not yet updated)
2017-11-01 01:11:41.426 Downloading updates...
2017-11-01 01:11:41.442 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-11-01 01:11:41.442 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-01 01:11:41.442 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-01 01:11:41.442 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-11-01 01:11:41.442 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I49502] sdds.data0910.xml: found supplement IDE545 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-11-01 01:11:41.442 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE545 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE545 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I49502] sdds.data0910.xml: found supplement IDE546 LATEST path= baseVersion= [included from product IDE545 LATEST path=]
2017-11-01 01:11:41.442 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE546 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE546 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product IDE546 LATEST path=]
2017-11-01 01:11:41.442 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2017-11-01 01:11:41.442 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2017-11-01 01:11:41.442 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-01 01:11:42.378 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-11-01 01:11:42.378 Update progress: [I19463] Product download size 174235198 bytes
2017-11-01 01:11:47.838 Update progress: [I19463] Syncing product IDE545 LATEST path=
2017-11-01 01:11:47.838 Update progress: [I19463] Product download size 2585002 bytes
2017-11-01 01:11:49.491 Update progress: [I19463] Syncing product IDE546 LATEST path=
2017-11-01 01:11:49.491 Update progress: [I19463] Product download size 3107277 bytes
2017-11-01 01:11:53.625 Update progress: [I19463] Syncing product IDE547 LATEST path=
2017-11-01 01:11:53.625 Update progress: [I19463] Syncing product IDE548 LATEST path=
2017-11-01 01:11:53.797 Installing updates...
2017-11-01 01:11:55.575 Error level 1
2017-11-01 01:13:07.039 Update successful
2017-11-01 01:13:34.635 Option all = no
2017-11-01 01:13:34.635 Option recurse = yes
2017-11-01 01:13:34.635 Option archive = no
2017-11-01 01:13:34.635 Option service = yes
2017-11-01 01:13:34.635 Option confirm = yes
2017-11-01 01:13:34.635 Option sxl = yes
2017-11-01 01:13:34.635 Option max-data-age = 35
2017-11-01 01:13:34.635 Option vdl-logging = yes
2017-11-01 01:13:34.635 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-11-01 01:13:34.635 Machine ID: 183c5679a8f0486d802d3098d9f305d4
2017-11-01 01:13:34.635 Component SVRTcli.exe version 2.6.1
2017-11-01 01:13:34.635 Component control.dll version 2.6.1
2017-11-01 01:13:34.635 Component SVRTservice.exe version 2.6.1
2017-11-01 01:13:34.635 Component engine\osdp.dll version 1.44.1.2286
2017-11-01 01:13:34.635 Component engine\veex.dll version 3.68.6.2286
2017-11-01 01:13:34.635 Component engine\savi.dll version 9.0.7.2286
2017-11-01 01:13:34.635 Component rkdisk.dll version 1.5.31.1
2017-11-01 01:13:34.651 Version info: Product version 2.6.1
2017-11-01 01:13:34.651 Version info: Detection engine 3.68.6
2017-11-01 01:13:34.651 Version info: Detection data 5.44
2017-11-01 01:13:34.651 Version info: Build date 9/19/2017
2017-11-01 01:13:34.651 Version info: Data files added 325
2017-11-01 01:13:34.651 Version info: Last successful update 10/31/2017 9:13:07 PM
2017-11-01 01:26:38.847 Could not open C:\hiberfil.sys
2017-11-01 01:27:03.074 Could not open C:\pagefile.sys
2017-11-01 01:39:58.753 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-01 01:39:58.753 Could not open C:\System Volume Information\{c3042d3c-bca7-11e7-a995-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-01 01:39:58.753 Could not open C:\System Volume Information\{e09786cd-be9b-11e7-a54a-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-01 01:42:36.984 >>> Virus 'Troj/Wonton-CR' found in file C:\Users\Owner\Documents\report\id783048894.pdf.exe
2017-11-01 01:42:36.984 >>> Virus 'Troj/Wonton-CR' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-11-01 01:42:36.999 >>> Virus 'Troj/Wonton-CR' found in file HKU\S-1-5-21-125872590-1481980480-1854466539-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-11-01 01:42:36.999 >>> Virus 'Troj/Wonton-CR' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-11-01 01:52:05.136 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-11-01 01:52:05.136 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-11-01 01:52:13.404 Could not open C:\Windows\System32\config\components
2017-11-01 01:52:13.497 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2017-11-01 01:52:13.497 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-11-01 01:52:13.497 Could not open C:\Windows\System32\config\RegBack\SAM
2017-11-01 01:52:13.497 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-11-01 01:52:13.497 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-11-01 01:52:13.497 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-11-01 02:25:30.063 Could not open LOGICAL:0004:00000000
2017-11-01 02:25:30.079 Could not open E:\
2017-11-01 02:25:30.422 The following items will be cleaned up:
2017-11-01 02:25:30.422 Troj/Wonton-CR
 
Sorry, missed that

Farbar Service Scanner Version: 27-01-2016
Ran by Owner (administrator) on 31-10-2017 at 20:21:31
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
804
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back