1. #1

    Suspected security problens

    I was sent to you from the Sysnative Windows Update Forum. Aura suspects I may have security problems in my Win 8.1 files.

    Toots

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
    Ran by Beth (2015-08-09 12:10:22)
    Running from C:\Users\Beth\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3999622879-2960241565-339156489-500 - Administrator - Disabled)
    Beth (S-1-5-21-3999622879-2960241565-339156489-1002 - Administrator - Enabled) => C:\Users\Beth
    Guest (S-1-5-21-3999622879-2960241565-339156489-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3999622879-2960241565-339156489-1007 - Limited - Enabled)
    UpdatusUser (S-1-5-21-3999622879-2960241565-339156489-1005 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adolix Outlook Express Backup v3.1 (HKLM-x32\...\AdolixOEBackup_is1) (Version: - Adolix)
    AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - WebSite-Watcher - Software to check websites for updates and changes (web page monitoring))
    AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version: - AOMEI Technology Co., Ltd.)
    AOMEI Partition Assistant Pro Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version: - AOMEI Technology Co., Ltd.)
    Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
    bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
    Bubble Shooter v3.07 (HKLM-x32\...\BShooter3_is1) (Version: - )
    Casper 8.0 (HKLM\...\{6A58EB2E-5883-4515-910D-699C4396797B}) (Version: 8.0.4422 - Future Systems Solutions, Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
    Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
    Cool Timer 3.3 (HKLM-x32\...\Cool Timer_is1) (Version: - )
    CPUID CPU-Z 1.66 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CutThePrice (HKLM-x32\...\{A2C98B47-B5F4-94AA-281D-4135416774CF}) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
    Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
    Dropbox (HKU\S-1-5-21-3999622879-2960241565-339156489-1002\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
    DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
    EaseUS Partition Master 9.2.1 Professional (HKLM-x32\...\EaseUS Partition Master Professional Edition_is1) (Version: - EaseUS)
    EaseUS Todo Backup Home 8.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd)
    Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.3.1.518 - Foxit Software Company)
    jv16 PowerTools 2014 (HKLM-x32\...\jv16 PowerTools 2014) (Version: - Macecraft Software)
    Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
    Kodi (HKU\S-1-5-21-3999622879-2960241565-339156489-1002\...\Kodi) (Version: - XBMC-Foundation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
    NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version: - )
    NVIDIA 3D Vision Controller Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    OE Classic 2.31 (HKLM-x32\...\OEClassic) (Version: 2.31 - OE Classic)
    ONES (E) (HKLM-x32\...\ONES(E)) (Version: - )
    Outlook Express 6 (HKLM-x32\...\Outlook Express 6) (Version: - )
    Password Recovery Bundle 2014 (HKLM-x32\...\Password Recovery Bundle 2014_is1) (Version: - Top Password Software, Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
    SIW Pro Edition (GOTD) (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2015.01.08 - Topala Software Solutions)
    SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
    Soft Organizer version 3.51 (HKLM-x32\...\Soft Organizer_is1) (Version: 3.51 - ChemTable Software)
    Spell Check Anywhere (HKLM-x32\...\Spell Check Anywhere6.0) (Version: 6.0 - TG Enterprises, Inc.)
    TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2015-03-22 14:31 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A45B319-8172-4DC4-9F20-F20EC7B2BC9A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {14B169CC-2650-4D74-B351-B9E2E818A285} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-02-13] (Dll-FIles.Com)
    Task: {1BA979AF-0B22-422F-8CA6-E29CFAD7D0E0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
    Task: {269ECCBD-42F6-40B5-AD10-D2FAF6F0EA1D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
    Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    Task: {3180945C-AB20-4BA3-91F9-9FED03C873D9} - System32\Tasks\{E184B7B1-0CAF-436A-81B9-17DBC139E499} => pcalua.exe -a "C:\Program Files (x86)\jv16 PowerTools 2005\jv16PT.exe" -d C:\Users\Beth\Desktop
    Task: {364372AD-0D00-4962-85BC-8CF23B545058} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-02-13] (Dll-FIles.Com)
    Task: {50B9DEEC-1620-4267-BFE6-ABCC4D50FCA9} - System32\Tasks\Startoe => C:\Program Files (x86)\startoe.exe
    Task: {5C0B3AF7-EE1A-489F-B69A-9F3F85BA3645} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => E:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [2014-04-29] (Future Systems Solutions, Inc.)
    Task: {66B908AF-00A7-4569-8B3F-57EECE8472ED} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3999622879-2960241565-339156489-1002Core => C:\Users\Beth\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
    Task: {7133EC3C-568A-492F-BCC9-45AE30DD787D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
    Task: {73BDE30D-21C1-49A0-839F-A0D053288144} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
    Task: {756BB8F0-A3D8-4120-A575-027314281289} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3999622879-2960241565-339156489-1002UA => C:\Users\Beth\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
    Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
    Task: {83C29121-083A-43F3-8A0C-E3DF22D398BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
    Task: {89752023-9D09-4175-8BC4-8FCC87806A5E} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
    Task: {A443857F-9656-4B03-904C-1689B35BD2C0} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
    Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
    Task: {AFF316F6-D66E-4D3B-9C35-03E1671824DA} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3999622879-2960241565-339156489-1002Core.job => C:\Users\Beth\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3999622879-2960241565-339156489-1002UA.job => C:\Users\Beth\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
    Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-12-25 14:24 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2013-10-24 14:49 - 2012-01-20 07:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
    2015-08-09 11:49 - 2015-08-09 11:49 - 00071168 _____ () c:\users\beth\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsnlryq.dll
    2015-07-30 07:37 - 2015-07-16 19:31 - 00012800 _____ () C:\Users\Beth\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-07-30 07:37 - 2015-07-16 19:31 - 00779776 _____ () C:\Users\Beth\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-07-30 07:37 - 2015-07-16 19:31 - 00056320 _____ () C:\Users\Beth\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-07-30 07:37 - 2015-07-16 19:31 - 00012288 _____ () C:\Users\Beth\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
    2006-11-16 19:23 - 2007-03-08 11:02 - 00053248 _____ () C:\Program Files (x86)\Spell Check Anywhere\saw_sca.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Beth\SkyDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3999622879-2960241565-339156489-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: Backupper Service => 2
    MSCONFIG\Services: caspereui => 2
    MSCONFIG\Services: casperhpb => 2
    MSCONFIG\Services: Everything => 2
    HKLM\...\StartupApproved\Run32: => "mcui_exe"
    HKLM\...\StartupApproved\Run32: => "EaseUs Watch"
    HKU\S-1-5-21-3999622879-2960241565-339156489-1002\...\StartupApproved\StartupFolder: => "Cool Timer.lnk"
    HKU\S-1-5-21-3999622879-2960241565-339156489-1002\...\StartupApproved\Run: => "Linkman"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{16BD78AD-DA13-463C-8F60-7E3D8F5865E0}] => (Allow) LPort=1900
    FirewallRules: [{491FDB69-E80E-4DE5-8A7F-5598FAF1D870}] => (Allow) LPort=2869
    FirewallRules: [{DC792B54-8C14-47F2-B2C7-90D552827CDC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{22C74DA4-2893-4B5E-9009-20D930D8601D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{076252EB-CE7A-422C-AF5C-EE157CF58DD5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{DA5695B9-9431-4384-8A1B-521AF93078CF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{E7EC13B4-3BF8-475F-A651-8BF8E786D5CB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{4FF314AB-9398-4FC8-B61C-E2D8D47D6BCB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{74446D5B-A843-4340-AB92-E5D90074E128}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{BCC2526A-064F-4F5A-97C0-79B687E89BED}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{9E94F713-2B7A-493F-B750-7CDA490F102F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{F5B7C231-B6AA-468A-A8BF-9FFF93763A7E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{93756C0D-CD99-4C2B-BEFD-6F7673A0DC5E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{55A96DC0-EEA1-4A93-BFEB-84A80F12EDB2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{7AA60ED0-5A5A-42A2-AFD2-54725B01777D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{ACDDDA56-0336-4CCF-8123-4573335131AC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{65B30817-FCF3-4243-B230-D501C5A00D98}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{B3E18EF3-D311-4A52-88D1-E22E65258DA4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{0808DB5D-778E-454B-A5FD-E5C6ED1DF341}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    FirewallRules: [{34C16436-C7C8-4255-B4B2-BB5BC6FA3751}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup Home 8.0\bin\TodoBackupService.exe
    FirewallRules: [{7520ACE3-925E-4C92-A0CD-90911E211F5F}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup Home 8.0\bin\TodoBackupService.exe
    FirewallRules: [{5FC63B13-980E-4580-A519-6B914E2CE46D}] => (Allow) C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.2\PxeUi.exe
    FirewallRules: [{079BC158-8B20-442F-BC1C-0FFE46F779C1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{EECF00CC-8645-44AB-8410-92DAA6380D65}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{E78B8524-5A6E-4A26-BD5A-728295287D09}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{5D5BA591-23C5-4CFA-9C72-C94E34BFC27E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{AF735262-34F5-4EE2-852E-BECC33ECEC14}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{4695CFCB-6223-4BA5-966E-188BF09DD09D}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup Home 8.2\bin\TodoBackupService.exe
    FirewallRules: [{9D676B3E-CFAA-4041-A07B-079720EBBD2C}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup Home 8.2\bin\TodoBackupService.exe
    FirewallRules: [{93E8E3A7-6F83-41E3-BF97-86F2B82A58CB}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{C9217A3A-740F-4B33-8AE2-0A5CB30552F5}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{69F34F68-7242-4D1D-A6EA-D3C85AEE4622}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{4A884EB5-6DB5-4112-B677-0D2FD3983DCB}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{59113C65-DE15-49F2-9CBD-5DB14EA66FE0}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{7DD6BD24-F07F-4B9E-A5EC-65D9F7865B33}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{352778DE-12AD-421B-863D-9D4E5580D5AC}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{6E90407A-222A-4EC6-B6CC-A1102A0161B6}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{15F85024-38EB-423F-BA0A-B7C284F148B3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{F96837A0-F810-45EB-A102-799662D9C1D4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{CCAD2966-F598-4DD1-95AC-3BB46E1E45D9}] => (Allow) C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{991BADA2-59C9-470F-B035-7205E282D152}] => (Allow) C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{3AFB9A7B-13CA-42F7-9DEC-D1E81DFF86BD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{08292E84-F603-4E15-8902-F58A096DE69A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{7D96A3FA-1B92-4AE4-9444-979B5ABE6DB4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [TCP Query User{CBDC6A67-3444-4EB5-8073-860951FD0BF0}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{7D2A4617-0400-44CF-B76F-D2EEF0EFA541}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
    FirewallRules: [TCP Query User{EEA22925-A1DA-443E-B74E-08545E3BEC02}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{AFD50A2C-0F35-4B1D-A734-CAFEF36F8140}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [{15DCD738-3E49-496F-B30B-72D391D009D5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{0C7D8EC6-2103-4FD9-BAE0-0A7945A707D6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{A77800EF-8534-4020-9F06-866F83FAB759}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{BF61808C-9281-4D23-9E20-40238F072DAC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/09/2015 11:50:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (08/08/2015 02:21:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (08/08/2015 02:16:35 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\Beth\AppData\Local\Temp\{4CC6A13B-986A-40B5-9DE5-112C09BDDA56}\setup.exe -runfromtemp -l0x0409 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" -tempdisk1folder:"C:\Users\Beth\AppData\Local\Temp\{4CC6A13B-986A-40B5-9DE5-112C09BDDA56}"; Description = Removed Dell Backup and Recovery; Error = 0x80070422).

    Error: (08/08/2015 02:14:32 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: HARRY)
    Description: Application or service 'Windows Explorer' could not be shut down.

    Error: (08/08/2015 01:51:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
    Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
    Exception code: 0x40000015
    Fault offset: 0x000000000004267f
    Faulting process id: 0x16f4
    Faulting application start time: 0xpcdrsysinfocsmi.p5x0
    Faulting application path: pcdrsysinfocsmi.p5x1
    Faulting module path: pcdrsysinfocsmi.p5x2
    Report Id: pcdrsysinfocsmi.p5x3
    Faulting package full name: pcdrsysinfocsmi.p5x4
    Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

    Error: (08/08/2015 12:36:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (08/08/2015 07:51:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (08/07/2015 04:22:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (08/07/2015 02:31:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
    Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
    Exception code: 0x40000015
    Fault offset: 0x000000000004267f
    Faulting process id: 0x10bc
    Faulting application start time: 0xpcdrsysinfocsmi.p5x0
    Faulting application path: pcdrsysinfocsmi.p5x1
    Faulting module path: pcdrsysinfocsmi.p5x2
    Report Id: pcdrsysinfocsmi.p5x3
    Faulting package full name: pcdrsysinfocsmi.p5x4
    Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

    Error: (08/07/2015 12:20:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.


    System errors:
    =============
    Error: (08/09/2015 11:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The EaseUS Agent Service service failed to start due to the following error:
    %%2

    Error: (08/09/2015 11:47:52 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \SystemRoot\SysWow64\Drivers\PzWDM.sys

    Error: (08/09/2015 11:48:09 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:39:12 PM on ‎8/‎8/‎2015 was unexpected.

    Error: (08/08/2015 02:19:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The EaseUS Agent Service service failed to start due to the following error:
    %%2

    Error: (08/08/2015 02:19:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \SystemRoot\SysWow64\Drivers\PzWDM.sys

    Error: (08/08/2015 02:14:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/08/2015 12:34:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The EaseUS Agent Service service failed to start due to the following error:
    %%2

    Error: (08/08/2015 12:33:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \SystemRoot\SysWow64\Drivers\PzWDM.sys

    Error: (08/08/2015 12:34:02 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:49:19 AM on ‎8/‎8/‎2015 was unexpected.

    Error: (08/08/2015 11:22:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Upgrade to Windows 10 Home.


    Microsoft Office:
    =========================
    Error: (08/09/2015 11:50:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The system cannot find the file specified.

    Error: (08/08/2015 02:21:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The system cannot find the file specified.

    Error: (08/08/2015 02:16:35 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Users\Beth\AppData\Local\Temp\{4CC6A13B-986A-40B5-9DE5-112C09BDDA56}\setup.exe -runfromtemp -l0x0409 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" -tempdisk1folder:"C:\Users\Beth\AppData\Local\Temp\{4CC6A13B-986A-40B5-9DE5-112C09BDDA56}"Removed Dell Backup and Recovery0x80070422

    Error: (08/08/2015 02:14:32 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: HARRY)
    Description: 1C:\Windows\explorer.exeWindows Explorer0411753200

    Error: (08/08/2015 01:51:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f16f401d0d20b44ed0dc7C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll84f588b0-3dfe-11e5-bfeb-bc855631c1c2

    Error: (08/08/2015 12:36:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The system cannot find the file specified.

    Error: (08/08/2015 07:51:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The system cannot find the file specified.

    Error: (08/07/2015 04:22:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The system cannot find the file specified.

    Error: (08/07/2015 02:31:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f10bc01d0d147a06cd382C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dlldfc14654-3d3a-11e5-bfe8-bc855631c1c2

    Error: (08/07/2015 12:20:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The system cannot find the file specified.


    CodeIntegrity:
    ===================================
    Date: 2015-08-08 15:10:00.380
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:10:00.177
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:09:59.989
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:09:59.802
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:09:59.599
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:09:59.411
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:09:59.208
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:09:59.020
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:09:58.817
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-08-08 15:09:58.630
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
    Percentage of memory in use: 13%
    Total physical RAM: 12248.95 MB
    Available physical RAM: 10576.3 MB
    Total Virtual: 14104.95 MB
    Available Virtual: 12267.86 MB

    ==================== Drives ================================

    Drive c: (WIN 8) (Fixed) (Total:75.43 GB) (Free:17.87 GB) NTFS
    Drive d: (APPL) (Fixed) (Total:97.85 GB) (Free:89.56 GB) NTFS
    Drive e: (Backup) (Fixed) (Total:201.98 GB) (Free:154.78 GB) NTFS
    Drive f: (Music) (Fixed) (Total:21.63 GB) (Free:20.32 GB) NTFS
    Drive g: (DVD) (Fixed) (Total:512.85 GB) (Free:447.67 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 0AB8D420)

    Partition: GPT Partition Type.

    Security Check

    Results of screen317's Security Check version 1.006
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Flash Player 18.0.0.209
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Windows Defender MpCmdRun.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,483

    Re: Suspected security problens

    Hi, Toots.

    The "bestadblocker" program installed is described as a "parasite" by ESET NOD32. It is also detected by Malwlarebytes as unwanted. I notice a lot of "leftovers" from "optimizer-type" programs that are no longer listed as installed programs. Tools of that nature tend to do more harm that good. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. Additionally, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

    1. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    Folder: C:\Program Files (x86)\Wise\Wise Care 365
    bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
    Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
    Folder: L:\Program Files (x86)\Glary Utilities 4
    Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
    Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    2. Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database, please wait a bit.
    • Click on the Scan button.
    • AdwCleaner will begin. Please be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    3. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Suspected security problens

    Quote Originally Posted by Corrine View Post
    Hi, Toots.

    The "bestadblocker" program installed is described as a "parasite" by ESET NOD32. It is also detected by Malwlarebytes as unwanted. I notice a lot of "leftovers" from "optimizer-type" programs that are no longer listed as installed programs. Tools of that nature tend to do more harm that good. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. Additionally, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

    1. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.

    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    Folder: C:\Program Files (x86)\Wise\Wise Care 365
    bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
    Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
    Folder: L:\Program Files (x86)\Glary Utilities 4
    Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
    Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.



    2. Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database, please wait a bit.
    • Click on the Scan button.
    • AdwCleaner will begin. Please be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    3. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Corrrine

    Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
    Ran by Beth (2015-08-10 10:39:19) Run:1
    Running from E:\Backup\FRST64
    Loaded Profiles: Beth & UpdatusUser (Available Profiles: Beth & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    Folder: C:\Program Files (x86)\Wise\Wise Care 365
    bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
    Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
    Folder: L:\Program Files (x86)\Glary Utilities 4
    Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
    Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    EmptyTemp:
    end
    *****************

    Error: (0) Failed to create a restore point.
    Processes closed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD4B10D-8476-4878-B018-6C42837D5A07}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD4B10D-8476-4878-B018-6C42837D5A07}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Wise Turbo Checker => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Turbo Checker" => key removed successfully

    ========================= Folder: C:\Program Files (x86)\Wise\Wise Care 365 ========================

    folder not found
    bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78D851A4-D78C-4C1B-85C8-296A33EE194D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78D851A4-D78C-4C1B-85C8-296A33EE194D}" => key removed successfully
    C:\WINDOWS\System32\Tasks\GU4SkipUAC => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU4SkipUAC" => key removed successfully

    ========================= Folder: L:\Program Files (x86)\Glary Utilities 4 ========================

    folder not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADB26B13-0C89-4738-93EE-156F0670B008}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADB26B13-0C89-4738-93EE-156F0670B008}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Wise Care 365 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Care 365" => key removed successfully
    C:\WINDOWS\Tasks\Wise Turbo Checker.job => moved successfully.
    EmptyTemp: => 569.7 MB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 10:40:05 ====
    Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
    Ran by Beth (2015-08-10 10:39:19) Run:1
    Running from E:\Backup\FRST64
    Loaded Profiles: Beth & UpdatusUser (Available Profiles: Beth & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    Folder: C:\Program Files (x86)\Wise\Wise Care 365
    bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
    Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
    Folder: L:\Program Files (x86)\Glary Utilities 4
    Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
    Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    EmptyTemp:
    end
    *****************

    Error: (0) Failed to create a restore point.
    Processes closed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD4B10D-8476-4878-B018-6C42837D5A07}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD4B10D-8476-4878-B018-6C42837D5A07}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Wise Turbo Checker => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Turbo Checker" => key removed successfully

    ========================= Folder: C:\Program Files (x86)\Wise\Wise Care 365 ========================

    folder not found
    bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78D851A4-D78C-4C1B-85C8-296A33EE194D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78D851A4-D78C-4C1B-85C8-296A33EE194D}" => key removed successfully
    C:\WINDOWS\System32\Tasks\GU4SkipUAC => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU4SkipUAC" => key removed successfully

    ========================= Folder: L:\Program Files (x86)\Glary Utilities 4 ========================

    folder not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADB26B13-0C89-4738-93EE-156F0670B008}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADB26B13-0C89-4738-93EE-156F0670B008}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Wise Care 365 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Care 365" => key removed successfully
    C:\WINDOWS\Tasks\Wise Turbo Checker.job => moved successfully.
    EmptyTemp: => 569.7 MB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 10:40:05 ====

    # AdwCleaner v4.208 - Logfile created 10/08/2015 at 10:43:00
    # Updated 09/07/2015 by Xplode
    # Database : 2015-08-01.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Beth - HARRY
    # Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\WINDOWS\System32\roboot64.exe
    Folder Found : C:\Program Files (x86)\bestadblocker
    Folder Found : C:\Program Files (x86)\bestadblocker
    Folder Found : C:\Program Files (x86)\CutThePrice
    Folder Found : C:\Program Files (x86)\CutThePurice
    Folder Found : C:\Program Files (x86)\wincheck
    Folder Found : C:\ProgramData\{cedf5269-4a8f-7d5a-cedf-f52694a849a5}
    Folder Found : C:\Users\Beth\AppData\Local\slimware utilities inc
    Folder Found : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\118fqjz4.default\Extensions\Fdctg5E@2T.net

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\SlimWare Utilities Inc
    Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
    Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\121f7f8d-0867-4944-67a7-a6160857de61
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
    Key Found : HKLM\SOFTWARE\Driver-Soft
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v

    [118fqjz4.default] - Line Found : user_pref("extensions.h9OiEktIPtOVZZb7.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]
    [118fqjz4.default] - Line Found : user_pref("extensions.y2tsfuxJRJJL02pq.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]

    *************************

    AdwCleaner[R0].txt - [2350 bytes] - [10/08/2015 10:43:00]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2409 bytes] ##########

    # AdwCleaner v4.208 - Logfile created 10/08/2015 at 10:50:33
    # Updated 09/07/2015 by Xplode
    # Database : 2015-08-01.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Beth - HARRY
    # Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\WINDOWS\System32\roboot64.exe
    Folder Found : C:\Program Files (x86)\bestadblocker
    Folder Found : C:\Program Files (x86)\bestadblocker
    Folder Found : C:\Program Files (x86)\CutThePrice
    Folder Found : C:\Program Files (x86)\CutThePurice
    Folder Found : C:\Program Files (x86)\wincheck
    Folder Found : C:\ProgramData\{cedf5269-4a8f-7d5a-cedf-f52694a849a5}
    Folder Found : C:\Users\Beth\AppData\Local\slimware utilities inc
    Folder Found : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\118fqjz4.default\Extensions\Fdctg5E@2T.net

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\SlimWare Utilities Inc
    Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
    Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\121f7f8d-0867-4944-67a7-a6160857de61
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
    Key Found : HKLM\SOFTWARE\Driver-Soft
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v

    [118fqjz4.default] - Line Found : user_pref("extensions.h9OiEktIPtOVZZb7.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]
    [118fqjz4.default] - Line Found : user_pref("extensions.y2tsfuxJRJJL02pq.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]

    *************************

    AdwCleaner[R0].txt - [2492 bytes] - [10/08/2015 10:43:19]
    AdwCleaner[R1].txt - [2409 bytes] - [10/08/2015 10:50:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2468 bytes] ##########

    # AdwCleaner v4.208 - Logfile created 10/08/2015 at 10:55:56
    # Updated 09/07/2015 by Xplode
    # Database : 2015-08-01.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Beth - HARRY
    # Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\WINDOWS\System32\roboot64.exe
    Folder Found : C:\Program Files (x86)\bestadblocker
    Folder Found : C:\Program Files (x86)\bestadblocker
    Folder Found : C:\Program Files (x86)\CutThePrice
    Folder Found : C:\Program Files (x86)\CutThePurice
    Folder Found : C:\Program Files (x86)\wincheck
    Folder Found : C:\ProgramData\{cedf5269-4a8f-7d5a-cedf-f52694a849a5}
    Folder Found : C:\Users\Beth\AppData\Local\slimware utilities inc
    Folder Found : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\118fqjz4.default\Extensions\Fdctg5E@2T.net

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\SlimWare Utilities Inc
    Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
    Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\121f7f8d-0867-4944-67a7-a6160857de61
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
    Key Found : HKLM\SOFTWARE\Driver-Soft
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v

    [118fqjz4.default] - Line Found : user_pref("extensions.h9OiEktIPtOVZZb7.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]
    [118fqjz4.default] - Line Found : user_pref("extensions.y2tsfuxJRJJL02pq.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]

    *************************

    AdwCleaner[R0].txt - [2492 bytes] - [10/08/2015 10:43:19]
    AdwCleaner[R1].txt - [2551 bytes] - [10/08/2015 10:50:49]
    AdwCleaner[R2].txt - [2468 bytes] - [10/08/2015 10:55:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2527 bytes] ##########

    # AdwCleaner v4.208 - Logfile created 10/08/2015 at 10:57:29
    # Updated 09/07/2015 by Xplode
    # Database : 2015-08-01.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Beth - HARRY
    # Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\{cedf5269-4a8f-7d5a-cedf-f52694a849a5}
    Folder Deleted : C:\Program Files (x86)\wincheck
    Folder Deleted : C:\Program Files (x86)\bestadblocker
    Folder Deleted : C:\Program Files (x86)\CutThePrice
    Folder Deleted : C:\Program Files (x86)\CutThePurice
    Folder Deleted : C:\Users\Beth\AppData\Local\slimware utilities inc
    Folder Deleted : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\118fqjz4.default\Extensions\Fdctg5E@2T.net
    File Deleted : C:\WINDOWS\System32\roboot64.exe

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\121f7f8d-0867-4944-67a7-a6160857de61
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
    Key Deleted : HKCU\Software\SlimWare Utilities Inc
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\Driver-Soft
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v

    [118fqjz4.default\prefs.js] - Line Deleted : user_pref("extensions.h9OiEktIPtOVZZb7.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]
    [118fqjz4.default\prefs.js] - Line Deleted : user_pref("extensions.y2tsfuxJRJJL02pq.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]

    *************************

    AdwCleaner[R0].txt - [2492 bytes] - [10/08/2015 10:43:19]
    AdwCleaner[R1].txt - [2551 bytes] - [10/08/2015 10:50:49]
    AdwCleaner[R2].txt - [2610 bytes] - [10/08/2015 10:56:12]
    AdwCleaner[S0].txt - [2371 bytes] - [10/08/2015 10:57:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2430 bytes] #########

    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.5.5 (08.05.2015:1)
    OS: Windows 8.1 x64
    Ran by Beth on Mon 08/10/2015 at 11:01:41.67
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\DLL-Files.Com Fixer_MONTHLY
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\DLL-Files.Com Fixer_Updates
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncher
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask-Delay
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask-Retry
    Successfully deleted: [Task] C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
    Successfully deleted: [Task] C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
    Successfully deleted: [Task] C:\WINDOWS\Tasks\Wise Care 365.job



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Users\Beth\desktop\driver genius.lnk



    ~~~ Folders

    Successfully deleted: [Folder] C:\Program Files (x86)\dll-files.com fixer
    Successfully deleted: [Folder] C:\ProgramData\drivergenius
    Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius
    Successfully deleted: [Folder] C:\Users\Beth\Appdata\Local\crashrpt
    Successfully deleted: [Folder] C:\Users\Beth\AppData\Roaming\dll-files.com
    Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
    Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin
    Successfully deleted: [Folder] C:\ProgramData\974024612006243828





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 08/10/2015 at 11:02:59.85
    End of JRT log

    Toots

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,483

    Re: Suspected security problens

    Please download Malwarebytes Anti-Malware from Here.

    Double-click on the setup file (mbam-setup.exe), then click on Run to install.
    • Select the language and click OK.
    • Accept the agreement
    • During installation, make sure to UNcheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Scan Now". (The scan may take some time to finish,so please be patient.)
    • When the scan is complete, click on Quarantine All.
    • When disinfection is completed, a log will open in Notepad. If the log doesn't open, select View detailed log in the Scan tab.
    • If prompted to restart (see Note below), launch Malwarebytes Antimalware and select History.
    • Double click on the last scan done, then on Copy to Clipboard.
    • Post the contents of the log in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Suspected security problens

    Quote Originally Posted by Corrine View Post
    Please download Malwarebytes Anti-Malware from Here.

    Double-click on the setup file (mbam-setup.exe), then click on Run to install.
    • Select the language and click OK.
    • Accept the agreement
    • During installation, make sure to UNcheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Scan Now". (The scan may take some time to finish,so please be patient.)
    • When the scan is complete, click on Quarantine All.
    • When disinfection is completed, a log will open in Notepad. If the log doesn't open, select View detailed log in the Scan tab.
    • If prompted to restart (see Note below), launch Malwarebytes Antimalware and select History.
    • Double click on the last scan done, then on Copy to Clipboard.
    • Post the contents of the log in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    Corriene,

    Ran into problems with this version of Malwarerbytes. Did not have the option to quarantine any items. It was restore or delete.

    Here is what I did get:

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 8/10/2015
    Scan Time: 1:51 PM
    Logfile:
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.08.10.05
    Rootkit Database: v2015.08.06.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Beth

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 385671
    Time Elapsed: 7 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [d15c24e35b3056e01bc21391dd2750b0],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [56d718efafdc5cda12cb1a8a10f41ce4],

    Registry Values: 2
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [d15c24e35b3056e01bc21391dd2750b0]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [56d718efafdc5cda12cb1a8a10f41ce4]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 8/10/2015
    Scan Time: 1:51 PM
    Logfile: Scanned History Log.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.08.10.05
    Rootkit Database: v2015.08.06.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Beth

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 385671
    Time Elapsed: 7 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [d15c24e35b3056e01bc21391dd2750b0],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [56d718efafdc5cda12cb1a8a10f41ce4],

    Registry Values: 2
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [d15c24e35b3056e01bc21391dd2750b0]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [56d718efafdc5cda12cb1a8a10f41ce4]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Lots of Chrome stuff and I don't use Chrome Browser.

    Toots

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,483

    Re: Suspected security problens

    If you didn't have Malwarebytes delete, go ahead and rescan and select delete.

    When that is completed, please run the following tool and then I'll return you to Aura.

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Suspected security problens

    Quote Originally Posted by Corrine View Post
    If you didn't have Malwarebytes delete, go ahead and rescan and select delete.

    When that is completed, please run the following tool and then I'll return you to Aura.

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
    Here you go:

    # DelFix v10.8 - Logfile created 11/08/2015 at 09:01:07
    # Updated 29/07/2014 by Xplode
    # Username : Beth - HARRY
    # Operating System : Windows 8.1 (64 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\FRST
    Deleted : C:\AdwCleaner
    Deleted : C:\Users\Beth\Desktop\FRST-OlderVersion
    Deleted : C:\Users\Beth\Desktop\Addition.txt
    Deleted : C:\Users\Beth\Desktop\AdwCleaner.exe
    Deleted : C:\Users\Beth\Desktop\FRST.txt
    Deleted : C:\Users\Beth\Desktop\FRST64.exe
    Deleted : C:\Users\Beth\Desktop\JRT.exe
    Deleted : C:\Users\Beth\Desktop\JRT.txt
    Deleted : C:\Users\Beth\Desktop\SecurityCheck.exe
    Deleted : C:\Users\Beth\Downloads\MiniToolBox.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner

    ~ Creating registry backup ... OK

    ~ Cleaning system restore ...


    New restore point created !

    ########## - EOF - ##########

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,483

    Re: Suspected security problens

    Excellent. You're all set to return to your original thread. I've notified Aura: Cbspersist Files Cannot install Win10


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. 0x124 BSOD - Windows 7 x64 - Suspected CPU failure
    By red98 in forum BSOD, Crashes, Kernel Debugging
    Replies: 7
    Last Post: 06-24-2015, 01:53 PM
  2. BSOD's on new build, USB or NVidia suspected
    By jcward in forum BSOD, Crashes, Kernel Debugging
    Replies: 4
    Last Post: 02-17-2014, 05:33 PM
  3. Replies: 0
    Last Post: 09-20-2012, 11:01 PM
  4. Russian Hacker Suspected of Targeting Amazon.com Arrested
    By zigzag3143 in forum Security News
    Replies: 0
    Last Post: 07-21-2012, 03:27 AM

Log in

Log in