[SOLVED] Suspected security problens

T

Toots

Active member
Joined
Apr 4, 2015
Posts
42
I was sent to you from the Sysnative Windows Update Forum. Aura suspects I may have security problems in my Win 8.1 files.

Toots

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
Ran by Beth (2015-08-09 12:10:22)
Running from C:\Users\Beth\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3999622879-2960241565-339156489-500 - Administrator - Disabled)
Beth (S-1-5-21-3999622879-2960241565-339156489-1002 - Administrator - Enabled) => C:\Users\Beth
Guest (S-1-5-21-3999622879-2960241565-339156489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3999622879-2960241565-339156489-1007 - Limited - Enabled)
UpdatusUser (S-1-5-21-3999622879-2960241565-339156489-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adolix Outlook Express Backup v3.1 (HKLM-x32\...\AdolixOEBackup_is1) (Version: - Adolix)
AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - WebSite-Watcher - Software to check websites for updates and changes (web page monitoring))
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Pro Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version: - AOMEI Technology Co., Ltd.)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Bubble Shooter v3.07 (HKLM-x32\...\BShooter3_is1) (Version: - )
Casper 8.0 (HKLM\...\{6A58EB2E-5883-4515-910D-699C4396797B}) (Version: 8.0.4422 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Cool Timer 3.3 (HKLM-x32\...\Cool Timer_is1) (Version: - )
CPUID CPU-Z 1.66 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CutThePrice (HKLM-x32\...\{A2C98B47-B5F4-94AA-281D-4135416774CF}) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
Dropbox (HKU\S-1-5-21-3999622879-2960241565-339156489-1002\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
EaseUS Partition Master 9.2.1 Professional (HKLM-x32\...\EaseUS Partition Master Professional Edition_is1) (Version: - EaseUS)
EaseUS Todo Backup Home 8.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.3.1.518 - Foxit Software Company)
jv16 PowerTools 2014 (HKLM-x32\...\jv16 PowerTools 2014) (Version: - Macecraft Software)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
Kodi (HKU\S-1-5-21-3999622879-2960241565-339156489-1002\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version: - )
NVIDIA 3D Vision Controller Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OE Classic 2.31 (HKLM-x32\...\OEClassic) (Version: 2.31 - OE Classic)
ONES (E) (HKLM-x32\...\ONES(E)) (Version: - )
Outlook Express 6 (HKLM-x32\...\Outlook Express 6) (Version: - )
Password Recovery Bundle 2014 (HKLM-x32\...\Password Recovery Bundle 2014_is1) (Version: - Top Password Software, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
SIW Pro Edition (GOTD) (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2015.01.08 - Topala Software Solutions)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
Soft Organizer version 3.51 (HKLM-x32\...\Soft Organizer_is1) (Version: 3.51 - ChemTable Software)
Spell Check Anywhere (HKLM-x32\...\Spell Check Anywhere6.0) (Version: 6.0 - TG Enterprises, Inc.)
TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3999622879-2960241565-339156489-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-03-22 14:31 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A45B319-8172-4DC4-9F20-F20EC7B2BC9A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {14B169CC-2650-4D74-B351-B9E2E818A285} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-02-13] (Dll-FIles.Com)
Task: {1BA979AF-0B22-422F-8CA6-E29CFAD7D0E0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {269ECCBD-42F6-40B5-AD10-D2FAF6F0EA1D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: {3180945C-AB20-4BA3-91F9-9FED03C873D9} - System32\Tasks\{E184B7B1-0CAF-436A-81B9-17DBC139E499} => pcalua.exe -a "C:\Program Files (x86)\jv16 PowerTools 2005\jv16PT.exe" -d C:\Users\Beth\Desktop
Task: {364372AD-0D00-4962-85BC-8CF23B545058} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-02-13] (Dll-FIles.Com)
Task: {50B9DEEC-1620-4267-BFE6-ABCC4D50FCA9} - System32\Tasks\Startoe => C:\Program Files (x86)\startoe.exe
Task: {5C0B3AF7-EE1A-489F-B69A-9F3F85BA3645} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => E:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [2014-04-29] (Future Systems Solutions, Inc.)
Task: {66B908AF-00A7-4569-8B3F-57EECE8472ED} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3999622879-2960241565-339156489-1002Core => C:\Users\Beth\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {7133EC3C-568A-492F-BCC9-45AE30DD787D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {73BDE30D-21C1-49A0-839F-A0D053288144} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {756BB8F0-A3D8-4120-A575-027314281289} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3999622879-2960241565-339156489-1002UA => C:\Users\Beth\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
Task: {83C29121-083A-43F3-8A0C-E3DF22D398BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {89752023-9D09-4175-8BC4-8FCC87806A5E} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {A443857F-9656-4B03-904C-1689B35BD2C0} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: {AFF316F6-D66E-4D3B-9C35-03E1671824DA} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3999622879-2960241565-339156489-1002Core.job => C:\Users\Beth\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3999622879-2960241565-339156489-1002UA.job => C:\Users\Beth\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-25 14:24 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-10-24 14:49 - 2012-01-20 07:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-08-09 11:49 - 2015-08-09 11:49 - 00071168 _____ () c:\users\beth\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsnlryq.dll
2015-07-30 07:37 - 2015-07-16 19:31 - 00012800 _____ () C:\Users\Beth\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-07-30 07:37 - 2015-07-16 19:31 - 00779776 _____ () C:\Users\Beth\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 07:37 - 2015-07-16 19:31 - 00056320 _____ () C:\Users\Beth\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-30 07:37 - 2015-07-16 19:31 - 00012288 _____ () C:\Users\Beth\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2006-11-16 19:23 - 2007-03-08 11:02 - 00053248 _____ () C:\Program Files (x86)\Spell Check Anywhere\saw_sca.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Beth\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3999622879-2960241565-339156489-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Backupper Service => 2
MSCONFIG\Services: caspereui => 2
MSCONFIG\Services: casperhpb => 2
MSCONFIG\Services: Everything => 2
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "EaseUs Watch"
HKU\S-1-5-21-3999622879-2960241565-339156489-1002\...\StartupApproved\StartupFolder: => "Cool Timer.lnk"
HKU\S-1-5-21-3999622879-2960241565-339156489-1002\...\StartupApproved\Run: => "Linkman"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16BD78AD-DA13-463C-8F60-7E3D8F5865E0}] => (Allow) LPort=1900
FirewallRules: [{491FDB69-E80E-4DE5-8A7F-5598FAF1D870}] => (Allow) LPort=2869
FirewallRules: [{DC792B54-8C14-47F2-B2C7-90D552827CDC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{22C74DA4-2893-4B5E-9009-20D930D8601D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{076252EB-CE7A-422C-AF5C-EE157CF58DD5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DA5695B9-9431-4384-8A1B-521AF93078CF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E7EC13B4-3BF8-475F-A651-8BF8E786D5CB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4FF314AB-9398-4FC8-B61C-E2D8D47D6BCB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{74446D5B-A843-4340-AB92-E5D90074E128}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BCC2526A-064F-4F5A-97C0-79B687E89BED}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9E94F713-2B7A-493F-B750-7CDA490F102F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F5B7C231-B6AA-468A-A8BF-9FFF93763A7E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{93756C0D-CD99-4C2B-BEFD-6F7673A0DC5E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{55A96DC0-EEA1-4A93-BFEB-84A80F12EDB2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7AA60ED0-5A5A-42A2-AFD2-54725B01777D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{ACDDDA56-0336-4CCF-8123-4573335131AC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{65B30817-FCF3-4243-B230-D501C5A00D98}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{B3E18EF3-D311-4A52-88D1-E22E65258DA4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{0808DB5D-778E-454B-A5FD-E5C6ED1DF341}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{34C16436-C7C8-4255-B4B2-BB5BC6FA3751}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup Home 8.0\bin\TodoBackupService.exe
FirewallRules: [{7520ACE3-925E-4C92-A0CD-90911E211F5F}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup Home 8.0\bin\TodoBackupService.exe
FirewallRules: [{5FC63B13-980E-4580-A519-6B914E2CE46D}] => (Allow) C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.2\PxeUi.exe
FirewallRules: [{079BC158-8B20-442F-BC1C-0FFE46F779C1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EECF00CC-8645-44AB-8410-92DAA6380D65}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E78B8524-5A6E-4A26-BD5A-728295287D09}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5D5BA591-23C5-4CFA-9C72-C94E34BFC27E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AF735262-34F5-4EE2-852E-BECC33ECEC14}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4695CFCB-6223-4BA5-966E-188BF09DD09D}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup Home 8.2\bin\TodoBackupService.exe
FirewallRules: [{9D676B3E-CFAA-4041-A07B-079720EBBD2C}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup Home 8.2\bin\TodoBackupService.exe
FirewallRules: [{93E8E3A7-6F83-41E3-BF97-86F2B82A58CB}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{C9217A3A-740F-4B33-8AE2-0A5CB30552F5}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{69F34F68-7242-4D1D-A6EA-D3C85AEE4622}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{4A884EB5-6DB5-4112-B677-0D2FD3983DCB}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{59113C65-DE15-49F2-9CBD-5DB14EA66FE0}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7DD6BD24-F07F-4B9E-A5EC-65D9F7865B33}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{352778DE-12AD-421B-863D-9D4E5580D5AC}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{6E90407A-222A-4EC6-B6CC-A1102A0161B6}] => (Allow) E:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{15F85024-38EB-423F-BA0A-B7C284F148B3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F96837A0-F810-45EB-A102-799662D9C1D4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CCAD2966-F598-4DD1-95AC-3BB46E1E45D9}] => (Allow) C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{991BADA2-59C9-470F-B035-7205E282D152}] => (Allow) C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3AFB9A7B-13CA-42F7-9DEC-D1E81DFF86BD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{08292E84-F603-4E15-8902-F58A096DE69A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7D96A3FA-1B92-4AE4-9444-979B5ABE6DB4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{CBDC6A67-3444-4EB5-8073-860951FD0BF0}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{7D2A4617-0400-44CF-B76F-D2EEF0EFA541}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{EEA22925-A1DA-443E-B74E-08545E3BEC02}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{AFD50A2C-0F35-4B1D-A734-CAFEF36F8140}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{15DCD738-3E49-496F-B30B-72D391D009D5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0C7D8EC6-2103-4FD9-BAE0-0A7945A707D6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A77800EF-8534-4020-9F06-866F83FAB759}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF61808C-9281-4D23-9E20-40238F072DAC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2015 11:50:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/08/2015 02:21:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/08/2015 02:16:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Beth\AppData\Local\Temp\{4CC6A13B-986A-40B5-9DE5-112C09BDDA56}\setup.exe -runfromtemp -l0x0409 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" -tempdisk1folder:"C:\Users\Beth\AppData\Local\Temp\{4CC6A13B-986A-40B5-9DE5-112C09BDDA56}"; Description = Removed Dell Backup and Recovery; Error = 0x80070422).

Error: (08/08/2015 02:14:32 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: HARRY)
Description: Application or service 'Windows Explorer' could not be shut down.

Error: (08/08/2015 01:51:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x16f4
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (08/08/2015 12:36:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/08/2015 07:51:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/07/2015 04:22:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/07/2015 02:31:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x10bc
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (08/07/2015 12:20:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.


System errors:
=============
Error: (08/09/2015 11:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EaseUS Agent Service service failed to start due to the following error:
%%2

Error: (08/09/2015 11:47:52 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\PzWDM.sys

Error: (08/09/2015 11:48:09 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:39:12 PM on ‎8/‎8/‎2015 was unexpected.

Error: (08/08/2015 02:19:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EaseUS Agent Service service failed to start due to the following error:
%%2

Error: (08/08/2015 02:19:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\PzWDM.sys

Error: (08/08/2015 02:14:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/08/2015 12:34:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EaseUS Agent Service service failed to start due to the following error:
%%2

Error: (08/08/2015 12:33:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\PzWDM.sys

Error: (08/08/2015 12:34:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:49:19 AM on ‎8/‎8/‎2015 was unexpected.

Error: (08/08/2015 11:22:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Upgrade to Windows 10 Home.


Microsoft Office:
=========================
Error: (08/09/2015 11:50:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/08/2015 02:21:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/08/2015 02:16:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Beth\AppData\Local\Temp\{4CC6A13B-986A-40B5-9DE5-112C09BDDA56}\setup.exe -runfromtemp -l0x0409 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" -tempdisk1folder:"C:\Users\Beth\AppData\Local\Temp\{4CC6A13B-986A-40B5-9DE5-112C09BDDA56}"Removed Dell Backup and Recovery0x80070422

Error: (08/08/2015 02:14:32 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: HARRY)
Description: 1C:\Windows\explorer.exeWindows Explorer0411753200

Error: (08/08/2015 01:51:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f16f401d0d20b44ed0dc7C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll84f588b0-3dfe-11e5-bfeb-bc855631c1c2

Error: (08/08/2015 12:36:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/08/2015 07:51:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/07/2015 04:22:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/07/2015 02:31:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f10bc01d0d147a06cd382C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dlldfc14654-3d3a-11e5-bfe8-bc855631c1c2

Error: (08/07/2015 12:20:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.


CodeIntegrity:
===================================
Date: 2015-08-08 15:10:00.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:10:00.177
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:09:59.989
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:09:59.802
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:09:59.599
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:09:59.411
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:09:59.208
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:09:59.020
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:09:58.817
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 15:09:58.630
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 12248.95 MB
Available physical RAM: 10576.3 MB
Total Virtual: 14104.95 MB
Available Virtual: 12267.86 MB

==================== Drives ================================

Drive c: (WIN 8) (Fixed) (Total:75.43 GB) (Free:17.87 GB) NTFS
Drive d: (APPL) (Fixed) (Total:97.85 GB) (Free:89.56 GB) NTFS
Drive e: (Backup) (Fixed) (Total:201.98 GB) (Free:154.78 GB) NTFS
Drive f: (Music) (Fixed) (Total:21.63 GB) (Free:20.32 GB) NTFS
Drive g: (DVD) (Fixed) (Total:512.85 GB) (Free:447.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0AB8D420)

Partition: GPT Partition Type.

Security Check

Results of screen317's Security Check version 1.006
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 18.0.0.209
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Hi, Toots.

The "bestadblocker" program installed is described as a "parasite" by ESET NOD32. It is also detected by Malwlarebytes as unwanted. I notice a lot of "leftovers" from "optimizer-type" programs that are no longer listed as installed programs. Tools of that nature tend to do more harm that good. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. Additionally, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

1. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Folder: C:\Program Files (x86)\Wise\Wise Care 365
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
Folder: L:\Program Files (x86)\Glary Utilities 4
Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.

2. Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin. Please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

3. Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Corrine said:
Hi, Toots.

The "bestadblocker" program installed is described as a "parasite" by ESET NOD32. It is also detected by Malwlarebytes as unwanted. I notice a lot of "leftovers" from "optimizer-type" programs that are no longer listed as installed programs. Tools of that nature tend to do more harm that good. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. Additionally, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

1. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Folder: C:\Program Files (x86)\Wise\Wise Care 365
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
Folder: L:\Program Files (x86)\Glary Utilities 4
Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.

2. Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin. Please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

3. Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Click to expand...

Corrrine

Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Beth (2015-08-10 10:39:19) Run:1
Running from E:\Backup\FRST64
Loaded Profiles: Beth & UpdatusUser (Available Profiles: Beth & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Folder: C:\Program Files (x86)\Wise\Wise Care 365
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
Folder: L:\Program Files (x86)\Glary Utilities 4
Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
EmptyTemp:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD4B10D-8476-4878-B018-6C42837D5A07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD4B10D-8476-4878-B018-6C42837D5A07}" => key removed successfully
C:\WINDOWS\System32\Tasks\Wise Turbo Checker => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Turbo Checker" => key removed successfully

========================= Folder: C:\Program Files (x86)\Wise\Wise Care 365 ========================

folder not found
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78D851A4-D78C-4C1B-85C8-296A33EE194D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78D851A4-D78C-4C1B-85C8-296A33EE194D}" => key removed successfully
C:\WINDOWS\System32\Tasks\GU4SkipUAC => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU4SkipUAC" => key removed successfully

========================= Folder: L:\Program Files (x86)\Glary Utilities 4 ========================

folder not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADB26B13-0C89-4738-93EE-156F0670B008}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADB26B13-0C89-4738-93EE-156F0670B008}" => key removed successfully
C:\WINDOWS\System32\Tasks\Wise Care 365 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Care 365" => key removed successfully
C:\WINDOWS\Tasks\Wise Turbo Checker.job => moved successfully.
EmptyTemp: => 569.7 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 10:40:05 ====
Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Beth (2015-08-10 10:39:19) Run:1
Running from E:\Backup\FRST64
Loaded Profiles: Beth & UpdatusUser (Available Profiles: Beth & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {2BD4B10D-8476-4878-B018-6C42837D5A07} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Folder: C:\Program Files (x86)\Wise\Wise Care 365
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Task: {78D851A4-D78C-4C1B-85C8-296A33EE194D} - System32\Tasks\GU4SkipUAC => L:\Program Files (x86)\Glary Utilities 4\Integrator.exe
Folder: L:\Program Files (x86)\Glary Utilities 4
Task: {ADB26B13-0C89-4738-93EE-156F0670B008} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
EmptyTemp:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD4B10D-8476-4878-B018-6C42837D5A07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD4B10D-8476-4878-B018-6C42837D5A07}" => key removed successfully
C:\WINDOWS\System32\Tasks\Wise Turbo Checker => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Turbo Checker" => key removed successfully

========================= Folder: C:\Program Files (x86)\Wise\Wise Care 365 ========================

folder not found
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78D851A4-D78C-4C1B-85C8-296A33EE194D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78D851A4-D78C-4C1B-85C8-296A33EE194D}" => key removed successfully
C:\WINDOWS\System32\Tasks\GU4SkipUAC => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU4SkipUAC" => key removed successfully

========================= Folder: L:\Program Files (x86)\Glary Utilities 4 ========================

folder not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADB26B13-0C89-4738-93EE-156F0670B008}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADB26B13-0C89-4738-93EE-156F0670B008}" => key removed successfully
C:\WINDOWS\System32\Tasks\Wise Care 365 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Care 365" => key removed successfully
C:\WINDOWS\Tasks\Wise Turbo Checker.job => moved successfully.
EmptyTemp: => 569.7 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 10:40:05 ====

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 10:43:00
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Beth - HARRY
# Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\CutThePrice
Folder Found : C:\Program Files (x86)\CutThePurice
Folder Found : C:\Program Files (x86)\wincheck
Folder Found : C:\ProgramData\{cedf5269-4a8f-7d5a-cedf-f52694a849a5}
Folder Found : C:\Users\Beth\AppData\Local\slimware utilities inc
Folder Found : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\118fqjz4.default\Extensions\Fdctg5E@2T.net

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\121f7f8d-0867-4944-67a7-a6160857de61
Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v

[118fqjz4.default] - Line Found : user_pref("extensions.h9OiEktIPtOVZZb7.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]
[118fqjz4.default] - Line Found : user_pref("extensions.y2tsfuxJRJJL02pq.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]

*************************

AdwCleaner[R0].txt - [2350 bytes] - [10/08/2015 10:43:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2409 bytes] ##########

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 10:50:33
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Beth - HARRY
# Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\CutThePrice
Folder Found : C:\Program Files (x86)\CutThePurice
Folder Found : C:\Program Files (x86)\wincheck
Folder Found : C:\ProgramData\{cedf5269-4a8f-7d5a-cedf-f52694a849a5}
Folder Found : C:\Users\Beth\AppData\Local\slimware utilities inc
Folder Found : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\118fqjz4.default\Extensions\Fdctg5E@2T.net

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\121f7f8d-0867-4944-67a7-a6160857de61
Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v

[118fqjz4.default] - Line Found : user_pref("extensions.h9OiEktIPtOVZZb7.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]
[118fqjz4.default] - Line Found : user_pref("extensions.y2tsfuxJRJJL02pq.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]

*************************

AdwCleaner[R0].txt - [2492 bytes] - [10/08/2015 10:43:19]
AdwCleaner[R1].txt - [2409 bytes] - [10/08/2015 10:50:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2468 bytes] ##########

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 10:55:56
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Beth - HARRY
# Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\CutThePrice
Folder Found : C:\Program Files (x86)\CutThePurice
Folder Found : C:\Program Files (x86)\wincheck
Folder Found : C:\ProgramData\{cedf5269-4a8f-7d5a-cedf-f52694a849a5}
Folder Found : C:\Users\Beth\AppData\Local\slimware utilities inc
Folder Found : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\118fqjz4.default\Extensions\Fdctg5E@2T.net

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\121f7f8d-0867-4944-67a7-a6160857de61
Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v

[118fqjz4.default] - Line Found : user_pref("extensions.h9OiEktIPtOVZZb7.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]
[118fqjz4.default] - Line Found : user_pref("extensions.y2tsfuxJRJJL02pq.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]

*************************

AdwCleaner[R0].txt - [2492 bytes] - [10/08/2015 10:43:19]
AdwCleaner[R1].txt - [2551 bytes] - [10/08/2015 10:50:49]
AdwCleaner[R2].txt - [2468 bytes] - [10/08/2015 10:55:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2527 bytes] ##########

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 10:57:29
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Beth - HARRY
# Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\{cedf5269-4a8f-7d5a-cedf-f52694a849a5}
Folder Deleted : C:\Program Files (x86)\wincheck
Folder Deleted : C:\Program Files (x86)\bestadblocker
Folder Deleted : C:\Program Files (x86)\CutThePrice
Folder Deleted : C:\Program Files (x86)\CutThePurice
Folder Deleted : C:\Users\Beth\AppData\Local\slimware utilities inc
Folder Deleted : C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\118fqjz4.default\Extensions\Fdctg5E@2T.net
File Deleted : C:\WINDOWS\System32\roboot64.exe

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\121f7f8d-0867-4944-67a7-a6160857de61
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKCU\Software\SlimWare Utilities Inc
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v

[118fqjz4.default\prefs.js] - Line Deleted : user_pref("extensions.h9OiEktIPtOVZZb7.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]
[118fqjz4.default\prefs.js] - Line Deleted : user_pref("extensions.y2tsfuxJRJJL02pq.scode", "(function(){try{if(window.location.href.indexOf("rjwEqjn6pjC7qHa6rjnGpja6pjU")>-1){return;}}catch(e){}try{var d=[["www.ewoss.com","livewebcams.xyz\[...]

*************************

AdwCleaner[R0].txt - [2492 bytes] - [10/08/2015 10:43:19]
AdwCleaner[R1].txt - [2551 bytes] - [10/08/2015 10:50:49]
AdwCleaner[R2].txt - [2610 bytes] - [10/08/2015 10:56:12]
AdwCleaner[S0].txt - [2371 bytes] - [10/08/2015 10:57:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2430 bytes] #########

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 8.1 x64
Ran by Beth on Mon 08/10/2015 at 11:01:41.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\DLL-Files.Com Fixer_MONTHLY
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\DLL-Files.Com Fixer_Updates
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncher
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask-Delay
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask-Retry
Successfully deleted: [Task] C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
Successfully deleted: [Task] C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
Successfully deleted: [Task] C:\WINDOWS\Tasks\Wise Care 365.job



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Beth\desktop\driver genius.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\dll-files.com fixer
Successfully deleted: [Folder] C:\ProgramData\drivergenius
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius
Successfully deleted: [Folder] C:\Users\Beth\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Beth\AppData\Roaming\dll-files.com
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\974024612006243828





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/10/2015 at 11:02:59.85
End of JRT log

Toots
 
Please download Malwarebytes Anti-Malware from Here.

Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Select the language and click OK.
  • Accept the agreement
  • During installation, make sure to UNcheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;)
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now". (The scan may take some time to finish,so please be patient.)
  • When the scan is complete, click on Quarantine All.
  • When disinfection is completed, a log will open in Notepad. If the log doesn't open, select View detailed log in the Scan tab.
  • If prompted to restart (see Note below), launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • Post the contents of the log in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
Corrine said:
Please download Malwarebytes Anti-Malware from Here.

Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Select the language and click OK.
  • Accept the agreement
  • During installation, make sure to UNcheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;)
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now". (The scan may take some time to finish,so please be patient.)
  • When the scan is complete, click on Quarantine All.
  • When disinfection is completed, a log will open in Notepad. If the log doesn't open, select View detailed log in the Scan tab.
  • If prompted to restart (see Note below), launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • Post the contents of the log in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Click to expand...

Corriene,

Ran into problems with this version of Malwarerbytes. Did not have the option to quarantine any items. It was restore or delete.

Here is what I did get:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 8/10/2015
Scan Time: 1:51 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.10.05
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Beth

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385671
Time Elapsed: 7 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [d15c24e35b3056e01bc21391dd2750b0],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [56d718efafdc5cda12cb1a8a10f41ce4],

Registry Values: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [d15c24e35b3056e01bc21391dd2750b0]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [56d718efafdc5cda12cb1a8a10f41ce4]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 8/10/2015
Scan Time: 1:51 PM
Logfile: Scanned History Log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.10.05
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Beth

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385671
Time Elapsed: 7 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [d15c24e35b3056e01bc21391dd2750b0],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [56d718efafdc5cda12cb1a8a10f41ce4],

Registry Values: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [d15c24e35b3056e01bc21391dd2750b0]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [56d718efafdc5cda12cb1a8a10f41ce4]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Lots of Chrome stuff and I don't use Chrome Browser.

Toots
 
If you didn't have Malwarebytes delete, go ahead and rescan and select delete.

When that is completed, please run the following tool and then I'll return you to Aura.

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
 
Corrine said:
If you didn't have Malwarebytes delete, go ahead and rescan and select delete.

When that is completed, please run the following tool and then I'll return you to Aura.

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Click to expand...

Here you go:

# DelFix v10.8 - Logfile created 11/08/2015 at 09:01:07
# Updated 29/07/2014 by Xplode
# Username : Beth - HARRY
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Beth\Desktop\FRST-OlderVersion
Deleted : C:\Users\Beth\Desktop\Addition.txt
Deleted : C:\Users\Beth\Desktop\AdwCleaner.exe
Deleted : C:\Users\Beth\Desktop\FRST.txt
Deleted : C:\Users\Beth\Desktop\FRST64.exe
Deleted : C:\Users\Beth\Desktop\JRT.exe
Deleted : C:\Users\Beth\Desktop\JRT.txt
Deleted : C:\Users\Beth\Desktop\SecurityCheck.exe
Deleted : C:\Users\Beth\Downloads\MiniToolBox.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top