Solved Unwanted Search screen

While searching local train times I must have clicked something that now opens up "My TransitGuide" when I open any tab in Firefox.
In Tools > Options I have set google.co.uk as my home page and set home page to open in new tabs but still get My TransitGuide which may help with Amtrac schedules but is of little use on the single track East Suffolk Line in England!!
Would be grateful if someone can tell me how to get rid of it.

Incidentally I was unable to login on a PC Help Forum page - it just reverted straight back to the previous page asking me to log in. I could only log on by clicking on the link in an email sent to me.

Rustys said:

If you were just typing in PCHelpforum.net it does that for some reason. You need to type in www.PCHelpforum.net for it to work properly.

Click to expand...

OK, thanks

Rustys said:

Copied form www.MyTransitGuide.com
Please read carefully: By checking the box and clicking the button, you agree to install the MyTransitGuide Homepage & New Tab and agree to the End User License Agreement and Privacy Policy.

Have you checked programs and features to see if the program is the uninstall list.

Click to expand...

Yes, I tried to uninstall in the Control Panel but could not find the programme. I double checked the dates of recently installed items and it didn't show there.

Malnutrition said:

@Kiredoryor Let's work toward solving this issue.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

1. Accept the default whitelist options,
2. If the additions.txt options box is not checked please select it.
   
3. Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Copy and Paste the contents of these logs in your next post for review.

Click to expand...

Thanks

FRST.txt and Addition.txt attached.

K



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by Chinwe (administrator) on CHINWE-PC (24-10-2016 08:12:09)
Running from C:\Users\Chinwe\Downloads
Loaded Profiles: Chinwe (Available Profiles: Chinwe & Roderick & TFPL & Chinwe 2 & NWIRU)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.5.6\WsAppService.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2009-01-19] (Dell Inc.)
HKLM\...\Run: [WinPrivacy] => C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe [913032 2015-06-25] (WinPatrol)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1889192 2016-09-28] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-04-21] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
Startup: C:\Users\Chinwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-07-11]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Chinwe 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-08-03]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Chinwe 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-10-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-04-21]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-04-21]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\NWIRU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-11-13]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Roderick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-08-03]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TFPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-08-03]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
GroupPolicy\User: Restriction ? <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3417848519-1791217427-1439989990-1004\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Winsock: Catalog9 29 C:\Windows\system32\wpclsp.dll [72192 2008-01-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{19497F73-66F4-4087-8D86-71D81EF32BFF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C31F2C8F-8F87-423B-A060-B92EE705A9B0}: [DhcpNameServer] 163.244.4.254 163.244.76.254

Internet Explorer:
==================
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/2
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKU\S-1-5-21-3417848519-1791217427-1439989990-1000 -> DefaultScope {F43F4CE3-2CF5-4B0E-8AC3-1B14D7033204} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3417848519-1791217427-1439989990-1000 -> {F43F4CE3-2CF5-4B0E-8AC3-1B14D7033204} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-21] (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-21] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: cui1muuh.default
FF ProfilePath: C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default [2016-10-24]
FF Homepage: Mozilla\Firefox\Profiles\cui1muuh.default -> hxxps://www.google.co.uk/
FF Extension: (WhatsApp™ Desktop) - C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default\Extensions\jid1-uqwEAwSca3FXUo@jetpack.xpi [2016-09-08]
FF Extension: (Saved Password Editor) - C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-10-14]
FF Extension: (MyTransitGuide) - C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default\Extensions\_b7Members_@free.mytransitguide.com [2016-10-21]
FF Extension: (WOT) - C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-04]
FF Extension: (Adblock Plus) - C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: (360 Internet Protection) - C:\Program Files\360\Total Security\safemon\webprotection_firefox [2016-06-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-07-12] [not signed]
FF HKLM\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files\360\Total Security\safemon\webprotection_firefox
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-07-18] (Andrea Electronics Corporation)
S3 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [31856 2016-10-10] (Dropbox, Inc.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-04-21] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [926632 2016-09-28] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM Corp.)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 WinPrivacySvc; C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe [464008 2015-06-25] (WinPatrol)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2009-01-19] (Dell Inc.) [File not signed]
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.5.6\WsAppService.exe [387072 2015-12-25] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [135400 2016-06-03] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [74472 2016-09-28] (360.cn)
R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [212712 2016-09-28] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-08-10] (360.cn)
R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [186728 2016-08-08] (360安全中心)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [186816 2016-09-15] (360.cn)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-19] (Broadcom Corporation)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23248 2015-12-11] (360.cn)
R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [69224 2016-08-08] (360安全中心)
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [313704 2016-08-08] (360.cn)
R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [65512 2016-08-08] (360.cn)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609053.sys [775592 2016-09-15] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [327728 2016-10-06] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [100912 2016-10-06] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [256520 2016-10-06] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [406800 2016-10-06] (IBM Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-07-21] (Windows (R) Codename Longhorn DDK provider)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2015-07-30] (Wondershare)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S1 ruinetf; system32\drivers\ruinetf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 08:12 - 2016-10-24 08:12 - 00018666 _____ C:\Users\Chinwe\Downloads\FRST.txt
2016-10-24 08:11 - 2016-10-24 08:12 - 00000000 ____D C:\FRST
2016-10-24 08:10 - 2016-10-24 08:10 - 01756672 _____ (Farbar) C:\Users\Chinwe\Downloads\FRST.exe
2016-10-22 20:07 - 2016-10-22 20:07 - 00111640 _____ C:\Users\Chinwe\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-22 20:00 - 2016-10-22 20:01 - 00399184 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-21 12:30 - 2016-10-21 12:30 - 00561720 _____ C:\Users\Chinwe\Downloads\118, 119.pdf
2016-10-21 03:15 - 2016-09-15 02:29 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-21 03:15 - 2016-09-15 01:01 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-21 03:15 - 2016-09-10 16:02 - 02072064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-21 03:15 - 2016-09-09 16:15 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-10-21 03:15 - 2016-09-09 16:15 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-10-21 03:15 - 2016-09-09 16:15 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-10-21 03:15 - 2016-09-09 16:15 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-10-21 03:15 - 2016-09-09 15:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-10-21 03:15 - 2016-09-09 15:32 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-10-21 03:15 - 2016-09-09 15:23 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-10-21 03:15 - 2016-09-09 15:21 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-21 03:15 - 2016-09-09 15:21 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-21 03:12 - 2016-09-10 17:28 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-21 03:12 - 2016-09-10 17:27 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-21 03:11 - 2016-08-06 15:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-21 03:10 - 2016-09-03 16:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-21 03:03 - 2016-09-08 15:20 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-21 03:03 - 2016-09-08 15:20 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-21 03:01 - 2016-09-30 17:05 - 03610344 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-10-21 03:01 - 2016-09-30 17:05 - 03557608 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-20 23:52 - 2016-10-22 20:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-20 13:30 - 2016-09-30 04:39 - 12859392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-20 13:30 - 2016-09-30 04:39 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-20 13:30 - 2016-09-30 04:37 - 09731584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-20 13:30 - 2016-09-30 04:36 - 01831424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-20 13:30 - 2016-09-30 04:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-20 13:30 - 2016-09-30 04:36 - 01095168 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-20 13:30 - 2016-09-30 04:36 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-20 13:30 - 2016-09-30 04:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-20 13:30 - 2016-09-30 04:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-10-20 13:30 - 2016-09-30 04:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-20 13:30 - 2016-09-30 04:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-20 13:30 - 2016-09-30 04:35 - 01789952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-10-20 13:30 - 2016-09-30 04:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-10-20 13:30 - 2016-09-30 04:35 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-10-15 19:05 - 2016-10-15 19:05 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\Chinwe\Downloads\flashplayer23_ga_install.exe
2016-10-15 14:21 - 2016-10-15 14:21 - 00001434 _____ C:\Users\Chinwe\AppData\Local\recently-used.xbel
2016-10-13 11:47 - 2016-10-13 11:47 - 00068610 _____ C:\Users\Chinwe\Documents\cc_20161013_114700.reg
2016-10-13 07:27 - 2016-08-10 16:43 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-13 07:26 - 2016-08-10 16:44 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-13 07:26 - 2016-08-10 14:13 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-10-13 07:23 - 2016-08-12 19:56 - 00573952 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-10-13 07:23 - 2016-08-03 16:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-10-13 07:23 - 2016-08-03 15:21 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-13 07:23 - 2016-08-03 15:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-13 07:23 - 2016-08-03 15:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-13 07:17 - 2016-08-14 16:48 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-13 07:15 - 2016-08-12 19:55 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 18:42 - 2016-10-12 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-10 19:30 - 2016-10-10 19:30 - 00062576 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00062576 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00062576 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00031856 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-06 17:49 - 2016-10-06 17:49 - 00256520 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2016-10-06 17:49 - 2016-10-06 17:49 - 00100912 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys
2016-10-05 17:08 - 2016-10-05 17:08 - 00154006 _____ C:\Users\Chinwe\Desktop\holiday.pdf
2016-10-05 16:54 - 2016-10-05 16:54 - 00493184 _____ C:\Users\Chinwe\Downloads\Absence Request Form - United Kingdom1.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 08:00 - 2016-06-01 10:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-24 07:50 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-24 07:50 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-23 00:07 - 2015-09-02 08:15 - 00000000 ____D C:\Users\Chinwe\AppData\LocalLow\360WD
2016-10-22 23:57 - 2015-08-03 11:44 - 00000000 ___RD C:\Users\Chinwe\Dropbox
2016-10-22 23:55 - 2009-04-21 20:06 - 00000276 _____ C:\Windows\Tasks\RtlNICDiagVistaStart.job
2016-10-22 20:43 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-22 20:38 - 2006-11-02 14:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-22 20:00 - 2015-07-26 23:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-21 23:19 - 2015-09-05 08:52 - 00000000 __SHD C:\$360Section
2016-10-21 23:19 - 2015-09-02 08:16 - 00000000 ____D C:\ProgramData\360Quarant
2016-10-21 17:01 - 2016-03-07 16:04 - 00000000 ____D C:\Users\Roderick\.gimp-2.8
2016-10-21 17:01 - 2015-07-21 20:09 - 00000000 ____D C:\Users\Chinwe\.gimp-2.8
2016-10-21 17:01 - 2015-07-13 02:01 - 00000000 ____D C:\Users\Chinwe\AppData\Roaming\Skype
2016-10-21 03:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2016-10-21 03:33 - 2009-04-21 20:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-21 03:31 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-10-21 03:10 - 2015-07-11 22:55 - 00000000 ____D C:\Windows\system32\MRT
2016-10-21 03:04 - 2015-08-04 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-21 03:04 - 2006-11-02 11:24 - 141042968 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-10-17 07:24 - 2009-04-21 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-10-17 07:23 - 2016-04-10 15:04 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-17 07:23 - 2016-04-10 15:04 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-17 07:23 - 2009-04-21 20:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-17 06:38 - 2015-08-27 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-10-16 23:17 - 2016-02-17 18:36 - 00000000 ____D C:\Users\Roderick\AppData\Roaming\Skype
2016-10-15 14:21 - 2015-07-21 20:10 - 00000000 ____D C:\Users\Chinwe\AppData\Local\gtk-2.0
2016-10-15 14:13 - 2015-08-13 15:33 - 00000000 ____D C:\VERY TEMP
2016-10-14 23:18 - 2015-09-12 19:06 - 00000000 ____D C:\Users\Roderick\AppData\LocalLow\360WD
2016-10-14 22:59 - 2015-08-03 16:03 - 00000000 ___RD C:\Users\Roderick\Dropbox
2016-10-14 22:53 - 2015-08-03 15:53 - 00000000 ____D C:\Users\Roderick\AppData\Local\Dropbox
2016-10-14 20:53 - 2015-08-03 10:33 - 00012288 _____ C:\Users\Chinwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-14 14:01 - 2015-11-13 18:52 - 00000632 __RSH C:\Users\Chinwe\ntuser.pol
2016-10-14 14:01 - 2015-09-02 08:16 - 00000000 ____D C:\Users\Chinwe\AppData\Roaming\360safe
2016-10-14 14:01 - 2015-07-11 12:14 - 00000000 ____D C:\Users\Chinwe
2016-10-13 11:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-10-12 18:43 - 2015-08-03 10:53 - 00000000 ____D C:\Program Files\Dropbox
2016-10-05 22:40 - 2015-09-30 13:05 - 00000944 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-10-05 22:40 - 2015-09-02 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-10-05 17:03 - 2015-11-15 15:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-10-05 16:52 - 2015-08-03 10:53 - 00000000 ____D C:\Users\Chinwe\AppData\Local\Dropbox
2016-09-28 07:52 - 2015-09-02 08:14 - 00212712 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys
2016-09-28 07:52 - 2015-09-02 08:14 - 00074472 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys

==================== Files in the root of some directories =======

2015-09-03 17:31 - 2015-09-03 17:31 - 0001866 _____ () C:\Program Files\PagePlus Starter Edition.lnk
2015-08-05 16:10 - 2015-08-05 16:10 - 0000680 _____ () C:\Users\Chinwe\AppData\Local\d3d9caps.dat
2015-08-03 10:33 - 2016-10-14 20:53 - 0012288 _____ () C:\Users\Chinwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-15 14:21 - 2016-10-15 14:21 - 0001434 _____ () C:\Users\Chinwe\AppData\Local\recently-used.xbel
2015-07-25 10:20 - 2015-07-25 10:20 - 0000000 _____ () C:\Users\Chinwe\AppData\Local\Temp.dat
2015-07-25 09:33 - 2015-07-26 11:51 - 0000112 _____ () C:\ProgramData\1p54E4aM.dat

Files to move or delete:
====================
C:\ProgramData\1p54E4aM.dat


Some files in TEMP:
====================
C:\Users\Chinwe 2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslzrno.dll
C:\Users\NWIRU\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmxci41.dll
C:\Users\Roderick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfaibve.dll
C:\Users\Roderick\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TFPL\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1odwyg.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-22 20:59

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by Chinwe (24-10-2016 08:13:17)
Running from C:\Users\Chinwe\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-04-21 19:50:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3417848519-1791217427-1439989990-500 - Administrator - Disabled)
Chinwe (S-1-5-21-3417848519-1791217427-1439989990-1000 - Administrator - Enabled) => C:\Users\Chinwe
Chinwe 2 (S-1-5-21-3417848519-1791217427-1439989990-1003 - Administrator - Enabled) => C:\Users\Chinwe 2
Guest (S-1-5-21-3417848519-1791217427-1439989990-501 - Limited - Disabled)
NWIRU (S-1-5-21-3417848519-1791217427-1439989990-1004 - Limited - Enabled) => C:\Users\NWIRU
Roderick (S-1-5-21-3417848519-1791217427-1439989990-1001 - Administrator - Enabled) => C:\Users\Roderick
TFPL (S-1-5-21-3417848519-1791217427-1439989990-1002 - Administrator - Enabled) => C:\Users\TFPL

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM\...\360TotalSecurity) (Version: 8.8.0.1080 - 360 Security Center)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0728.2150 - )
Basic PAYE Tools (HKLM\...\Basic PAYE Tools - Real Time Information) (Version: 16.1.16125.489 - HM Revenue & Customs)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
ccc-core-static (Version: 2008.0728.2151.37274 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Dropbox (HKLM\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
FREE Outlook PST File Viewer version 2.0 (HKLM\...\{FC708B30-BA65-4091-B93C-A50A367B6448}_is1) (Version: 2.0 - www.freeviewer.org)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
Java(TM) 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher 2003 (HKLM\...\{91190409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 49.0.2 (x86 en-GB)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Rapport (Version: 3.5.1609.103 - Trusteer) Hidden
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Serif PagePlus Starter Edition 4 (HKLM\...\{975944CC-90F8-43C8-9F7E-C722FC212E6B}) (Version: 4.0.0.4 - Serif (Europe) Ltd)
Skins (Version: 2008.0728.2151.37274 - ATI) Hidden
Skype™ 7.27 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.)
Smart Switch (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinPrivacy (HKLM\...\{18605281-BFFE-4968-9B86-05322D5FBB33}) (Version: 2015.6.629.0 - WinPatrol)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09624B90-141E-494F-B987-5EE714A0F552} - System32\Tasks\{D183FFAF-415B-4D02-9260-F6A2D52245BC} => pcalua.exe -a C:\Users\Chinwe\Downloads\lide90vst1300ea24(2).exe -d C:\Users\Chinwe\Downloads
Task: {22AEE7C1-823B-48BF-988D-458ABEC6B414} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2009-01-19] (Dell Inc.)
Task: {36FC663F-1934-400A-A6BD-51FC422E3AE2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-07] (Dropbox, Inc.)
Task: {58505657-23BD-469D-A298-5FDABCD7280B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-07] (Dropbox, Inc.)
Task: {58E91899-68A0-47D7-992C-38CEC4C59CF0} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {58F2880E-EF63-496C-876B-F3947C022CAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-17] (Adobe Systems Incorporated)
Task: {771527B1-8A93-4416-8968-E44CCFB967FD} - System32\Tasks\{E5FCEEC4-9F95-4F12-8BA6-1062A6DE7B33} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.18.0.112&amp;LastError=-3
Task: {8C307A85-F310-484D-81E0-6DC45E7D1DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Chinwe\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2015-09-02 08:14 - 2016-09-28 07:52 - 00099240 _____ () C:\Program Files\360\Total Security\deepscan\qutmload.dll
2009-04-21 20:03 - 2009-01-19 10:46 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-04-21 20:03 - 2009-01-19 10:41 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2015-11-15 15:29 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-04-22 04:42 - 2009-02-24 08:50 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2016-10-21 03:41 - 2016-10-21 03:41 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\484d836c7e0c2299f58905a16b51392e\VistaBridgeLibrary.ni.dll
2015-09-02 08:14 - 2016-09-28 07:52 - 00584616 _____ () C:\Program Files\360\Total Security\safemon\wdui2.dll
2016-10-12 18:42 - 2016-09-22 02:44 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-10-12 18:41 - 2016-09-22 02:44 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-10-12 18:41 - 2016-09-22 02:45 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-10-12 18:41 - 2016-09-22 02:44 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-10-12 18:42 - 2016-09-22 02:44 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-10-12 18:42 - 2016-09-22 02:44 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-10-12 18:42 - 2016-09-22 02:44 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-10-12 18:42 - 2016-09-22 02:45 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00021312 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-10-12 18:41 - 2016-09-22 02:44 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-10-12 18:41 - 2016-09-22 02:46 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00025424 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00246592 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-10-12 18:42 - 2016-09-22 02:45 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-10-12 18:42 - 2016-09-22 02:46 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-12 18:41 - 2016-09-22 02:42 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-10-12 18:41 - 2016-10-10 19:35 - 00084280 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll
2016-10-12 18:41 - 2016-10-10 19:35 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-10-12 18:42 - 2016-09-22 02:45 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 01972528 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00133424 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00224056 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-12 18:41 - 2016-10-10 19:35 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00020288 _____ () C:\Program Files\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-12 18:41 - 2016-09-22 02:49 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2016-10-12 18:41 - 2016-09-22 02:49 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2016-10-12 18:42 - 2016-09-22 02:46 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2016-10-12 18:42 - 2016-10-10 19:35 - 00024904 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2015-11-11 04:41 - 2015-11-11 04:41 - 00756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2015-10-06 09:51 - 00000763 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\Control Panel\Desktop\\Wallpaper -> J:\3 ART\ART\All Work\Water Moon III detail 1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: dellsupportcenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{E1AFF030-2750-45C1-82E3-95C81752F94C}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B6CA634C-F54A-4016-BB12-846FCCA2B216}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{67CC2B50-F98B-4BF0-9F5C-8EBAE60444B5}] => (Allow) svchost.exe
FirewallRules: [{EFEB9CB2-4396-4D99-91F6-C72DA79C3387}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A9266045-49AB-4D7F-AD77-AC9F3393E920}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F048E95F-9490-4BE2-9C5D-CF376756B3EA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1B4D8EFE-917B-4260-B440-8C135167F52A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9F9ABFDB-104C-42A4-9709-80233F4A77C3}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{133A0472-2CFE-4ADD-9A08-10393D7B5ABA}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{214CC5B8-C7E6-4AC2-9B0C-CA98B32C207B}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{79D82A4B-4620-4E84-B947-61CE7248D54B}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{40C0AF78-A768-4396-B6D1-EF3E5273E6AE}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{01956C58-32F1-4866-97CE-D6C0CF4251A3}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{70418E53-8E02-4DC0-AB37-05515D98F455}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{41B7D56A-E230-4040-9054-D3992C411562}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{3F36243B-6A76-47DB-AB3E-62CDDCB7CD76}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C5C0D1BB-EB09-4392-8EDF-B008C46E19D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6A4026DE-8E32-4BDE-AAE4-17B82716C7B7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EC3BEBB6-7A72-4AED-9B38-362D633202F1}] => (Allow) C:\Program Files\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{CC274356-C305-4EDD-87D6-935CDC082C14}] => (Allow) C:\Program Files\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{CD8649BA-6AE2-474A-9DC4-557E5853F4E5}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{FDC973B7-F6A5-42FC-8AE9-7C24AF824650}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{79ED044C-F339-448A-ABAD-8BE03A9370CF}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

02-09-2016 12:57:06 Windows Update
06-09-2016 09:44:17 Windows Update
13-09-2016 09:59:24 Windows Update
15-09-2016 21:31:13 Installed Rapport
13-10-2016 07:15:07 Windows Update
17-10-2016 06:37:34 Installed Rapport
21-10-2016 03:01:17 Windows Update
22-10-2016 20:11:13 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2016 11:57:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHINWE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CUI1MUUH.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/22/2016 08:50:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WinPrivacySvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
at Ruiware.WinPrivacy.Arsenal.Ammo.DriverSupport.RegisterDriver()
at Ruiware.WinPrivacy.Arsenal.Ammo.DriverSupport.InstallDrivers(Int32)
at Ruiware.WinPrivacy.Conduit.Filter.start()
at Ruiware.WinPrivacy.Service.MainController.MainControllerThread()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (10/22/2016 08:49:09 PM) (Source: WinPrivacy) (EventID: 0) (User: )
Description: C:\Program Files\Ruiware\WinPrivacy\Register\nfregdrv.exe not found.

Error: (10/22/2016 08:45:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/22/2016 08:09:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WinPrivacySvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
at Ruiware.WinPrivacy.Arsenal.Ammo.DriverSupport.RegisterDriver()
at Ruiware.WinPrivacy.Arsenal.Ammo.DriverSupport.InstallDrivers(Int32)
at Ruiware.WinPrivacy.Conduit.Filter.start()
at Ruiware.WinPrivacy.Service.MainController.MainControllerThread()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (10/22/2016 08:06:54 PM) (Source: WinPrivacy) (EventID: 0) (User: )
Description: C:\Program Files\Ruiware\WinPrivacy\Register\nfregdrv.exe not found.

Error: (10/22/2016 08:02:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/21/2016 04:10:10 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WinPrivacySvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
at Ruiware.WinPrivacy.Arsenal.Ammo.DriverSupport.RegisterDriver()
at Ruiware.WinPrivacy.Arsenal.Ammo.DriverSupport.InstallDrivers(Int32)
at Ruiware.WinPrivacy.Conduit.Filter.start()
at Ruiware.WinPrivacy.Service.MainController.MainControllerThread()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (10/21/2016 03:41:48 AM) (Source: WinPrivacy) (EventID: 0) (User: )
Description: C:\Program Files\Ruiware\WinPrivacy\Register\nfregdrv.exe not found.

Error: (10/21/2016 03:36:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/23/2016 12:41:11 AM) (Source: Print) (EventID: 6161) (User: Chinwe-PC)
Description: The document Ondo Forestry - Oluwa Gazette No 25 of 1950.pdf, owned by Chinwe, failed to print on printer Canon Inkjet iP4200. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 207399100. Number of bytes printed: 165639272. Total number of pages in the document: 9. Number of pages printed: 1. Client computer: \\CHINWE-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.

Error: (10/22/2016 08:50:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WinPrivacySvc service terminated unexpectedly. It has done this 1 time(s).

Error: (10/22/2016 08:49:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ruinetf service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/22/2016 08:45:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ruinetf

Error: (10/22/2016 08:22:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/22/2016 08:22:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (10/22/2016 08:17:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2016 08:17:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/22/2016 08:17:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (10/22/2016 08:17:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2016-10-24 08:13:08.651
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:08.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:08.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:07.918
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:07.624
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportHades.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:07.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportHades.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:07.130
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportHades.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:06.886
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportHades.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:05.935
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\360Box.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-24 08:13:05.691
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\360Box.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 55%
Total physical RAM: 3326.26 MB
Available physical RAM: 1486.65 MB
Total Virtual: 6888.38 MB
Available Virtual: 4441.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.68 GB) (Free:111.1 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.33 GB) NTFS
Drive j: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:1398.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 92B06E63)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Ran FRST. The Fixlog attached.

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by Chinwe (25-10-2016 11:49:07) Run:1
Running from C:\Users\Chinwe\Desktop
Loaded Profiles: Chinwe (Available Profiles: Chinwe & Roderick & TFPL & Chinwe 2 & NWIRU)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy\User: Restriction ? <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3417848519-1791217427-1439989990-1004\User: Restriction <======= ATTENTION
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{19497F73-66F4-4087-8D86-71D81EF32BFF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C31F2C8F-8F87-423B-A060-B92EE705A9B0}: [DhcpNameServer] 163.244.4.254 163.244.76.254
SearchScopes: HKU\S-1-5-21-3417848519-1791217427-1439989990-1000 -> DefaultScope {F43F4CE3-2CF5-4B0E-8AC3-1B14D7033204} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3417848519-1791217427-1439989990-1000 -> {F43F4CE3-2CF5-4B0E-8AC3-1B14D7033204} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Extension: (MyTransitGuide) - C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default\Extensions\_b7Members_@free.mytransitguide.com [2016-10-21]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S1 ruinetf; system32\drivers\ruinetf.sys [X]
2015-09-03 17:31 - 2015-09-03 17:31 - 0001866 _____ () C:\Program Files\PagePlus Starter Edition.lnk
2015-08-05 16:10 - 2015-08-05 16:10 - 0000680 _____ () C:\Users\Chinwe\AppData\Local\d3d9caps.dat
2015-08-03 10:33 - 2016-10-14 20:53 - 0012288 _____ () C:\Users\Chinwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-15 14:21 - 2016-10-15 14:21 - 0001434 _____ () C:\Users\Chinwe\AppData\Local\recently-used.xbel
2015-07-25 10:20 - 2015-07-25 10:20 - 0000000 _____ () C:\Users\Chinwe\AppData\Local\Temp.dat
2015-07-25 09:33 - 2015-07-26 11:51 - 0000112 _____ () C:\ProgramData\1p54E4aM.dat
C:\ProgramData\1p54E4aM.dat
Task: {09624B90-141E-494F-B987-5EE714A0F552} - System32\Tasks\{D183FFAF-415B-4D02-9260-F6A2D52245BC} => pcalua.exe -a C:\Users\Chinwe\Downloads\lide90vst1300ea24(2).exe -d C:\Users\Chinwe\Downloads
Task: {22AEE7C1-823B-48BF-988D-458ABEC6B414} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2009-01-19] (Dell Inc.)
Task: {36FC663F-1934-400A-A6BD-51FC422E3AE2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-07] (Dropbox, Inc.)
Task: {58505657-23BD-469D-A298-5FDABCD7280B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-07] (Dropbox, Inc.)
Task: {58E91899-68A0-47D7-992C-38CEC4C59CF0} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {58F2880E-EF63-496C-876B-F3947C022CAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-17] (Adobe Systems Incorporated)
Task: {771527B1-8A93-4416-8968-E44CCFB967FD} - System32\Tasks\{E5FCEEC4-9F95-4F12-8BA6-1062A6DE7B33} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.18.0.112&amp;LastError=-3
Task: {8C307A85-F310-484D-81E0-6DC45E7D1DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3417848519-1791217427-1439989990-1004\User => moved successfully
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19497F73-66F4-4087-8D86-71D81EF32BFF}\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C31F2C8F-8F87-423B-A060-B92EE705A9B0}\\DhcpNameServer => value removed successfully.
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F43F4CE3-2CF5-4B0E-8AC3-1B14D7033204}" => key removed successfully.
HKCR\CLSID\{F43F4CE3-2CF5-4B0E-8AC3-1B14D7033204} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
C:\Users\Chinwe\AppData\Roaming\Mozilla\Firefox\Profiles\cui1muuh.default\Extensions\_b7Members_@free.mytransitguide.com => moved successfully
dbx => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
PCD5SRVC{3F6A8B78-EC003E00-05040104} => service removed successfully.
ruinetf => service removed successfully.
C:\Program Files\PagePlus Starter Edition.lnk => moved successfully
C:\Users\Chinwe\AppData\Local\d3d9caps.dat => moved successfully
C:\Users\Chinwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Chinwe\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Chinwe\AppData\Local\Temp.dat => moved successfully
C:\ProgramData\1p54E4aM.dat => moved successfully
"C:\ProgramData\1p54E4aM.dat" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09624B90-141E-494F-B987-5EE714A0F552}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09624B90-141E-494F-B987-5EE714A0F552}" => key removed successfully.
C:\Windows\System32\Tasks\{D183FFAF-415B-4D02-9260-F6A2D52245BC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D183FFAF-415B-4D02-9260-F6A2D52245BC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22AEE7C1-823B-48BF-988D-458ABEC6B414}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22AEE7C1-823B-48BF-988D-458ABEC6B414}" => key removed successfully.
C:\Windows\System32\Tasks\Launch BCM WLAN Tray => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Launch BCM WLAN Tray" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36FC663F-1934-400A-A6BD-51FC422E3AE2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FC663F-1934-400A-A6BD-51FC422E3AE2}" => key removed successfully.
C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58505657-23BD-469D-A298-5FDABCD7280B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58505657-23BD-469D-A298-5FDABCD7280B}" => key removed successfully.
C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineCore" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58E91899-68A0-47D7-992C-38CEC4C59CF0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58E91899-68A0-47D7-992C-38CEC4C59CF0}" => key removed successfully.
C:\Windows\System32\Tasks\RtlNICDiagVistaStart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RtlNICDiagVistaStart" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58F2880E-EF63-496C-876B-F3947C022CAF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58F2880E-EF63-496C-876B-F3947C022CAF}" => key removed successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{771527B1-8A93-4416-8968-E44CCFB967FD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{771527B1-8A93-4416-8968-E44CCFB967FD}" => key removed successfully.
C:\Windows\System32\Tasks\{E5FCEEC4-9F95-4F12-8BA6-1062A6DE7B33} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5FCEEC4-9F95-4F12-8BA6-1062A6DE7B33}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C307A85-F310-484D-81E0-6DC45E7D1DF9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C307A85-F310-484D-81E0-6DC45E7D1DF9}" => key removed successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A728AE6B-5AB8-4223-AD3E-E6341441A01C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A728AE6B-5AB8-4223-AD3E-E6341441A01C}" => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System\ConvertLogEntries" => key removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3417848519-1791217427-1439989990-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44812339 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 13546 B
Edge => 0 B
Chrome => 0 B
Firefox => 370392935 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42658428 B
LocalService => 3404470 B
NetworkService => 7144 B
Chinwe => 5809633 B
Roderick => 122578081 B
TFPL => 14270629 B
Chinwe 2 => 51752883 B
NWIRU => 55371572 B

RecycleBin => 45263949 B
EmptyTemp: => 729.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:51:31 ====

Firefox now working! Thank you. It did open with the same "myTransitGuide" first time but after changing the home page and restarting it was back to my original settings. The only problem at the moment is that it is exceptionally slow! Being an 8/9 year old Dell Studio running on Vista it isn't usually quick but it is very slow at the moment - took over 10 mins to Restart and open Firefox. I'm assuming that it's still digesting the changes - if that's the right way to describe a computer's actions - and that it will speed up in time or are you able to tell from the fixlog?

Hi Malnutrition,
I've carried out those scans with some degree of success. ADWcleander and Junkeware Removal Tool both scanned, cleaned and produced report logs attached. The Adware Removal Tool Scanned and cleaned, it didn't produce a log but saved a folder on desktop called "Old Firefox Data" which in turn contains 20 or so sub folders such as 'crashes', 'minidumps' and 'storage'. ZHP cleaner scanned cleaned and produced attached report. I opened the Zemana AntiMalware! site and downloaded Zemana.AntiMalware.Setup.exe but cannot persuade it to run. I've tried double clicking - nothing - then opening the Contasining Folder and then 'Run as Administrator' but still nothing happens ( this has very occasionally happened in the past with programmes I've downloaded)
K

I have just run Adware Removal Tool again and the scan showed there no problems found so guess anything it found before has been resolved.

The PC is now certainly running much quicker. Not back to original speeds but it certainly takes less than the 15 mins from Start to functioning.

Actually I think it is something during the cleaning process that is stopping me running downloaded programmes. I've just downloaded Whatsapp (that the cleanup has removed) to run on my PC as before. WhatsAppSetup.exe is in the Download folder but I can't make it run. I guess, at the moment, this may apply to other programmes I download.

Away for the weekend!
I'm having problems following the instructions to the letter! Did a Direct Download from Tweaking.com Then restarted in Safe Mode. But then I had the same problems as before as I can't run it from the Download folder.

I click "Run as Administrator" but nothing happens.
I've just checked it in Standard Mode and the Setup window has opened.

Checking with you first to see if should run this but not in Safe Mode

Ran the tweaking.com successfully. It didn't produce a report although I did make a copy of the Prescan. It seems the problem files were in 'Environment Variables'.
The PC is definitely operating much quicker now. I haven't put it to the early morning test yet but opening up and working with various Office programs, Gimp, UK HMRC (=IRS) folders etc is markedly quicker.

Many thanks