Solved What is HDD Free Hex Editor Neo 6.10 and what does it do?

March 23, 2015 at 15:51:55
Specs: Windows 7, 4gb
What is HDD Free Hex Editor Neo 6.10? Unbeknown to me, this file was downloaded on my PC. I have not installed it as I don't have any idea what it does or what it's for. Can a user with only medium expertise benefit from this file. Can anyone please tell me what this is?

See More: What is HDD Free Hex Editor Neo 6.10 and what does it do?

Report •

#1
March 23, 2015 at 16:04:27
Unless you are into editing program files then you don't need it. It appears to be safe though. What bothers me more is why it suddenly arrived.

Maybe you accidentally clicked the download, but just as a very basic check run this to see if it shows up any malware:

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

If it finds anything let us know and copy / paste the log on here please.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#2
March 23, 2015 at 17:03:18
Thank you Derek, I downloaded the AdwCleaner on the http://www.bleepingcomputer.com/dow website. I hope you believe me when I say I couldn't possibly copy and paste all of the files and folders that the cleaner deleted, it would take several pages. I will paste the services that it deleted but not the pages of "Folders, Tasks, Keys and files. It would be just too much. The Services are;

.[#] Service Deleted : MaintainerSvc3.32.7672459
Service Deleted : YahooAUService
Service Deleted : {f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64

I always used the Yahoo and Google toolbars and it removed them. I will leave my PC the way it is now and I'm sure I will see some improvement and if the toolbars were slowing me down I will do without them.
So Derek, this has left me feeling a little sheepish but hopefully I've learned a little. And thank you for introducing me to the AdwCleaner and bleepingcomputer website.
Thank you much again.


Report •

#3
March 23, 2015 at 17:39:09
✔ Best Answer
Length of the log file is no big issue here - we have scroll bars so it won't take up any more physical space. I would very much like to see it.

Sorry to spoil your day but AdwCleaner was a very basic check and your computer is unlikely to be anywhere near clean. You need to run a couple more programs just to break the surface. Here is the first:

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

Please copy / paste the log for that one too. It's likely to be smaller now some badies have been removed.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

Related Solutions

#4
March 23, 2015 at 20:44:49
Also download and use Ccleaner Slim regularly. Get it from the link below.

https://www.piriform.com/ccleaner/b...


Report •

#5
March 25, 2015 at 17:22:18
Hi Derek, I'm sorry it took awhile to answer. I have now used the Junkware Removal Tool and I will keep both programs and use them as needed. Thank you very much again. I'm sorry that I no longer have access to the AdwCleaner Log but I have copied the JRT Log and I will paste it here. After using the Adw, the JRT was still able to find a considerable amount of "Junk" to delete. I honestly did not know that my PC was so sick. I guess at 71 I can still learn. Thank you again and here is the log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x64
Ran by James on Wed 03/25/2015 at 18:02:30.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FileShareFanatic_8l.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FileShareFanatic_8l.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1

~~~ Files

Successfully deleted: [File] "C:\Users\James\desktop\speedypc pro.lnk"
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_BA9226F4-3D073F18.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Successfully deleted: [File] "C:\Windows\reimage.ini"
Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\James\AppData\Roaming\flexnet"
Successfully deleted: [Folder] "C:\Users\James\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{0348F87A-6756-4805-BE59-BF61734C439C}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{043442AF-7751-4E0D-951C-318917CC46BF}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{0499F28E-8B2B-4E5C-BF9D-E195E4B72781}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{1358F2B7-9F83-42D5-94D6-6DB972C1FB59}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{173839D7-00B8-41CA-8BF9-2A368589A3F0}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{18FC6DDE-FF4A-488B-8BFB-0FE8A012E2A2}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{1932675E-BCAA-4581-BA1C-A6A70B2BC420}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{1C453485-3647-4D47-BF69-547BECE90A8B}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{1D1577BE-0D59-4C4B-8BD4-D9CA3A3ED901}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{250B34D4-3AAA-41F4-A031-0D3E3ECC5629}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{2FAB081E-5FFC-4C63-84E1-58CD1DE5C255}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{324D5FB1-615C-40D5-8AE3-53DBAD3FC64B}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{339F2E30-6E12-4490-921C-C73751440266}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{3D59C749-3687-43D7-B17E-FB6966DDB6F3}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4238DB9F-1E45-4FF5-A3E6-E66B292B4059}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{43016A0F-B67B-4724-92CF-FCEE14435F72}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{431A04E2-136C-490D-8421-85DDBB2630A3}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{482FF64C-E558-4EF0-9871-22BD9577F162}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4F70C2EE-568D-4F24-B095-7C828CC7CE24}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{63A4CF4A-5AFB-434B-B7DA-F131644087F7}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{6743BE8F-FAAA-454C-8564-933601C99582}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{73B5451F-DC4F-4CB7-9B3C-A995CDF07CC6}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{74EC8A3D-A680-44EB-8792-7AEEF6C787E9}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{78AC5B57-CFEE-4569-AA7E-0B6A64902B90}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{7B81F20B-1024-45F8-B9B0-9C556E0120A8}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{92D303DC-B2EF-4444-99A2-B90B330EC59C}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{93E74996-D6E9-4669-AD8E-813A2B41E8B7}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{963BED27-71C5-4D55-A748-F35C82BB24B9}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{A8519A9F-EF0B-4569-A7A7-3BEB95ADC4C0}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{AE1ED1F4-DD74-4F3E-B99F-06307B902E56}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{AE85524C-B59A-4C50-80F4-557B1406842B}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{AEF771CE-1C19-450F-9390-FA81C10C3D49}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{B1774314-E391-4698-8DD5-4FE9C573F287}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{B57659A5-6C29-4D51-AC05-0FC5DED92860}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{B616AB41-8EC6-4602-9639-35669AB081E3}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{B714189A-1E8C-4165-AFB8-26DE97B90000}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{C0C83F08-B824-43A3-B4BF-11B3C964DDF2}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{CDB74727-1393-41D5-A77B-08661F19A64F}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{D3681D9E-7732-4971-BF05-E1540403B758}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{D70AD47D-AEC4-4C76-8994-B7DDFC894AB9}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{DA6D3AB7-90DE-4F1A-B60A-F6635D60C786}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{DBCD363C-41EC-458A-ABFE-32AB675E60A0}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{DF1256D9-770D-4660-874B-F67FCFD3CA63}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{E1CB32FB-31E8-46D0-B4D4-734E423B3336}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{EF1ABC37-C159-4215-AC04-30FBD3A08F8E}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{F1FC6E0B-4F75-42F0-A8DC-313D9405CC83}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{F618DA91-A193-4E61-A847-C0830CD2A1F3}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/25/2015 at 18:05:46.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

message edited by james442007


Report •

#6
March 25, 2015 at 17:43:34
Hello OtheHill, Thank you for your answer and the time you took to answer. I had already tried the solution that Derek gave and now the follow up and it deleted and cleaned so many files on my PC. I will use my computer for awhile and see what the difference is but I will keep your solution also in case I were to need it at a later date.
Thanks again and I love your handle, wish I'd thought of it. ;-)

Report •

#7
March 25, 2015 at 18:16:09
Fine but I doubt it has found much more than half of it. You really ought to now run this one as a minimum:

MalwareBytes:
http://filehippo.com/download_malwa...
(green Download button top right - not anything else on the page)
Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Please copy / paste this log on here too.

[These three programs are what I call "first aid" so it would be a pity if we don't even get to that stage and risk something raising its head again]

Err....don't worry about age - I'm well ahead of you (not the only one around here either)

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#8
March 26, 2015 at 17:10:18
I ran the Malwarebytes program and it really messed up my PC. It would freeze, folders that I have and other files would not open, it just seemed to scramble my PC. The only way I found to correct the mess was, I was able to open the restore program in my PC and I ran it back to an earlier date. I went back to the Malwarebytes website and read some of the reviews and it seems others have had problems with the latest version of the program and a couple of them suggested running an earlier version of the program.so I downloaded and ran version 2.0.2 and I will paste the logs from it. There were two logs that were listed, one was labled "mbam-log 2015-03-26" and the other was "protection-log-2015-03-26". The "mbam-log" is by far the longest and I will paste it first. The 2nd and much shorter will follow. See what you think. And Thanks.
mbam-log: <?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2015/03/26 17:08:04 -0600</date>

<logfile>mbam-log-2015-03-26 (17-07-54).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.2.1012</version>

<malware-database>v2015.03.26.07</malware-database>

<rootkit-database>v2015.03.26.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>James</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>353847</objects>

<time>961</time>

<processes>0</processes>

<modules>0</modules>

<keys>23</keys>

<values>1</values>

<datas>0</datas>

<folders>12</folders>

<files>44</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64</path>

<vendor>PUP.Optional.Sanbreel.A</vendor>

<action>success</action>

<hash>5bc4e268c2c8ba7c6bcf26b910f329d7</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>9887ce7cc9c141f578dad7f0dd26659b</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\FileShareFanatic_8l</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>67b80f3b1575d0665555688441c2649c</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\InboxAce_1g</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>6bb4c7836f1be650a7f74deb21e453ad</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MapsGalaxy_39</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>59c60a4097f3ba7c275d3efab94c6a96</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\mystarttb</path>

<vendor>PUP.Optional.MyStart.A</vendor>

<action>success</action>

<hash>e936f4564e3c0a2c1bfc03d861a2cf31</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\SweetIM</path>

<vendor>PUP.Optional.SweetIM.A</vendor>

<action>success</action>

<hash>e23d96b43258b284cc018b3bee159e62</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\VideoDownloadConverter_4z</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>28f7b892503ad066bbdf72c66b9acb35</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>a67980ca8a001c1a4909319614efbd43</hash>

</key>


-<key>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc3.32.7672459</path>

<vendor>PUP.Optional.MaintainerSvc.A</vendor>

<action>success</action>

<hash>a27d103aa0ea06307fd54ff6a0659f61</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FileShareFanatic_8l</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>ab740b3fdab086b07c2fe00c857ef20e</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\InboxAce_1g</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>a57a2d1d0d7d15211d82073123e27d83</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MapsGalaxy_39</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>e639b199dbaf80b6dda8ea4e46bf3dc3</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SweetIM</path>

<vendor>PUP.Optional.SweetIM.A</vendor>

<action>success</action>

<hash>fa25b397e6a4989e8e3e41859c674fb1</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VideoDownloadConverter_4z</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>1d0274d66b1f62d42b70f246c243857b</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FileShareFanatic_8l</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>76a902482169ac8ab8f4529ac83b5fa1</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\InboxAce_1g</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>c8577dcd6f1be84e8bf6b33a25de9d63</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>c15e3713e5a5bd79ee85e9047c879e62</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>3be4bc8e98f21e1890ef0be20ef59070</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>4bd43b0fb0da83b364efc10626dd07f9</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path>

<vendor>PUP.Optional.InstallCore.A</vendor>

<action>success</action>

<hash>6bb404464545ae889e639177030135cb</hash>

</key>


-<key>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path>

<vendor>PUP.Optional.InstallCore.A</vendor>

<action>success</action>

<hash>f728eb5f098139fd8a50fe1f877ef010</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Soft-Now bundle</path>

<vendor>PUP.Optional.SweetPacks.A</vendor>

<action>success</action>

<hash>1708fc4e5e2c13230889663a3ac96898</hash>

</key>


-<value>

<path>HKU\S-1-5-21-602785546-891173919-1512416085-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path>

<valuename>tb</valuename>

<vendor>PUP.Optional.InstallCore.A</vendor>

<action>success</action>

<valuedata>0X1L1C1C1J2Z</valuedata>

<hash>f728eb5f098139fd8a50fe1f877ef010</hash>

</value>


-<folder>

<path>C:\Users\James\AppData\Roaming\CONTENTEXPLORER</path>

<vendor>PUP.Optional.ContentExplorer.A</vendor>

<action>success</action>

<hash>8b94f951deac80b6e0894fab1ae99070</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Roaming\OPENCANDY</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>b86717333b4f7db9306ced8a3bc831cf</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Roaming\OPENCANDY\2A6918C7AF124FFD8F7F16F01FD09590</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>b86717333b4f7db9306ced8a3bc831cf</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Roaming\OPENCANDY\70D25F0DC2414A9D816D8A9DE5F48466</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>b86717333b4f7db9306ced8a3bc831cf</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SWEETPACKS BUNDLE UNINSTALLER_REALPLAYER_1425585</path>

<vendor>PUP.Optional.SweetPacks.A</vendor>

<action>success</action>

<hash>1708fc4e5e2c13230889663a3ac96898</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\OILKKKEFBALMBFPPGJMGJOEFBCLEBKCE</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\OILKKKEFBALMBFPPGJMGJOEFBCLEBKCE\0.3.9_0</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\OILKKKEFBALMBFPPGJMGJOEFBCLEBKCE\0.3.9_0\js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\OILKKKEFBALMBFPPGJMGJOEFBCLEBKCE\0.3.9_0\lib</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\jmbmildjdmppofnohldicmnkojfhggmb</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</folder>


-<folder>

<path>C:\Users\James\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\_metadata</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</folder>


-<file>

<path>C:\Users\James\Documents\RealPlayer_TSV39IPI9.exe</path>

<vendor>PUP.Optional.ClientConnect</vendor>

<action>success</action>

<hash>fb2474d6d1b9cb6be08cb4180ef316ea</hash>

</file>


-<file>

<path>C:\Users\Public\Documents\VideoDownloadConvert.exe</path>

<vendor>PUP.Optional.MindSpark.A</vendor>

<action>success</action>

<hash>51ce8ebc8307f93df1a2ced2a560db25</hash>

</file>


-<file>

<path>C:\Windows\System32\drivers\{F0087990-17D0-4537-AD91-6A7A9C5C1B37}GW64.SYS</path>

<vendor>PUP.Optional.Sanbreel.A</vendor>

<action>success</action>

<hash>5bc4e268c2c8ba7c6bcf26b910f329d7</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Roaming\ContentExplorer\RootCert.cer</path>

<vendor>PUP.Optional.ContentExplorer.A</vendor>

<action>success</action>

<hash>8b94f951deac80b6e0894fab1ae99070</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Roaming\ContentExplorer\loader.dat</path>

<vendor>PUP.Optional.ContentExplorer.A</vendor>

<action>success</action>

<hash>8b94f951deac80b6e0894fab1ae99070</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Roaming\ContentExplorer\storage.bin</path>

<vendor>PUP.Optional.ContentExplorer.A</vendor>

<action>success</action>

<hash>8b94f951deac80b6e0894fab1ae99070</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Roaming\OpenCandy\2A6918C7AF124FFD8F7F16F01FD09590\AVG Safeguard.exe</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>b86717333b4f7db9306ced8a3bc831cf</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Roaming\OpenCandy\2A6918C7AF124FFD8F7F16F01FD09590\AVG_Toolbar_CB_ALL_p3v5.exe</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>b86717333b4f7db9306ced8a3bc831cf</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Roaming\OpenCandy\70D25F0DC2414A9D816D8A9DE5F48466\AVG Safeguard.exe</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>b86717333b4f7db9306ced8a3bc831cf</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Roaming\OpenCandy\70D25F0DC2414A9D816D8A9DE5F48466\AVG_Toolbar_CB_ALL_p3v5.exe</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>b86717333b4f7db9306ced8a3bc831cf</hash>

</file>


-<file>

<path>C:\Program Files (x86)\sweetpacks bundle uninstaller_RealPlayer_1425585\uninstaller.exe</path>

<vendor>PUP.Optional.SweetPacks.A</vendor>

<action>success</action>

<hash>1708fc4e5e2c13230889663a3ac96898</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\js\background.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\js\bootstrap.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\js\newtab.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\js\opentab.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\idbstore.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\aes.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\angular-animate.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\angular-route.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\angular.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\async.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\aws-sdk-2.0.0-rc9.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\eventsource.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\jquery-2.1.1.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\jquery-ui-1.10.3.custom.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\jquery.inview.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\js-canvas-to-blob.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\lodash.underscore.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\md5.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\mixins.loadash.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\moment-with-langs.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\moment.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\phoneformat.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\sortable.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\TweenMax.min.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib\utils.js</path>

<vendor>PUP.Optional.Vosteran.A</vendor>

<action>success</action>

<hash>70af14360684b284c852b0f89172a55b</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\ay.js</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\content.js</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\icon128.png</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\icon16.png</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\icon48.png</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\manifest.json</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\static.js</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</file>


-<file>

<path>C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\_metadata\verified_contents.json</path>

<vendor>PUP.Optional.ArcadeYum.A</vendor>

<action>success</action>

<hash>c65985c57515201648b18b1f8182916f</hash>

</file>

</items>

</mbam-log>

2. protection-log:
<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record toVersion="2015.3.9.1" name="Remediation Database" last_modified_tag="06c13913-ea55-4460-8b89-54f7da699b33" fromVersion="2013.10.16.1" systemname="JAMES-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-03-26T17:07:51.648555-06:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.3.26.1" name="Rootkit Database" last_modified_tag="f04730ad-5798-4257-a1c0-c66dd2772bdd" fromVersion="2014.2.20.1" systemname="JAMES-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-03-26T17:07:53.582959-06:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.3.26.7" name="Malware Database" last_modified_tag="c5ce3b46-de0e-459c-88d3-8ac0bd6a37f7" fromVersion="2014.3.4.9" systemname="JAMES-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-03-26T17:08:02.693375-06:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="211fbf02-3f47-4336-9c0b-8fb87175a25b" systemname="JAMES-PC" username="SYSTEM" type="Error" source="Manual" datetime="2015-03-26T17:08:03.566976-06:00" LoggingEventType="4" severity="debug" message="" code="0"/>

<record last_modified_tag="403990d2-25d1-4e88-8890-87aa248864da" systemname="JAMES-PC" username="SYSTEM" type="Error" source="Manual" datetime="2015-03-26T17:08:03.582576-06:00" LoggingEventType="4" severity="debug" message="" code="0"/>

</logs>


Report •

#9
March 26, 2015 at 17:17:10
Hi James, xml is too hard to read, we need an ordinary text file please.

If you misplace your log, here are ways to find.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
http://i.imgur.com/ZZ1trsv.gif
http://i.imgur.com/LL0K3qs.gif
Or,
(Export log to save as txt)
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
http://i.imgur.com/LNl3Sgw.gif
http://i.imgur.com/xGJgawB.gif


Report •

#10
March 26, 2015 at 17:17:32
As you have rolled back you should run AdwCleaner again (my #1),
followed by Junkware Removal Tool (my #3).
... and copy/paste both logs on here.

EDIT:
I see Johnw has joined us (we overlapped). He is most expert at security issues so best await his say so on the above.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#11
March 27, 2015 at 06:49:27
james, I have been here as OtheHill for around 14 years.

Ccleaner is safe to use and I recommend using it frequently, if not daily, depending on your internet habits.

As Derek has indicated, diligence may require the use of multiple tools. Ccleaner isn't a tool to repair after an issue. It is best used frequently to avoid some problems. It is NOT, however, an antivirus tool. You also need ONE of those too.

I know many of the responses in this thread do not deal with your original query. For my self, the question might indicate your computer knowledge level, so additional advice may be helpful to you.


Report •

#12
March 27, 2015 at 17:07:25
Thank you for the advice OtheHill, I have downloaded and I will use the program. Because I was disabled I was retired early so I have been on my laptop for a long time. So I do know my way around the computer to use it but as far as fixing bugs and understanding the workings, I am a novice. So I really do thank you and the others for the time you have taken and the advice you have given. Thanks again OtheHill.

Report •

#13
March 27, 2015 at 17:34:24
Thank you JohnW, I opened the MBAM program, clicked on History, Application Logs and double clicked the only file that was there. The Protection Log. I exported the file to my desktop and I copied it and will paste it here. This file is no where near as long as the hml file that I pasted but it was all that I could open. If I need to run the scan again I will. Thank you.

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/27/2015 4:11:03 PM, SYSTEM, JAMES-PC, Manual, Malware Database, 2015.3.26.7, 2015.3.27.10,
Update, 3/27/2015 4:11:32 PM, SYSTEM, JAMES-PC, Manual, program, 2.0.2.1012, 2.0.4.1028,

(end)


Report •

#14
March 27, 2015 at 17:36:54
Derek, I will run both of them again and I will paste the logs here. Thanks again.

message edited by james442007


Report •

#15
March 28, 2015 at 17:05:40
Derek, I ran Both files again but it seems as though I can only paste one per post as the cleaners shut down my Internet Explorer while cleaning and I lose the 1st one pasted. So here is the 3rd one, JRT, and I'll paste the AdwCleaner Logs in the post following. I'm sure that's clear as mud. Thank you again.

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by James on Sat 03/28/2015 at 17:52:45.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FileShareFanatic_8l.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FileShareFanatic_8l.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1

~~~ Files

Successfully deleted: [File] "C:\Users\James\desktop\speedypc pro.lnk"
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Failed to delete: [Folder] "C:\Users\James\AppData\Roaming\flexnet"
Successfully deleted: [Folder] "C:\Users\James\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{2AFC3534-8957-42B8-86E9-821EDBD5A0C8}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4E91257A-393C-4B2F-81C5-9120ACFB3C80}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/28/2015 at 17:56:03.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

message edited by james442007


Report •

#16
March 28, 2015 at 17:12:50
Stay online please James, I'm here & will once I have looked at both logs, give you the next step.


Report •

#17
March 28, 2015 at 17:25:44
Derek, Okay, because I failed to save the AdwCleaner Log I had to run it again and of course, there is much less to copy this 2nd run. I hate to admit to being stupid so I'll blame it on being tired. But JohnW, I'll stay online when I paste this. Here Is the AdwCleaner Log. Thanks again Derek.

# AdwCleaner v4.113 - Logfile created 28/03/2015 at 18:14:34
# Updated 22/03/2015 by Xplode
# Database : 2015-03-28.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [22168 bytes] - [23/03/2015 17:18:49]
AdwCleaner[R1].txt - [864 bytes] - [28/03/2015 18:12:54]
AdwCleaner[S0].txt - [21439 bytes] - [23/03/2015 17:22:22]
AdwCleaner[S1].txt - [792 bytes] - [28/03/2015 18:14:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [850 bytes] ##########


Report •

#18
March 28, 2015 at 17:27:17
Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.

message edited by Johnw


Report •

#19
March 28, 2015 at 17:59:11
Thanks James - I'm still watching but I'll leave you to run with Johnw who is expert in these clean-ups.

Always pop back and let us know the outcome - thanks


Report •

#20
March 28, 2015 at 18:30:13
Johnw, Here is the scan log from the RogueKiller Program. I've been studying it and I don't know what I should check to have it deleted. I did look at the user guide and I am still unsure. Before I hit delete can you help me with it? Thanks

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : James [Administrator]
Started from : C:\Users\James\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/28/2015 18:44:37

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PPort11reminder : "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://us-mg5.mail.yahoo.com/neo/l... -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://us-mg5.mail.yahoo.com/neo/l... -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80EC5489-6ADB-4A8C-9364-C78D3C918926} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C445D7E6-5A6A-4ABC-A3AD-97BD1A6AAE14} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80EC5489-6ADB-4A8C-9364-C78D3C918926} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C445D7E6-5A6A-4ABC-A3AD-97BD1A6AAE14} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{80EC5489-6ADB-4A8C-9364-C78D3C918926} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C445D7E6-5A6A-4ABC-A3AD-97BD1A6AAE14} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 6d866f1f481fa11e4e3d78e341511d06
[BSP] 1e022fe023e8a171d332544f0b70c1a0 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


Report •

#21
March 28, 2015 at 18:35:04
Extract from my instructions James.

"Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"."


Report •

#22
March 28, 2015 at 18:47:36
Next step after you have finished RogueKiller.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#23
March 28, 2015 at 18:47:57
I stopped at the Windows XP instructions. Sorry I missed that. Nothing was checked, I left everything unchecked and pressed Delete and I would think this log is the same as the first. And I do appreciate your help.

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : James [Administrator]
Started from : C:\Users\James\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/28/2015 19:37:58

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PPort11reminder : "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://us-mg5.mail.yahoo.com/neo/l... -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://us-mg5.mail.yahoo.com/neo/l... -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80EC5489-6ADB-4A8C-9364-C78D3C918926} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C445D7E6-5A6A-4ABC-A3AD-97BD1A6AAE14} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80EC5489-6ADB-4A8C-9364-C78D3C918926} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C445D7E6-5A6A-4ABC-A3AD-97BD1A6AAE14} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{80EC5489-6ADB-4A8C-9364-C78D3C918926} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C445D7E6-5A6A-4ABC-A3AD-97BD1A6AAE14} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 6d866f1f481fa11e4e3d78e341511d06
[BSP] 1e022fe023e8a171d332544f0b70c1a0 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK


Report •

#24
March 28, 2015 at 18:50:58
Thank you for your help Derek and glad you're still around.

Report •

#25
March 28, 2015 at 18:52:16
"Sorry I missed that"
No problem James, manuals, instructions & all that stuff are hard to read.

Just in case you missed it, refer my post #22


Report •

#26
March 29, 2015 at 13:11:37
Hello johnw, I'm back and I just ran the Farbar Recovery Scan Tool and I will post the links here. Thank you for staying with me.

Frst.txt
.http://www33.zippyshare.com/v/iTLuig7K/file.html
Addition.txt;
http://www33.zippyshare.com/v/l51wj...


Report •

#27
March 29, 2015 at 16:26:56
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.15.0 - SpeedyPC Software) <==== ATTENTION
Task: {1C13A0C7-0EFF-4A56-B5F4-C002ED1FDF43} - System32\Tasks\PC Health Advisor_sch_0E994479-7694-11E4-94E4-5404A647DA70 => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION
Task: {68BE9BBE-1A2D-4FC3-8E47-6C8093C1E926} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {9D441058-0050-4A06-8A29-23113A4B0F37} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
Task: {9FCBF359-A901-476F-BB89-785B8F199510} - System32\Tasks\SpeedyPC Pro_sch_52921290-9AC2-11E4-9D1C-5404A647DA70 => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: {AB6C6CA1-3318-4E78-BA2F-8B689A4834C2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B915EC26-7A56-44D0-B7E5-E177857E421A} - System32\Tasks\SpeedyPC Update Version3_triggeronce => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
Task: {BF7A6240-19DC-480D-962B-BF7E619F1215} - System32\Tasks\SpeedyPC Pro Startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: {C6916DB3-18B3-46AC-ACEB-4CD640FB91FC} - System32\Tasks\{7827D9AC-05F1-444C-93FD-1C14F72687DD} => pcalua.exe -a "C:\Users\James\AppData\Local\Temp\Temp1_Synaptics PS2 Port TouchPad 84e9a31df045bc07862cb4cfe2bb5194.zip\Setup.exe"
Task: C:\Windows\Tasks\PC Health Advisor_sch_0E994479-7694-11E4-94E4-5404A647DA70.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro Startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro_sch_52921290-9AC2-11E4-9D1C-5404A647DA70.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Windows\system32\rundll32.exeMC:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Update Version3_triggeronce.job => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:F0B1838C
AlternateDataStreams: C:\Users\Public\DRM:احتضان
HKU\S-1-5-21-602785546-891173919-1512416085-1001\...\MountPoints2: F - F:\UEZLink.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-602785546-891173919-1512416085-1001 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_dnldstr_14_48_ie&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0F0DtA0AyDtAyCyCtB0AtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCtAzyyCyEtDzytDtG0CyByB0AtGtCyDzytAtGzyyBtCzztGyCzy0CyB0ByDtCyD0C0D0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCtCyEzztBzzyEtG0BzyyCyEtGyE0AtCyDtG0BtDtByCtGtBzztC0AyCyC0CzytByDtB0A2Q&cr=2013861367&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_dnldstr_14_48_ie&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0F0DtA0AyDtAyCyCtB0AtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCtAzyyCyEtDzytDtG0CyByB0AtGtCyDzytAtGzyyBtCzztGyCzy0CyB0ByDtCyD0C0D0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCtCyEzztBzzyEtG0BzyyCyEtGyE0AtCyDtG0BtDtByCtGtBzztC0AyCyC0CzytByDtB0A2Q&cr=2013861367&ir=", "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
S3 clwvd6; system32\DRIVERS\clwvd6.sys [X]
S1 MpKsl1eff63a8; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D32BF1DD-2369-476B-A013-297D7E0BF934}\MpKsl1eff63a8.sys [X]
C:\Users\James\AppData\Local\Temp\dllnt_dump.dll
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\ReimagePackage.exe
C:\Users\James\AppData\Local\Temp\sqlite3.dll
C:\Users\James\AppData\Local\Temp\_is4AD5.exe
C:\Users\James\AppData\Local\Temp\_is5F9C.exe
C:\Users\James\AppData\Local\Temp\_isB3A5.exe
C:\Users\James\AppData\Local\Temp\_isBB34.exe
C:\Users\James\AppData\Local\Temp\_isD410.exe
C:\Users\James\AppData\Local\Temp\_isF98B.exe

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#28
March 29, 2015 at 17:11:05
Johnw, I'm sorry but there are a couple of things that I'm not understanding, First, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It's my understanding that the "fixlist.txt" is the log that this fix will generate that you want me to copy and paste with my reply. And what is, FRST/FRST64? Is that the fix that you just now posted and if is, how can I get them both in the same location when one has to run to generate the other?
I am really sorry, I can see that you have worked hard to write this but if you will, please explain.

Report •

#29
March 29, 2015 at 17:21:46
One thing at a time James.

And what is, FRST/FRST64?

You need FRST64 on you desktop, is it still there?
Here is the size.
http://i.imgur.com/LKlH6bq.gif


Report •

#30
March 29, 2015 at 17:37:03
Now I remember, but it is only in "Notepad" format. I have pasted
"(FRST.txt) (x64) Version: 11-03-2015" in the Search window of the Farbar Recovery Scan Tool and scanned it. I have the log that the scan generated. As you pull your hair, please tell me what I did wrong or what is next.

Report •

#31
March 29, 2015 at 17:43:45
You are losing me James.

Do you have FRST64 size 2mb on your desktop?


Report •

#32
March 29, 2015 at 17:53:13
I hope you don't give up on me but, No, I don't have FRST64. I only have FRST in notepad format on my desktop.
I searched FRST64 in my Start menu and nothing was there. Only FRST.

message edited by james442007


Report •

#33
March 29, 2015 at 17:59:55
"I hope you don't give up on me"
I won't.

"No, I don't have FRST64"
Ok, that is the program you downloaded & ran previously.
Posts #22 & #26

Small steps, here is the next.
You either have moved the file or deleted it.
Either find it on your comp or download it again.


Report •

#34
March 29, 2015 at 18:22:05
Still lost. In post 22 I was asked to download and run Farbar Recovery Scan Tool. In post 26, I uploaded the results in the Zippyshare.com website and posted the links in post 26. The FRST64 is not on my computer, only FRST. Are you saying to repete running the Farbar program and uploading the results?

Report •

#35
March 29, 2015 at 18:30:39
" Are you saying to repete running the Farbar program and uploading the results?"
No, I'm saying, download the Farbar ( FRST64 ) tool again to your Desktop.

message edited by Johnw


Report •

#36
March 29, 2015 at 18:34:59
It is still on my desktop. Are you saying to download it again?

message edited by james442007


Report •

#37
March 29, 2015 at 18:36:58
Your reply to my post #31, said you only had the notepad.

Download the exe.


Report •

#38
March 29, 2015 at 18:40:33
I am very sorry, In my reply I thought you wanted the "Log" I am very sorry.

Report •

#39
March 29, 2015 at 18:44:11
"I am very sorry, In my reply I thought you wanted the "Log" I am very sorry."
Still need to clarify, do you have the FRST64 exe ( about 2mb ) on your desktop?

message edited by Johnw


Report •

#40
March 29, 2015 at 18:53:27
I have the "Farbar Recovery Scan Tool" and the "FRST" and the "Addition" Logs on my desktop. Nothing else pertaining to your post #39.


Report •

#41
March 29, 2015 at 18:56:24
"I have the "Farbar Recovery Scan Tool"
Is it about 2mb?

Report •

#42
March 29, 2015 at 19:03:25
I clicked on Properties and it is 2.00 MB (2,097,152 bytes). Copied and pasted from Properties.

Report •

#43
March 29, 2015 at 19:07:37
Whew, next step.

"I only have FRST in notepad format on my desktop"
Delete everything in that file, add my script & name the file > fixlist.txt
Let me know when you have done that.


Report •

#44
March 29, 2015 at 19:17:08
I deleted everything in that file then in the empty Notepad file I typed, "My File" and I named it fixlist.txt
Lord I hope that's what you wanted.

message edited by james442007


Report •

#45
March 29, 2015 at 19:29:11
"Lord I hope that's what you wanted"
Nope, delete My File.

The script is in post #27

Here is a partial screenshot ( SS ) of how it should look.
http://i.imgur.com/fW6j0th.gif

Let me know when you have it ready.


Report •

#46
March 29, 2015 at 19:45:03
I have it ready on my desktop. I have deleted My File.

Report •

#47
March 29, 2015 at 19:49:35
Double click FRST64 ( 2 mb ) & Run FRST64.

Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#48
March 29, 2015 at 20:22:55
Hope I'm back on track. Here is the fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by James at 2015-03-29 21:08:03 Run:1
Running from C:\Users\James\Desktop\File Cleaners
Loaded Profiles: James (Available profiles: James)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.15.0 - SpeedyPC Software) <==== ATTENTION
Task: {1C13A0C7-0EFF-4A56-B5F4-C002ED1FDF43} - System32\Tasks\PC Health Advisor_sch_0E994479-7694-11E4-94E4-5404A647DA70 => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION
Task: {68BE9BBE-1A2D-4FC3-8E47-6C8093C1E926} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {9D441058-0050-4A06-8A29-23113A4B0F37} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
Task: {9FCBF359-A901-476F-BB89-785B8F199510} - System32\Tasks\SpeedyPC Pro_sch_52921290-9AC2-11E4-9D1C-5404A647DA70 => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: {AB6C6CA1-3318-4E78-BA2F-8B689A4834C2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B915EC26-7A56-44D0-B7E5-E177857E421A} - System32\Tasks\SpeedyPC Update Version3_triggeronce => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
Task: {BF7A6240-19DC-480D-962B-BF7E619F1215} - System32\Tasks\SpeedyPC Pro Startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: {C6916DB3-18B3-46AC-ACEB-4CD640FB91FC} - System32\Tasks\{7827D9AC-05F1-444C-93FD-1C14F72687DD} => pcalua.exe -a "C:\Users\James\AppData\Local\Temp\Temp1_Synaptics PS2 Port TouchPad 84e9a31df045bc07862cb4cfe2bb5194.zip\Setup.exe"
Task: C:\Windows\Tasks\PC Health Advisor_sch_0E994479-7694-11E4-94E4-5404A647DA70.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro Startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro_sch_52921290-9AC2-11E4-9D1C-5404A647DA70.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Windows\system32\rundll32.exeMC:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Update Version3_triggeronce.job => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:F0B1838C
AlternateDataStreams: C:\Users\Public\DRM:احتضان
HKU\S-1-5-21-602785546-891173919-1512416085-1001\...\MountPoints2: F - F:\UEZLink.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-602785546-891173919-1512416085-1001 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_dnldstr_14_48_ie&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0F0DtA0AyDtAyCyCtB0AtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCtAzyyCyEtDzytDtG0CyByB0AtGtCyDzytAtGzyyBtCzztGyCzy0CyB0ByDtCyD0C0D0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCtCyEzztBzzyEtG0BzyyCyEtGyE0AtCyDtG0BtDtByCtGtBzztC0AyCyC0CzytByDtB0A2Q&cr=2013861367&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_dnldstr_14_48_ie&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0F0DtA0AyDtAyCyCtB0AtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCtAzyyCyEtDzytDtG0CyByB0AtGtCyDzytAtGzyyBtCzztGyCzy0CyB0ByDtCyD0C0D0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCtCyEzztBzzyEtG0BzyyCyEtGyE0AtCyDtG0BtDtByCtGtBzztC0AyCyC0CzytByDtB0A2Q&cr=2013861367&ir=", "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
S3 clwvd6; system32\DRIVERS\clwvd6.sys [X]
S1 MpKsl1eff63a8; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D32BF1DD-2369-476B-A013-297D7E0BF934}\MpKsl1eff63a8.sys [X]
C:\Users\James\AppData\Local\Temp\dllnt_dump.dll
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\ReimagePackage.exe
C:\Users\James\AppData\Local\Temp\sqlite3.dll
C:\Users\James\AppData\Local\Temp\_is4AD5.exe
C:\Users\James\AppData\Local\Temp\_is5F9C.exe
C:\Users\James\AppData\Local\Temp\_isB3A5.exe
C:\Users\James\AppData\Local\Temp\_isBB34.exe
C:\Users\James\AppData\Local\Temp\_isD410.exe
C:\Users\James\AppData\Local\Temp\_isF98B.exe
*****************

Processes closed successfully.
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.15.0 - SpeedyPC Software) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C13A0C7-0EFF-4A56-B5F4-C002ED1FDF43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C13A0C7-0EFF-4A56-B5F4-C002ED1FDF43}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Health Advisor_sch_0E994479-7694-11E4-94E4-5404A647DA70 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor_sch_0E994479-7694-11E4-94E4-5404A647DA70" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68BE9BBE-1A2D-4FC3-8E47-6C8093C1E926}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68BE9BBE-1A2D-4FC3-8E47-6C8093C1E926}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedyPC Registration3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Registration3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D441058-0050-4A06-8A29-23113A4B0F37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D441058-0050-4A06-8A29-23113A4B0F37}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3 Startup Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FCBF359-A901-476F-BB89-785B8F199510}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FCBF359-A901-476F-BB89-785B8F199510}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedyPC Pro_sch_52921290-9AC2-11E4-9D1C-5404A647DA70 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Pro_sch_52921290-9AC2-11E4-9D1C-5404A647DA70" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB6C6CA1-3318-4E78-BA2F-8B689A4834C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB6C6CA1-3318-4E78-BA2F-8B689A4834C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B915EC26-7A56-44D0-B7E5-E177857E421A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B915EC26-7A56-44D0-B7E5-E177857E421A}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedyPC Update Version3_triggeronce => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3_triggeronce" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF7A6240-19DC-480D-962B-BF7E619F1215}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF7A6240-19DC-480D-962B-BF7E619F1215}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedyPC Pro Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Pro Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6916DB3-18B3-46AC-ACEB-4CD640FB91FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6916DB3-18B3-46AC-ACEB-4CD640FB91FC}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7827D9AC-05F1-444C-93FD-1C14F72687DD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7827D9AC-05F1-444C-93FD-1C14F72687DD}" => Key deleted successfully.
C:\Windows\Tasks\PC Health Advisor_sch_0E994479-7694-11E4-94E4-5404A647DA70.job => Moved successfully.
C:\Windows\Tasks\SpeedyPC Pro Startup.job => Moved successfully.
C:\Windows\Tasks\SpeedyPC Pro_sch_52921290-9AC2-11E4-9D1C-5404A647DA70.job => Moved successfully.
C:\Windows\Tasks\SpeedyPC Registration3.job => Moved successfully.
C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => Moved successfully.
C:\Windows\Tasks\SpeedyPC Update Version3_triggeronce.job => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":F0B1838C" ADS removed successfully.
C:\Users\Public\DRM => ":احتضان" ADS removed successfully.
"HKU\S-1-5-21-602785546-891173919-1512416085-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-602785546-891173919-1512416085-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => value deleted successfully.
HKCR\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
clwvd6 => Service deleted successfully.
MpKsl1eff63a8 => Service deleted successfully.
C:\Users\James\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\_is4AD5.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\_is5F9C.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\_isB3A5.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\_isBB34.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\_isD410.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\_isF98B.exe => Moved successfully.
EmptyTemp: => Removed 916.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:08:27 ====


Report •

#49
March 29, 2015 at 20:39:14
On track James.

Run Malwarebytes again please. Disable scan for rootkit.
Why is scan for rootkit off by default?
https://helpdesk.malwarebytes.org/h...

Quarantine anything it finds, Copy & Paste the contents of the log in your reply.


Report •

#50
March 29, 2015 at 21:46:10
Johnw, I am at a loss again. I ran the Malwarbytes program. When it was finished a message saying it was done, see link at the bottom, came up. If you click on the link you will also see that it asked permision to restart the computer. I clicked yes and when it came back up I have not been able to find the log. I can start the malwarbytes program, click on history and open a log but I am not able to copy that file.
I'm sorry to say that I'm done for the day, I've had it. If you post a reply I'll open it tomorrow. Thank you again for ALL your help. James

http://www6.zippyshare.com/v/72QHs9...


Report •

#51
Report •

#52
Report •

#53
March 30, 2015 at 15:45:54
Hello Johnw, Concerning the out of date Malwarebytes program, I refer you to post #8. It's hard to describe how bad it was.
As for the current issue, I went back into the Malwarebytes program and followed the steps that you had listed. Step # 7, the Scanning History Log, looked different than the picture shown but I imagine that was due to a different version of the program.
The one file that was quarantined, Torrent-Music, I have uninstalled from my System. I woke this morning with some kind of bug, (in me, not my PC), and I don't feel up to doing much. I will await your reply and then pick it back up, hopefully, tomorrow. Thank you very much for all your help.
Anyway, here is the log that was opened;

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/29/2015
Scan Time: 9:45:19 PM
Logfile: Malwarebytes Log File 03-29-15.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2015.03.27.10
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353119
Time Elapsed: 14 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.SafeInstall.A, C:\Users\James\Desktop\free corderTorrent-Music-ect..exe, Quarantined, [5f2743073f4ba88e013e7dfcf011728e],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#54
March 30, 2015 at 16:00:23
Thanks James, here is the next step, once you feel better.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)


Report •

#55
March 30, 2015 at 16:09:51
"Step # 7, the Scanning History Log, looked different than the picture shown but I imagine that was due to a different version of the program"
That's exactly what has happened James, my images were from an even older version, once I got your SS, I realized things had changed.
I have replaced those images in my database with the new version images.

Report •

#56
March 30, 2015 at 17:03:12
I couldn't resist. I ran the DelFix as per your instructions and I will paste the log here.
The DelFix program is no longer in my system or on my desktop but all of the other programs are still on my desktop. I imagine that I should delete them all. Should I keep the logs for these other cleaner programs?
But first, Do I now download and run the "Run.dll?

# DelFix v10.9 - Logfile created 30/03/2015 at 17:41:36
# Updated 27/02/2015 by Xplode
# Username : James - JAMES-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\James\Desktop\FRST - Shortcut.lnk
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #464 [Windows Update | 03/18/2015 22:48:02]
Deleted : RP #465 [SpeedyPC Pro Backup | 03/18/2015 23:05:37]
Deleted : RP #466 [Snagit 12 | 03/21/2015 21:43:21]
Deleted : RP #467 [SpeedyPC Pro Backup | 03/21/2015 22:40:31]
Deleted : RP #468 [Windows Update | 03/23/2015 22:06:46]
Deleted : RP #469 [Removed Microsoft Office PowerPoint Viewer 2007 (English) | 03/24/2015 22:34:09]
Deleted : RP #470 [Windows Update | 03/25/2015 01:28:44]
Deleted : RP #471 [Restore Operation | 03/26/2015 02:16:53]
Deleted : RP #472 [Windows Update | 03/26/2015 04:05:27]
Deleted : RP #473 [SpeedyPC Pro Backup | 03/26/2015 04:07:38]
Deleted : RP #474 [SpeedyPC Pro Backup | 03/27/2015 21:56:09]
Deleted : RP #475 [Windows Update | 03/30/2015 03:21:36]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

message edited by james442007


Report •

#57
March 30, 2015 at 17:13:22
"I couldn't resist"
It gets like that.

"But first, Do I now download and run the "Run.dll?"
No idea what that is, right click > Properties for more info.


Report •

#58
March 30, 2015 at 17:25:50
Any chance that you mean Rundll (without the dot). If it IS Rundll and you are set to "Hide extensions for known file types" then most likely it is really Rundll.exe

Can't say I rate hiding file extensions but that's just my opinion.
I'm not alone though and it is a security risk - see part way down on here:
http://www.howtogeek.com/127154/how...

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#59
March 30, 2015 at 18:51:19
Well Johnw and Derek, I have been up and down, back and forth and over and over these posts and I can not find where I read a post that said "Run.dll" is my next step. But I'm telling you, I did see it. I followed the link that was given to the website but I did not download the program. I wish I had so as to not doubt my sanity now.
Hold the phone, I just found a webpage that I had saved with info on it. Whew.
I still don't know what this really is but here is a small part that I have copied and will paste. I will also try to copy a link for the webpage in case one of you care to look at it
And in case I did have a pipe dream, what should I follow the DelFix program with?
Thank you again..
Here is a link to (Hopefully) Error-Toolkit webpage.

http://error-toolkit.com/dll-files....

What is Run.dll ?
Run.dll is a file Owned by Unknown Company, the main role of this DLL file is to function as a (Unknown Function).

DLL errors are short for Dynamic Link Library errors and when these happen you know it. When a DLL error occurs on your computer you are generally notified via a pop-up style error message that will tell you what kind of DLL error you have.

Some of the more common types of DLL error include Corefoundation.dll Error, Leframe.dll Error, 3dx9_x.dll Error, and Kernal32.dll Error.

Of course there is a bunch more, but these tend to crop up more often than some of the others. No matter what DLL error you are experiencing, the end result can be a slow PC and a frustrating time on your computer.



Report •

#60
March 30, 2015 at 18:58:07
Now I have a pretty good idea of what happened James.

I would say it was due to an incomplete uninstall of >
"Torrent-Music, I have uninstalled from my System"

Download the latest version of Farbar & upload the 2 logs please.

message edited by Johnw


Report •

#61
March 30, 2015 at 19:06:15
I don't know what made you go there but it looks just like general information on a website. I would have thought John would have remembered it if it was associated with anything he asked you to use. I don't think you need to save that website but by all means wait for John to confirm this. As for the file itself I don't recall any such thing as being part of Windows generally, which is why I thought you might have meant Rundll without its file extension.

[Just for info the most common similar sounding file used in Windows is Rundll32.exe]

EDIT:
Sorry - I overlapped with Johnw.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#62
March 30, 2015 at 19:08:13
As I understand you, I should download Farbar and then where do I get two logs? I was only given one log when Farbar finished. I will run the program again but please explain the "Two Logs". Thank you.

Report •

#63
March 30, 2015 at 19:12:34
It is all in post #22

message edited by Johnw


Report •

#64
March 30, 2015 at 19:43:33
Thank you being patient johnw and Derek, I will paste the link to the logs then I am going to have to call it a day. I'll stick around for your reply then I'll respond to your reply tomorrow. Once again, Thank You Both!!!

FRST.txt,
http://www62.zippyshare.com/v/Wq2sS...

Addition.txt
http://www62.zippyshare.com/v/7N19Y...


Report •

#65
March 30, 2015 at 19:52:55
I also downloaded (not installed) the Run.dll program and took a snippit of the "Run or Cancel" box to show you two. Now I will permanatly delete the entire file. Here is the link.

http://www62.zippyshare.com/v/vSemY...



Report •

#66
March 30, 2015 at 19:59:06
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.15.0 - SpeedyPC Software) <==== ATTENTION
Description: CTLCN BrtCTLCN: [2015/03/30 16:36:08.509]: [00003620]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found.
Description: CTLCNBrtCTLCN: [2015/03/30 16:36:08.509]: [00003620]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found.
2015-01-12 18:31 - 2015-03-28 16:29 - 0000115 _____ () C:\Users\James\AppData\Roaming\LogFile.txt
2014-12-26 17:38 - 2014-12-26 17:38 - 0018526 _____ () C:\Users\James\AppData\Roaming\UserTile.png
2014-06-25 17:23 - 2014-06-25 17:23 - 0000000 _____ () C:\Users\James\AppData\Roaming\wklnhst.dat
2014-04-06 16:40 - 2014-06-28 13:07 - 0004608 _____ () C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\James\AppData\Local\Temp\dllnt_dump.dll
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\sqlite3.dll

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#67
March 30, 2015 at 20:09:07
After you finish Farbar & post the fixlog, here is work for tomorrow, we are on the home run.

I have to get ready to go out now.

Delfix got rid of the nasties out of System restore.

Run these in this order.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run CCleaner, follow these SS (screenshot) steps.
http://i.imgur.com/M9vk9yD.gif
http://i.imgur.com/OT28avu.gif
http://i.imgur.com/Jp2RAp7.gif
http://i.imgur.com/DMvKRE2.gif
http://i.imgur.com/k1XAHoO.gif
http://i.imgur.com/HbOGSq4.gif


Report •

#68
March 31, 2015 at 14:06:03
Hello johnw, As per post 66, I have done as you said and here is the log. Now I'll go on to post #67 and thanks again.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by James at 2015-03-31 14:41:30 Run:1
Running from C:\Users\James\Desktop
Loaded Profiles: James (Available profiles: James)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.15.0 - SpeedyPC Software) <==== ATTENTION
Description: CTLCN BrtCTLCN: [2015/03/30 16:36:08.509]: [00003620]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found.
Description: CTLCNBrtCTLCN: [2015/03/30 16:36:08.509]: [00003620]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found.
2015-01-12 18:31 - 2015-03-28 16:29 - 0000115 _____ () C:\Users\James\AppData\Roaming\LogFile.txt
2014-12-26 17:38 - 2014-12-26 17:38 - 0018526 _____ () C:\Users\James\AppData\Roaming\UserTile.png
2014-06-25 17:23 - 2014-06-25 17:23 - 0000000 _____ () C:\Users\James\AppData\Roaming\wklnhst.dat
2014-04-06 16:40 - 2014-06-28 13:07 - 0004608 _____ () C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\James\AppData\Local\Temp\dllnt_dump.dll
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\sqlite3.dll
*****************

Processes closed successfully.
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.15.0 - SpeedyPC Software) <==== ATTENTION => Error: No automatic fix found for this entry.
Description: CTLCN BrtCTLCN: [2015/03/30 16:36:08.509]: [00003620]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found. => Error: No automatic fix found for this entry.
Description: CTLCNBrtCTLCN: [2015/03/30 16:36:08.509]: [00003620]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found. => Error: No automatic fix found for this entry.
C:\Users\James\AppData\Roaming\LogFile.txt => Moved successfully.
C:\Users\James\AppData\Roaming\UserTile.png => Moved successfully.
C:\Users\James\AppData\Roaming\wklnhst.dat => Moved successfully.
C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\James\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 300.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:42:25 ====


Report •

#69
March 31, 2015 at 15:53:49
johnw, I ran the Wise Disk Cleaner as per your instructions and it seemed to run as it should. Then I ran ccCleaner with the same results, seemed to run as it should.
When the ccCleaner had finished I took a snippit of the last message in case you want to see it. I will post the link.
I wanted to tell you that this computer is really running fast and good. I just can't thank you, Derek and Othehill enough. And if there is still more to do, I will do my best.

ccCleaner end message link;
http://www6.zippyshare.com/v/bVUTDH...


Report •

#70
March 31, 2015 at 16:21:16
"When the ccCleaner had finished I took a snippit of the last message in case you want to see it"
Good thinking James.

Any future uninstalls, use this 2 step program to get rid of everything.
Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...

"I wanted to tell you that this computer is really running fast and good"
Now to keep it that way.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed. In your case, SpeedyPC Pro did a lot of damage.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

John in WA.
http://www.timeanddate.com/worldclo...

message edited by Johnw


Report •

#71
March 31, 2015 at 16:37:30
Congratulations james4420 & Johnw. Looks like you're at or near the end of this tussle and you've got the bad guys well and truly on the run.

Always pop back and let us know the outcome - thanks


Report •

#72
March 31, 2015 at 17:34:15
johnw, Am I actually at the END?? Actually I did enjoy learning new and very worthwhile things that will help me for years to come. And again, I thank all three of you, johnw, Derek and OtheHill. Johnw, I thought I always had been very carefull when downloading software from the internet. Apparently not careful enough. I will try to be more vigilant from now on. Actually, I guess I have too much free time on my hands and I really didn't need half of the things I wanted to play with.
So anyway johnw, I have bookmarked the two download websites and I've downloaded and installed Wise Program Uninstaller. And I'm grateful for new friends.
Thank you

message edited by james442007


Report •

#73
March 31, 2015 at 17:36:52
Better get the final say from Johnw about "the end" but it seemed like it to me.

Always pop back and let us know the outcome - thanks


Report •

#74
March 31, 2015 at 17:45:07
Thanks fellas, all finished.

Glad you enjoyed it James, the learning never stops.

All the best. John.


Report •

#75
September 17, 2015 at 10:44:47
Valuable post , I was enlightened by the specifics . Does someone know where my business might access a template 2007 SC DoR I-309 form to fill in ?

Report •

#76
September 17, 2015 at 11:18:20
2007 SC DoR I-309 form
https://www.google.com.au/webhp?hl=...

Report •

Ask Question