Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse


  • This topic is locked This topic is locked
26 replies to this topic

#1 resa83

resa83

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 18 August 2015 - 08:22 AM

My son downloaded Vector, a game. It unfortunately came with many other things including the Trojan Horse. I noticed my browsers were redirecting and opening up tabs and freezing and the list goes on. I then downloaded AVG and it found 76 problems. i didn't read all the threats however 1 threat caught my attention and it was Trojan Horse. I cleaned everything up and uninstalled all types of programs that came with this game. However the problem persisted. I did a system restore, but my browser still wants to freeze etc. Now I'm on safe mode with networking and following the topic rules here, so here I am.............also this is my third attempt to post this problem. The first time (which was a few mins ago) the page just turned solid white and there was nothing there. I will be copying and pasting the "addition" file to see if this helps. I'm assuming this has something to do with whatever is on this laptop. Thank You for any and all help with my problem. :)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Theresa (administrator) on THERESA-PC (18-08-2015 07:54:40)
Running from C:\Users\Theresa\Downloads
Loaded Profiles: Theresa (Available Profiles: Theresa)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-04-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\Run: [Google Update] => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-30] (Google Inc.)
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\Run: [GoogleChromeAutoLaunch_719151B831D141074DEAA1A6443EF575] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-06-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
SearchScopes: HKLM -> DefaultScope {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM-x32 -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM-x32 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1215446760-1989245984-247186789-1000 -> DefaultScope {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKU\S-1-5-21-1215446760-1989245984-247186789-1000 -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKU\S-1-5-21-1215446760-1989245984-247186789-1000 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: ArcadeFrontier Addon -> {A0A838EC-FAAC-4F46-B3BA-D998593DB00E} -> C:\Program Files (x86)\ArcadeFrontier\arcfront.dll [2014-07-09] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95137718-792B-4681-A5B6-A1984A0DD669}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Trovi
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9E4443CC-88E7-4B13-826F-7094B0370BA9&n=781ac9c8&ind=2015021512&p2=^BDG^xdm415^YYA^us&si=downloadzipnow&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-26] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2007-04-16] ()
FF Plugin HKU\S-1-5-21-1215446760-1989245984-247186789-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Theresa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1215446760-1989245984-247186789-1000: @talk.google.com/O1DPlugin -> C:\Users\Theresa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1215446760-1989245984-247186789-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1215446760-1989245984-247186789-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1215446760-1989245984-247186789-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Theresa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Theresa\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Theresa\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\searchplugins\ask-web-search.xml [2015-02-15]
FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\searchplugins\trovi.xml [2015-08-16]
FF Extension: Cinema_Plus-1.2V16.08 - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-08-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\Firefox\Extensions: [addon@arcadefrontier.com] - C:\Program Files (x86)\ArcadeFrontier\arcfront.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (YouTube) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Google Sheets) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Cinema_Plus-1.2V16.08) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-06-13] ()
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-24] ()
S2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-24] ()
S2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation)
U1 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 07:54 - 2015-08-18 07:55 - 00017068 _____ C:\Users\Theresa\Downloads\FRST.txt
2015-08-18 07:54 - 2015-08-18 07:54 - 02173440 _____ (Farbar) C:\Users\Theresa\Downloads\FRST64 (1).exe
2015-08-18 07:50 - 2015-08-18 07:54 - 00000000 ____D C:\FRST
2015-08-18 07:50 - 2015-08-18 07:50 - 02173440 _____ (Farbar) C:\Users\Theresa\Downloads\FRST64.exe
2015-08-18 07:48 - 2015-08-18 07:48 - 01677312 _____ (Farbar) C:\Users\Theresa\Downloads\FRST.exe
2015-08-18 07:20 - 2015-08-18 07:20 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-18 07:02 - 2015-08-18 07:02 - 00000888 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-18 03:26 - 2015-05-08 18:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-18 03:26 - 2015-05-08 18:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-18 03:23 - 2015-06-27 11:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-18 03:23 - 2015-06-27 11:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-18 03:23 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-18 03:23 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-18 03:23 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-08-18 03:23 - 2015-06-27 10:40 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-18 03:23 - 2015-06-27 10:40 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-18 03:23 - 2015-06-27 10:40 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-18 03:23 - 2015-06-27 10:39 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-08-18 03:23 - 2015-06-27 09:30 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-18 03:23 - 2015-06-27 09:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-18 03:23 - 2015-06-12 08:13 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-18 03:23 - 2015-04-30 11:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-18 03:23 - 2015-04-30 10:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-18 03:23 - 2015-01-08 19:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-18 03:22 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 03:22 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 03:21 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-18 03:21 - 2015-07-03 10:41 - 01916416 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-18 03:20 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-18 03:20 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-18 03:19 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-18 03:19 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-18 03:16 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-08-18 03:16 - 2015-05-31 02:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-18 03:15 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-18 03:15 - 2015-06-17 11:23 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-18 03:15 - 2015-06-17 10:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-18 03:15 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-18 03:13 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-18 03:13 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-18 03:13 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-18 03:13 - 2015-05-04 17:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-08-18 03:13 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-08-18 03:13 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-08-18 03:13 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-08-18 03:13 - 2015-05-04 17:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-08-18 03:13 - 2015-05-04 17:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-08-18 03:13 - 2015-05-04 17:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-08-18 03:13 - 2015-05-04 17:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-08-18 03:13 - 2015-05-04 16:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-08-18 03:13 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-08-18 03:12 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-18 03:12 - 2015-06-12 11:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-18 03:12 - 2015-06-12 10:46 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-18 03:08 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-18 03:08 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-18 03:08 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-18 03:08 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-18 03:08 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-18 03:08 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-18 03:08 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-18 03:08 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-18 03:08 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-18 03:08 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-18 03:08 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-18 03:08 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-18 03:08 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-08-18 03:08 - 2015-04-24 10:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-08-18 03:08 - 2015-04-10 18:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-08-18 03:08 - 2015-04-10 18:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-08-18 03:01 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-18 03:01 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-18 03:01 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-18 03:01 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-18 03:01 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-18 03:01 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-18 03:01 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-18 03:01 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-18 03:01 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-18 03:01 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-18 03:01 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-18 03:01 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-18 03:01 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-18 03:01 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-18 03:01 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-18 03:01 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-18 03:01 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-18 03:01 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-18 03:01 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-18 03:01 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-18 03:01 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-18 03:01 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-18 03:01 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-18 03:01 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-18 03:01 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-17 21:30 - 2015-07-22 17:08 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-17 21:30 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-17 21:30 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-17 21:30 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-17 21:30 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-17 21:30 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-17 21:30 - 2015-07-22 16:49 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-17 21:30 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-17 21:30 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-17 21:30 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-17 21:30 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-17 21:30 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-17 21:30 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-17 21:30 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-17 21:30 - 2015-07-22 16:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-17 21:30 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-17 21:30 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-17 21:30 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-17 21:30 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-17 21:30 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-17 21:30 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-17 21:30 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-17 21:30 - 2015-07-22 15:54 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-17 21:30 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-17 21:30 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-17 21:30 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-17 21:30 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-17 21:30 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-17 21:30 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-17 21:30 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-17 21:30 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-17 21:30 - 2015-07-22 15:44 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-17 21:30 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-17 21:30 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-17 21:30 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-17 21:30 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-17 21:30 - 2015-07-22 15:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-17 21:30 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-17 21:30 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-17 21:30 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-17 21:30 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-17 21:30 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-17 21:30 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-17 21:30 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-17 14:19 - 2015-08-17 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service(89)
2015-08-17 14:19 - 2015-08-17 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox(88)
2015-08-17 10:29 - 2015-08-17 10:29 - 02192786 _____ C:\Users\Theresa\Desktop\AVGInstLog.cab
2015-08-17 09:56 - 2015-08-17 09:56 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\AVG2015
2015-08-17 09:55 - 2015-08-17 09:55 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\TuneUp Software
2015-08-17 09:54 - 2015-08-17 10:27 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-17 09:54 - 2015-08-17 09:54 - 00000000 ___HD C:\$AVG
2015-08-17 09:53 - 2015-08-17 09:53 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-17 09:45 - 2015-08-17 10:12 - 00000000 ____D C:\Users\Theresa\AppData\Local\Avg2015
2015-08-17 09:44 - 2015-08-17 10:31 - 00000000 ____D C:\ProgramData\MFAData
2015-08-17 09:44 - 2015-08-17 09:44 - 00000000 ____D C:\Users\Theresa\AppData\Local\MFAData
2015-08-17 09:44 - 2015-08-17 09:44 - 00000000 ____D C:\Users\Theresa\AppData\Local\Avg2014
2015-08-17 09:33 - 2015-08-17 09:42 - 00000000 ____D C:\Users\Theresa\AppData\Local\FinanceAlert
2015-08-17 09:31 - 2015-08-17 09:56 - 00000000 ____D C:\ProgramData\BlgLBE
2015-08-17 08:47 - 2015-08-17 09:00 - 00001694 _____ C:\ProgramData\tempimage.bmp
2015-08-17 08:44 - 2015-08-17 08:44 - 00000000 ____D C:\Program Files (x86)\Exploremedia
2015-08-17 08:40 - 2015-08-17 08:40 - 00000000 ____D C:\Program Files (x86)\predm
2015-08-16 17:56 - 2015-08-16 17:56 - 00000000 ____D C:\Users\Theresa\AppData\Local\speed browser
2015-08-16 17:52 - 2015-08-17 12:39 - 00000000 ____D C:\Program Files (x86)\Cinema_Plus-1.2V16.08
2015-08-16 17:52 - 2015-08-17 12:39 - 00000000 ____D C:\Program Files (x86)\3ad3f1ff-bd16-40b9-807f-6fb4b40433e3
2015-08-16 17:52 - 2015-08-16 17:52 - 00000000 ____D C:\Users\Theresa\AppData\Local\globalUpdate
2015-08-16 17:52 - 2015-08-16 17:52 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-16 17:39 - 2015-08-16 17:39 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-16 13:51 - 2015-08-17 12:40 - 00000000 ____D C:\Users\Theresa\AppData\Local\SmartWeb
2015-08-16 11:11 - 2015-08-16 18:01 - 00000112 _____ C:\ProgramData\xNpiksU.dat
2015-08-16 11:09 - 2015-08-17 08:43 - 00000000 ____D C:\Windows\SysWOW64\First Verify
2015-08-16 11:03 - 2015-08-17 12:39 - 00000000 ____D C:\Program Files (x86)\38464E43-1439741014-3533-3051-001E68F2E2E3
2015-08-16 11:02 - 2015-08-17 12:39 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-08-16 11:02 - 2015-08-16 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-08-16 11:00 - 2015-08-17 12:40 - 00000000 ____D C:\Users\Theresa\AppData\Local\38464E43-1439722814-3533-3051-001E68F2E2E3
2015-08-16 10:55 - 2015-08-17 12:39 - 00000000 ____D C:\Program Files (x86)\38464E43-1439740531-3533-3051-001E68F2E2E3
2015-08-16 10:53 - 2015-08-16 11:00 - 00000000 ____D C:\ProgramData\Uarinagluonb
2015-08-16 10:50 - 2015-08-17 09:49 - 00000000 ___HD C:\ProgramData\lge
2015-08-16 10:48 - 2015-08-17 11:14 - 00000000 ____D C:\ProgramData\{9548d5bb-93ad-eee8-9548-8d5bb93a56ee}
2015-08-16 10:33 - 2015-08-17 08:28 - 00000000 ____D C:\Program Files (x86)\Banana Phone
2015-08-16 10:31 - 2015-08-16 10:31 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-16 10:30 - 2015-08-17 10:27 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-08-16 10:30 - 2015-08-17 08:37 - 00000000 ____D C:\Program Files\13
2015-08-16 10:30 - 2015-08-16 11:20 - 00000000 ____D C:\Program Files\015
2015-08-16 10:26 - 2015-08-16 10:26 - 00000000 ____D C:\Users\Theresa\Downloads\New Folder
2015-08-15 19:22 - 2015-08-15 19:22 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Serif
2015-08-15 16:23 - 2015-08-15 16:23 - 00012004 _____ C:\Users\Theresa\AppData\Local\dd_vcredistUI327D.txt
2015-08-14 19:14 - 2015-08-17 19:55 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Skype
2015-08-14 19:14 - 2015-08-14 19:14 - 00000000 ____D C:\Users\Theresa\AppData\Local\Skype
2015-08-14 19:13 - 2015-08-14 19:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-14 03:02 - 2015-08-18 03:01 - 00275374 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2015-08-05 18:14 - 2015-08-05 18:14 - 00000000 ____D C:\ProgramData\SpinTop Games
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00872528 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00681552 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 07:32 - 2015-01-30 13:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-18 07:25 - 2008-07-01 04:15 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
2015-08-18 07:22 - 2015-02-03 12:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 07:22 - 2015-01-30 01:03 - 00000290 _____ C:\Users\Public\Documents\hpqp.ini
2015-08-18 07:19 - 2015-02-03 12:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 07:14 - 2015-01-30 17:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 07:03 - 2015-01-30 18:09 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1215446760-1989245984-247186789-1000UA.job
2015-08-18 07:02 - 2015-04-16 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-18 07:02 - 2015-01-30 13:59 - 00000900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-18 06:59 - 2006-11-02 07:46 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-18 06:57 - 2015-01-30 00:41 - 02023507 _____ C:\Windows\WindowsUpdate.log
2015-08-18 06:52 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 06:52 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 06:51 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 03:51 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2015-08-18 03:34 - 2006-11-02 10:21 - 00403040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-18 03:32 - 2006-11-02 10:42 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-18 03:31 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-18 03:31 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-08-18 03:08 - 2015-01-30 09:23 - 00000000 ____D C:\Windows\system32\MRT
2015-08-18 03:06 - 2015-01-30 00:16 - 00000000 ____D C:\Users\Theresa
2015-08-17 23:35 - 2006-11-02 07:33 - 69992448 _____ C:\Windows\system32\config\software_previous
2015-08-17 23:31 - 2015-06-14 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcadeFrontier
2015-08-17 23:31 - 2015-06-14 17:49 - 00000000 ____D C:\Program Files (x86)\ArcadeFrontier
2015-08-17 23:31 - 2015-03-05 08:21 - 00000000 ____D C:\Users\Theresa\Documents\Youcam
2015-08-17 23:31 - 2015-03-02 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-17 23:31 - 2015-02-04 20:37 - 00000000 ____D C:\Users\Theresa\Desktop\microchip enrollment_files
2015-08-17 23:31 - 2015-02-03 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-17 23:31 - 2015-01-30 00:24 - 00000000 ____D C:\Users\Theresa\AppData\Local\QuickPlay
2015-08-17 23:31 - 2008-04-10 05:26 - 00000000 ____D C:\Windows\SMINST
2015-08-17 23:31 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\spool
2015-08-17 23:31 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-08-17 23:30 - 2015-02-01 07:22 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-08-17 23:30 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\registration
2015-08-17 23:30 - 2006-11-02 07:33 - 18350080 _____ C:\Windows\system32\config\system_previous
2015-08-17 23:29 - 2015-07-06 17:07 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Motorola Mobility
2015-08-17 23:29 - 2015-07-06 17:07 - 00000000 ____D C:\ProgramData\Motorola
2015-08-17 23:29 - 2015-06-13 14:42 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\iWin
2015-08-17 23:29 - 2015-02-15 01:49 - 00000000 ____D C:\Users\Theresa\AppData\Local\Microsoft Games
2015-08-17 23:29 - 2015-01-30 18:09 - 00000000 ____D C:\Users\Theresa\AppData\Local\Google
2015-08-17 23:29 - 2015-01-30 14:37 - 00000000 ____D C:\Windows\system32\EventProviders
2015-08-17 23:29 - 2015-01-30 11:05 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2015-08-17 23:29 - 2015-01-30 11:05 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2015-08-17 23:29 - 2015-01-30 08:51 - 00000000 ____D C:\Users\Theresa\AppData\Local\Hewlett-Packard
2015-08-17 23:29 - 2006-11-02 08:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 23:28 - 2015-04-20 09:13 - 00000000 ____D C:\Users\Theresa\.frostwire5
2015-08-17 23:28 - 2015-03-24 10:26 - 00000000 ____D C:\Users\Theresa\AppData\Local\Electronic_Arts_Inc
2015-08-17 23:28 - 2015-03-09 12:14 - 00000000 ____D C:\Program Files\CCleaner
2015-08-17 23:28 - 2015-03-03 16:35 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-08-17 23:28 - 2015-01-30 11:58 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-08-17 23:28 - 2015-01-30 01:03 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-17 23:28 - 2015-01-30 00:54 - 00000000 ____D C:\Windows\SysWOW64\HPMDP
2015-08-17 23:28 - 2015-01-30 00:52 - 00000000 ____D C:\Program Files\Broadcom
2015-08-17 23:28 - 2015-01-30 00:51 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-08-17 23:28 - 2015-01-30 00:50 - 00000000 ____D C:\Program Files\IDT
2015-08-17 23:28 - 2015-01-30 00:50 - 00000000 ____D C:\Program Files (x86)\IDT
2015-08-17 23:28 - 2015-01-30 00:46 - 00000000 ____D C:\Windows\SysWOW64\Lang
2015-08-17 23:28 - 2008-07-01 03:08 - 00000000 ____D C:\ProgramData\WildTangent
2015-08-17 23:28 - 2008-07-01 02:41 - 00000000 ____D C:\Program Files (x86)\HP
2015-08-17 23:28 - 2008-07-01 02:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-08-17 23:28 - 2008-07-01 02:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-17 23:28 - 2008-07-01 02:12 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-17 23:28 - 2008-07-01 02:08 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-08-17 23:28 - 2008-02-05 12:03 - 00000000 ____D C:\SwSetup
2015-08-17 23:28 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-17 23:26 - 2015-06-06 14:01 - 00000000 ____D C:\ProgramData\HipSoft
2015-08-17 23:26 - 2015-01-30 00:16 - 00000000 ___RD C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 23:26 - 2008-07-01 03:52 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-08-17 23:26 - 2008-07-01 03:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-17 23:26 - 2008-07-01 03:50 - 00000000 ____D C:\ProgramData\HP
2015-08-17 23:26 - 2008-07-01 03:49 - 00000000 ____D C:\Windows\Downloaded Installations
2015-08-17 23:26 - 2008-07-01 03:49 - 00000000 ____D C:\Program Files (x86)\Sling Media
2015-08-17 23:26 - 2008-07-01 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-17 23:26 - 2008-07-01 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
2015-08-17 23:26 - 2008-07-01 03:34 - 00000000 ____D C:\Program Files (x86)\muvee Technologies
2015-08-17 23:26 - 2008-07-01 03:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-08-17 23:26 - 2008-07-01 03:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-08-17 23:26 - 2008-07-01 03:08 - 00000000 ___RD C:\Program Files (x86)\Online Services
2015-08-17 23:26 - 2008-07-01 03:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-08-17 23:26 - 2008-07-01 03:08 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-08-17 23:26 - 2006-11-02 10:22 - 00000000 ____D C:\Windows\Setup
2015-08-17 23:26 - 2006-11-02 10:16 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-08-17 23:26 - 2006-11-02 10:16 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-08-17 23:26 - 2006-11-02 10:15 - 00000000 ____D C:\Windows\WindowsMobile
2015-08-17 23:26 - 2006-11-02 10:15 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-08-17 23:26 - 2006-11-02 10:15 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-08-17 23:26 - 2006-11-02 10:15 - 00000000 ____D C:\Windows\system32\winrm
2015-08-17 23:26 - 2006-11-02 10:15 - 00000000 ____D C:\Windows\system32\WCN
2015-08-17 23:26 - 2006-11-02 10:15 - 00000000 ____D C:\Windows\system32\slmgr
2015-08-17 23:26 - 2006-11-02 10:15 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-08-17 23:26 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\Performance
2015-08-17 23:26 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\DigitalLocker
2015-08-17 23:26 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-08-17 23:26 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Windows Photo Gallery
2015-08-17 23:26 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-17 23:26 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Windows Calendar
2015-08-17 23:26 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-17 23:26 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\Web
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\Speech
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\licensing
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\IME
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\com
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\sysprep
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\Speech
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\SMI
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\RemInst
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\oobe
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\MUI
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\migwiz
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\licensing
2015-08-17 23:26 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\IME
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 __RHD C:\Users\Default
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\system32\com
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\Speech
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\servicing
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\security
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\schemas
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\Resources
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\Provisioning
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\PLA
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\MSAgent64
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\MSAgent
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\IME
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\Help
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\Branding
2015-08-17 23:26 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-08-17 23:26 - 1999-03-30 13:17 - 00000000 ___HD C:\System.sav
2015-08-17 23:25 - 2008-07-01 04:05 - 00000000 ____D C:\Program Files\AWS
2015-08-17 23:25 - 2008-07-01 04:03 - 00000000 ___RD C:\Program Files\Online Services
2015-08-17 23:25 - 2008-07-01 03:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-17 23:25 - 2008-07-01 03:48 - 00000000 ____D C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2015-08-17 23:25 - 2008-07-01 03:46 - 00000000 ____D C:\Program Files\Microsoft Office
2015-08-17 23:25 - 2008-07-01 00:50 - 00000000 ___HD C:\HP
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Collaboration
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Calendar
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\MSBuild
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Movie Maker
2015-08-17 23:25 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Microsoft Games
2015-08-17 23:25 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files\Windows NT
2015-08-17 23:25 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-17 23:25 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-08-17 23:17 - 2008-07-01 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2015-08-17 22:15 - 2015-01-30 17:03 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-17 22:15 - 2015-01-30 17:03 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-17 22:15 - 2015-01-30 17:03 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-17 20:09 - 2006-11-02 07:33 - 58458112 _____ C:\Windows\system32\config\components_previous
2015-08-17 20:09 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-08-17 20:09 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-08-17 20:09 - 2006-11-02 07:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-08-17 16:10 - 2008-01-20 22:26 - 00291996 _____ C:\Windows\PFRO.log
2015-08-17 10:25 - 2015-02-01 07:30 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-17 10:24 - 2015-07-06 17:07 - 00000000 ____D C:\Temp
2015-08-17 09:56 - 2006-11-02 08:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-17 09:00 - 2015-06-27 16:55 - 00001356 _____ C:\Users\Theresa\AppData\Local\d3d9caps.dat
2015-08-16 14:43 - 2006-11-02 10:27 - 00085477 _____ C:\Windows\setupact.log
2015-08-15 19:19 - 2006-11-02 10:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-13 12:26 - 2015-06-14 15:22 - 00003702 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6504CC97-5078-4107-9EDB-0ABCEA5EAE2A}
2015-08-13 08:03 - 2015-01-30 18:09 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1215446760-1989245984-247186789-1000Core.job
2015-08-13 07:58 - 2015-01-30 18:09 - 00003804 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1215446760-1989245984-247186789-1000UA
2015-08-13 07:58 - 2015-01-30 18:09 - 00003408 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1215446760-1989245984-247186789-1000Core
2015-08-13 07:17 - 2015-03-03 16:35 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\HpUpdate
2015-07-30 20:21 - 2015-03-31 07:13 - 00000021 _____ C:\Users\Public\Documents\hpqp.txt
2015-07-28 21:08 - 2015-02-10 19:06 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-28 10:59 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-07-26 21:14 - 2015-02-03 12:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-26 21:14 - 2015-02-03 12:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-23 03:37 - 2015-06-06 14:40 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\CyberLink
 
==================== Files in the root of some directories =======
 
2015-01-30 00:24 - 2015-01-30 00:24 - 0000000 _____ () C:\Users\Theresa\AppData\Local\AtStart.txt
2015-06-27 16:55 - 2015-08-17 09:00 - 0001356 _____ () C:\Users\Theresa\AppData\Local\d3d9caps.dat
2015-03-19 14:30 - 2015-06-13 15:19 - 0005120 _____ () C:\Users\Theresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 19:26 - 2015-03-07 19:27 - 0440046 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistMSI1B1D.txt
2015-03-24 10:16 - 2015-03-24 10:17 - 0585346 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistMSI265B.txt
2015-04-20 11:54 - 2015-04-20 11:54 - 0429038 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistMSI2E8C.txt
2015-04-20 11:54 - 2015-04-20 11:54 - 0368048 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistMSI2ED4.txt
2015-03-07 19:26 - 2015-03-07 19:27 - 0020042 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistUI1B1D.txt
2015-03-24 10:16 - 2015-03-24 10:25 - 0015390 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistUI265B.txt
2015-04-20 11:54 - 2015-04-20 11:54 - 0014016 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistUI2E8C.txt
2015-04-20 11:54 - 2015-04-20 11:54 - 0013778 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistUI2ED4.txt
2015-08-15 16:23 - 2015-08-15 16:23 - 0012004 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistUI327D.txt
2015-06-06 13:56 - 2015-06-06 13:56 - 0012972 _____ () C:\Users\Theresa\AppData\Local\dd_vcredistUI64B8.txt
2015-01-30 00:24 - 2015-01-30 00:24 - 0000000 _____ () C:\Users\Theresa\AppData\Local\DSwitch.txt
2015-01-30 00:24 - 2015-01-30 00:24 - 0000000 _____ () C:\Users\Theresa\AppData\Local\QSwitch.txt
2008-07-01 03:50 - 2008-07-01 03:51 - 0000372 _____ () C:\ProgramData\hpzinstall.log
2015-08-17 08:47 - 2015-08-17 09:00 - 0001694 _____ () C:\ProgramData\tempimage.bmp
2015-08-16 11:11 - 2015-08-16 18:01 - 0000112 _____ () C:\ProgramData\xNpiksU.dat
 
Files to move or delete:
====================
C:\ProgramData\xNpiksU.dat
 
 
Some files in TEMP:
====================
C:\Users\Theresa\AppData\Local\Temp\MotorolaDeviceManager_2.2.24.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-18 07:50
 
==================== End of log ============================
 
 
 
 
 
ADDITION FILE COPY AND PASTE
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Theresa (2015-08-18 07:56:00)
Running from C:\Users\Theresa\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1215446760-1989245984-247186789-500 - Administrator - Disabled)
Guest (S-1-5-21-1215446760-1989245984-247186789-501 - Limited - Disabled)
Theresa (S-1-5-21-1215446760-1989245984-247186789-1000 - Administrator - Enabled) => C:\Users\Theresa
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
ArcadeFrontier (HKLM-x32\...\ArcadeFrontier) (Version: 1.0.0 - ArcadeFrontier)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{28C3E5E6-5ACA-408D-9A46-089C5334EC97}) (Version: 2.0.7.0 - Hewlett-Packard)
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Quick Launch Buttons 6.40 D1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D1 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP QuickTouch 1.00 D2 (HKLM\...\{1AD2F8FE-A357-4728-BDF8-B92D794CE793}) (Version: 1.0.9 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 109.9.19158 - Hewlett-Packard)
HP Total Care Advisor (HKLM-x32\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.1.3359.2635 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0102 (HKLM-x32\...\{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5893.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software  1.12.33.2 (HKLM-x32\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.24 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.30 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM-x32\...\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (x32 Version: 6.5.2719 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Serif WebPlus 10 (HKLM-x32\...\{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}) (Version: 10.1.1.036 - Serif (Europe) Ltd)
Serif WebPlus 10 Resources (HKLM-x32\...\{A869A1DA-9571-4287-B170-4A7246994C84}) (Version: 10.1.0.007 - Serif (Europe) Ltd)
Slingbox Flash Tour (HKLM-x32\...\{38EAC694-0D90-445F-8C17-8B50ADFE3162}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1215446760-1989245984-247186789-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
23-04-2015 22:23:16 Scheduled Checkpoint
24-04-2015 13:04:37 Scheduled Checkpoint
14-06-2015 19:08:46 Scheduled Checkpoint
15-06-2015 17:36:16 Scheduled Checkpoint
06-07-2015 17:04:36 Installed Motorola Device Manager
13-08-2015 08:39:30 Windows Update
14-08-2015 03:00:25 Windows Update
16-08-2015 10:39:26 Windows Defender Checkpoint
16-08-2015 11:18:52 Windows Defender Checkpoint
17-08-2015 09:53:14 Installed AVG 2015
17-08-2015 09:54:12 Installed AVG 2015
17-08-2015 15:41:53 Removed Serif WebPlus 10
17-08-2015 15:42:46 Removed Serif WebPlus 10
17-08-2015 15:44:34 Removed Serif WebPlus 10 Resources
17-08-2015 15:46:30 Removed Motorola Device Manager
18-08-2015 03:00:22 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15D76892-2E98-48B8-AEE4-16AA9DE7C503} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-06-13] ()
Task: {2A39129C-E17A-44E2-AFC5-87809F93B988} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-06-13] ()
Task: {3B1253BD-9C81-40E9-B6FC-6EDD00AAEC67} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {5422F709-5B3F-4B3C-A859-F4C7E011C259} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {750464E6-0314-4EBD-9515-15B74D7AE4E4} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-06-13] ()
Task: {759D01B9-DD91-436F-B721-F7945ADAE612} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-17] (Adobe Systems Incorporated)
Task: {9B5CD742-F3D1-47F7-9CB2-AB5C9842EC17} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1215446760-1989245984-247186789-1000UA => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {A141591C-727E-4405-B3E7-DC8E90858EBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {A46C779D-9C71-4669-8A8D-FDFCFDA01C48} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1215446760-1989245984-247186789-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {AC5E6D00-817A-4246-A796-A16AE65C18B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {C064EBAD-2753-4481-BCF3-EF81B80012B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1215446760-1989245984-247186789-1000Core => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {D00B243A-1472-4BC3-9D94-6562FD05567A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1215446760-1989245984-247186789-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E49D2F22-3F6D-443F-880C-0746B439F990} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {F836A0B4-84E1-4836-A1CB-4A8B6ED92290} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1215446760-1989245984-247186789-1000Core.job => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1215446760-1989245984-247186789-1000UA.job => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-08 10:39 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-02-08 10:39 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Theresa\Downloads\mandarinfish.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{EE1B3FFE-129C-4CD4-9629-D1F107C6DCF8}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{161509FD-18BF-4FEA-86F9-F9DC6F7991EB}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{70C38BEE-48D0-4B9B-9144-1D356F9DB29F}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{EEA96833-2794-4282-8A3B-E704D83A765C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{B3EFCC95-C508-4FD2-A2EA-64089967E4C4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{3D2E9403-6E1E-4608-875C-977D1A66A020}] => (Allow) LPort=80
FirewallRules: [{EED081C2-8558-43A4-B99B-95F56DB6CD69}] => (Allow) LPort=80
FirewallRules: [{EA9C4091-B672-44E3-A0CA-2782021A132F}] => (Allow) LPort=80
FirewallRules: [{5AEFCDA0-CFD8-410D-A0ED-CF353C1C91FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72881ECF-9745-4C77-AD4D-7A5BD2224EB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{121A3AC2-E3C1-4516-8E8F-40E6ECE435CC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B1D8A6AF-646C-4C94-B8F3-549782D75D66}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{55B0FB5C-E5A1-4D40-9EA0-A0373DE9F56A}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{B85AB78E-0772-4A2F-8963-66ECA1B9EBB0}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [TCP Query User{C82D5FAE-710D-46ED-94AD-08EC5B1C2CFB}C:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe] => (Block) C:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe
FirewallRules: [UDP Query User{2F11CDA1-FF4A-40F8-8C66-14EC921839F1}C:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe] => (Block) C:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe
FirewallRules: [{E1BB2BAA-3767-4A0B-9AB1-1CF4AA3D1F19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2015 07:33:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2015 07:33:19 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/18/2015 06:53:38 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.155;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\15da8180-a04d-4f1b-9d6a-d1842d191cb2.dmp
 
Error: (08/18/2015 06:53:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2015 06:45:26 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.155;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\16cbcebe-0b87-46c2-b1af-f21e27ccad24.dmp
 
Error: (08/18/2015 06:42:50 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.155;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\3f14e2e0-7f66-4d19-86a9-3ea5878336b2.dmp
 
Error: (08/18/2015 03:35:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2015 03:07:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8
 
Error: (08/18/2015 03:07:05 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8
 
Error: (08/17/2015 08:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/18/2015 07:33:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: spldr
Wanarpv6
 
Error: (08/18/2015 07:33:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
 
Error: (08/18/2015 07:33:26 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/18/2015 07:33:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/18/2015 07:33:19 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/18/2015 07:33:10 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/18/2015 07:33:06 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv64.dll21
 
Error: (08/18/2015 07:32:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:30:28 AM on 8/18/2015 was unexpected.
 
Error: (08/18/2015 07:22:50 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (08/18/2015 06:54:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: QuickPlay Task Scheduler (QTS)
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-01-30 13:39:36.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-30 13:39:36.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-30 13:39:36.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-30 13:39:36.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-30 13:39:36.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2008-07-01 04:17:15.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2008-07-01 04:17:15.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2008-07-01 04:17:15.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2008-07-01 04:17:15.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2008-07-01 04:17:09.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 26%
Total physical RAM: 3998.27 MB
Available physical RAM: 2930.13 MB
Total Virtual: 8173.8 MB
Available Virtual: 7208.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:221.74 GB) (Free:143.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.14 GB) (Free:1.84 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2E3E2E3E)
Partition 1: (Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 19 August 2015 - 08:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1215446760-1989245984-247186789-1000 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: ArcadeFrontier Addon -> {A0A838EC-FAAC-4F46-B3BA-D998593DB00E} -> C:\Program Files (x86)\ArcadeFrontier\arcfront.dll [2014-07-09] ()
FF DefaultSearchEngine.US: Trovi
FF SelectedSearchEngine: Ask Web Search
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9E4443CC-88E7-4B13-826F-7094B0370BA9&n=781ac9c8&ind=2015021512&p2=^BDG^xdm415^YYA^us&si=downloadzipnow&searchfor=
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2007-04-16] ()
FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\searchplugins\ask-web-search.xml [2015-02-15]
FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\searchplugins\trovi.xml [2015-08-16]
FF Extension: Cinema_Plus-1.2V16.08 - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-08-17]
FF HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\Firefox\Extensions: [addon@arcadefrontier.com] - C:\Program Files (x86)\ArcadeFrontier\arcfront.xpi
CHR Extension: (Cinema_Plus-1.2V16.08) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-17]
S2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
U1 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {5422F709-5B3F-4B3C-A859-F4C7E011C259} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\ArcadeFrontier
C:\Program Files (x86)\Viewpoint
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 19 August 2015 - 09:27 AM

I had to perform all these actions in safe mode with networking even after doing all the clean up. Regular mode is freezing up still.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Theresa (2015-08-19 08:46:50) Run:1
Running from C:\Users\Theresa\Downloads
Loaded Profiles: Theresa (Available Profiles: Theresa)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1215446760-1989245984-247186789-1000 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: ArcadeFrontier Addon -> {A0A838EC-FAAC-4F46-B3BA-D998593DB00E} -> C:\Program Files (x86)\ArcadeFrontier\arcfront.dll [2014-07-09] ()
FF DefaultSearchEngine.US: Trovi
FF SelectedSearchEngine: Ask Web Search
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9E4443CC-88E7-4B13-826F-7094B0370BA9&n=781ac9c8&ind=2015021512&p2=^BDG^xdm415^YYA^us&si=downloadzipnow&searchfor=
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2007-04-16] ()
FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\searchplugins\ask-web-search.xml [2015-02-15]
FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\searchplugins\trovi.xml [2015-08-16]
FF Extension: Cinema_Plus-1.2V16.08 - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-08-17]
FF HKU\S-1-5-21-1215446760-1989245984-247186789-1000\...\Firefox\Extensions: [addon@arcadefrontier.com] - C:\Program Files (x86)\ArcadeFrontier\arcfront.xpi
CHR Extension: (Cinema_Plus-1.2V16.08) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-17]
S2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
U1 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {5422F709-5B3F-4B3C-A859-F4C7E011C259} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\ArcadeFrontier
C:\Program Files (x86)\Viewpoint
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FF0415C-F933-4B77-B940-30B24B44A479}" => key removed successfully
HKCR\CLSID\{8FF0415C-F933-4B77-B940-30B24B44A479} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8FF0415C-F933-4B77-B940-30B24B44A479}" => key removed successfully
HKCR\Wow6432Node\CLSID\{8FF0415C-F933-4B77-B940-30B24B44A479} => key not found. 
"HKU\S-1-5-21-1215446760-1989245984-247186789-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FF0415C-F933-4B77-B940-30B24B44A479}" => key removed successfully
HKCR\CLSID\{8FF0415C-F933-4B77-B940-30B24B44A479} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0A838EC-FAAC-4F46-B3BA-D998593DB00E}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{A0A838EC-FAAC-4F46-B3BA-D998593DB00E}" => key removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "Keyword.URL" removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nielsen/FirefoxTracker" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP" => key removed successfully
C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll => moved successfully.
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\searchplugins\ask-web-search.xml => moved successfully.
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\searchplugins\trovi.xml => moved successfully.
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com => moved successfully.
HKU\S-1-5-21-1215446760-1989245984-247186789-1000\Software\Mozilla\Firefox\Extensions\\addon@arcadefrontier.com => value removed successfully
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp => moved successfully.
Viewpoint Manager Service => service removed successfully
eabfiltr => service removed successfully
IpInIp => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5422F709-5B3F-4B3C-A859-F4C7E011C259}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5422F709-5B3F-4B3C-A859-F4C7E011C259}" => key removed successfully
C:\Windows\System32\Tasks\LaunchApp => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => key removed successfully
"C:\Program Files (x86)\MyPC Backup" => File/Folder not found.
C:\Program Files (x86)\ArcadeFrontier => moved successfully.
C:\Program Files (x86)\Viewpoint => moved successfully.
"C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com" => File/Folder not found.
"C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp" => File/Folder not found.
EmptyTemp: => 114.4 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 08:47:19 ====
 
I had trouble finding the adwcleaner log and i found 2 logs so I'm posting them both. sorry for the inconvenience.
 
# AdwCleaner v5.002 - Logfile created 19/08/2015 at 09:05:05
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Theresa - THERESA-PC
# Running from : C:\Users\Theresa\Downloads\adwcleaner_5.002.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\GUPlayer
Folder Found : C:\Program Files (x86)\OneSystemCare
Folder Found : C:\Program Files (x86)\Exploremedia
Folder Found : C:\Program Files (x86)\Cinema_Plus-1.2V16.08
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\ProgramData\MovieDeaConfig
Folder Found : C:\ProgramData\{9548d5bb-93ad-eee8-9548-8d5bb93a56ee}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
Folder Found : C:\Users\Theresa\AppData\Local\globalUpdate
Folder Found : C:\Users\Theresa\AppData\Local\speed browser
Folder Found : C:\Users\Theresa\AppData\Local\SmartWeb
Folder Found : C:\Users\Theresa\AppData\Local\FinanceAlert
Folder Found : C:\Users\Theresa\AppData\Local\38464E43-1439722814-3533-3051-001E68F2E2E3
Folder Found : C:\Users\Theresa\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Theresa\AppData\Roaming\iWin
Folder Found : C:\Windows\SysWOW64\First Verify
 
***** [ Files ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
File Found : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
Key Found : HKLM\SOFTWARE\Classes\Record\{3B96B73A-292C-31BF-A2D3-34DF54CBDB55}
Key Found : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
Key Found : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
Key Found : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
Key Found : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
Key Found : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
Key Found : HKLM\SOFTWARE\Classes\Record\{07430FF5-B7A6-3D5A-9F9B-2D7C57183B3B}
Key Found : HKLM\SOFTWARE\Classes\Record\{0B764022-3741-345E-AB39-0A2A8577C5E0}
Key Found : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
Key Found : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
Key Found : HKLM\SOFTWARE\Classes\Record\{A865D884-9B93-377B-A24D-12BF02DFF6D3}
Key Found : HKLM\SOFTWARE\Classes\Record\{B0EBAFE9-ED42-34D1-B7D7-CBBE39A467CF}
Key Found : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
Key Found : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
Key Found : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
Key Found : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
Key Found : HKLM\SOFTWARE\Classes\Record\{DE64992E-A184-3DA6-927A-DA3906A77D7B}
Key Found : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
Key Found : HKLM\SOFTWARE\Classes\Record\{F489A9AA-4924-32DF-AB6C-6EEE3A3C0A99}
Key Found : HKLM\SOFTWARE\Classes\Record\{F5C7BCD8-0F63-34D0-BA9C-906545CD4020}
Key Found : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
 
***** [ Web browsers ] *****
 
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=263F1455-5D1E-42C1-B013-CA8D1E7324F4&n=781ac9c8&ind=2015021512&p2=^Z7^xdm674^S12046^us&si=CNKm54[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.BUTTON_STRUCTURE", "[{\"b\":220780013,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":220780014,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.defaultenginename.prev", "Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.defaultenginename.savedPrev", "true");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.selectedEngine.prev", "Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.selectedEngine.savedPrev", "true");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.homepage.prev", "hxxp://home.tb.ask.com/index.jhtml?ptb=263F1455-5D1E-42C1-B013-CA8D1E7324F4&n=781ac9c8&p2=^Z7^xdm674^S12046^us&si=C[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.homepage.savedPrev", "true");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=9E4443CC-88E7-4B13-826F-7094B0370BA9&n=781ac9c8&p2=^BDG^xdm415^YYA^us&si=downl[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.page.savedPrev", 1);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.page.tb", 1);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.version.last", "35.0");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.firstKnownVersion", "6.85.5.63625");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=9E4443CC-88E7-4B13-826F-7094B0370BA9&n=781ac9c8&p2=^BDG^xdm415^YYA^us&si=downloadzipnow");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.hp.enabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.hp.guardType", "HPR");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.initialized", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installKeysSource", "LocalStorage");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installType", "XPI");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.contextKey", "");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.installDate", "2015021512");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.partnerId", "^BDG^xdm415^YYA^us");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.partnerSubId", "downloadzipnow");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.pixelUrl", "hxxp://free.eliteunzip.com/install_pixels.jhtml?partner=^BDG^xdm415^YYA^us&sub_id=downloadzipnow&coId=d3bf3d36c2934a07a67ad[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.success", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.toolbarId", "9E4443CC-88E7-4B13-826F-7094B0370BA9");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.isCompliantUninstallImplementation", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.lastKnownVersion", "6.85.5.63625");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.options.defaultSearch", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.options.homePageEnabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.options.keywordEnabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.options.tabEnabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.partnerPixelFired", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.successUrl", "hxxp://free.eliteunzip.com/installComplete.jhtml");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._aaMembers_.toolbarCollapsed", false);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.BUTTON_STRUCTURE", "[{\"b\":223677194,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":223677195,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.prev", "Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.savedPrev", "true");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.prev", "Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.savedPrev", "true");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.savedPrev", "true");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=263F1455-5D1E-42C1-B013-CA8D1E7324F4&n=781ac9c8&p2=^Z7^xdm674^S12046^us&si=CNK[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.savedPrev", 1);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.tb", 1);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.version.last", "35.0");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.firstKnownVersion", "6.85.6.3298");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=263F1455-5D1E-42C1-B013-CA8D1E7324F4&n=781ac9c8&p2=^Z7^xdm674^S12046^us&si=CNKm54qp48MCFYU9aQodrh[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.enabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.guardType", "HPR");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.user.defined", false);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installKeysSource", "LocalStorage");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installType", "XPI");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.contextKey", "");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2015021512");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "^Z7^xdm674^S12046^us");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "CNKm54qp48MCFYU9aQodrh0AzQ");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.pixelUrl", "hxxp://free.gamingwonderland.com/install_pixels.jhtml?partner=^Z7^xdm674^S12046^us&coId=8f6cb99d2cd546bbb7569d099d508e19&tb[...]
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarId", "263F1455-5D1E-42C1-B013-CA8D1E7324F4");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.isCompliantUninstallImplementation", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.lastKnownVersion", "6.85.6.3298");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.partnerPixelFired", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.successUrl", "hxxp://free.gamingwonderland.com/installComplete.jhtml");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbar.ownSearch", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbarCollapsed", false);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "eliteunzip@mindspark.com");
[C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "eliteunzip@mindspark.com");
[C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [22924 bytes] ##########
 
 
 
 
# AdwCleaner v5.002 - Logfile created 19/08/2015 at 09:07:03
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Theresa - THERESA-PC
# Running from : C:\Users\Theresa\Downloads\adwcleaner_5.002.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Program Files (x86)\globalUpdate
[#] Folder Deleted : C:\Program Files (x86)\predm
[#] Folder Deleted : C:\Program Files (x86)\GUPlayer
[#] Folder Deleted : C:\Program Files (x86)\OneSystemCare
[#] Folder Deleted : C:\Program Files (x86)\Exploremedia
[#] Folder Deleted : C:\Program Files (x86)\Cinema_Plus-1.2V16.08
[#] Folder Deleted : C:\ProgramData\Viewpoint
[#] Folder Deleted : C:\ProgramData\MovieDeaConfig
[#] Folder Deleted : C:\ProgramData\{9548d5bb-93ad-eee8-9548-8d5bb93a56ee}
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[#] Folder Deleted : C:\Users\Theresa\AppData\Local\globalUpdate
[#] Folder Deleted : C:\Users\Theresa\AppData\Local\speed browser
[#] Folder Deleted : C:\Users\Theresa\AppData\Local\SmartWeb
[#] Folder Deleted : C:\Users\Theresa\AppData\Local\FinanceAlert
[#] Folder Deleted : C:\Users\Theresa\AppData\Local\38464E43-1439722814-3533-3051-001E68F2E2E3
[#] Folder Deleted : C:\Users\Theresa\AppData\LocalLow\HPAppData
[#] Folder Deleted : C:\Users\Theresa\AppData\Roaming\iWin
[#] Folder Deleted : C:\Windows\SysWOW64\First Verify
 
***** [ Files ] *****
 
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File Deleted : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
[-] File Deleted : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{3B96B73A-292C-31BF-A2D3-34DF54CBDB55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{07430FF5-B7A6-3D5A-9F9B-2D7C57183B3B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{0B764022-3741-345E-AB39-0A2A8577C5E0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{A865D884-9B93-377B-A24D-12BF02DFF6D3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B0EBAFE9-ED42-34D1-B7D7-CBBE39A467CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DE64992E-A184-3DA6-927A-DA3906A77D7B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F489A9AA-4924-32DF-AB6C-6EEE3A3C0A99}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F5C7BCD8-0F63-34D0-BA9C-906545CD4020}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\MetaStream
[-] Key Deleted : HKLM\SOFTWARE\Viewpoint
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=263F1455-5D1E-42C1-B013-CA8D1E7324F4&n=781ac9c8&ind=2015021512&p2=^Z7^xdm674^S12046^us&si=CNKm54[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.BUTTON_STRUCTURE", "[{\"b\":220780013,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":220780014,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.defaultenginename.prev", "Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.defaultenginename.savedPrev", "true");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.selectedEngine.prev", "Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.selectedEngine.savedPrev", "true");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.homepage.prev", "hxxp://home.tb.ask.com/index.jhtml?ptb=263F1455-5D1E-42C1-B013-CA8D1E7324F4&n=781ac9c8&p2=^Z7^xdm674^S12046^us&si=C[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=9E4443CC-88E7-4B13-826F-7094B0370BA9&n=781ac9c8&p2=^BDG^xdm415^YYA^us&si=downl[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.startup.page.tb", 1);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.browser.version.last", "35.0");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.firstKnownVersion", "6.85.5.63625");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=9E4443CC-88E7-4B13-826F-7094B0370BA9&n=781ac9c8&p2=^BDG^xdm415^YYA^us&si=downloadzipnow");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.hp.enabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.hp.guardType", "HPR");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.initialized", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installKeysSource", "LocalStorage");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installType", "XPI");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.contextKey", "");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.installDate", "2015021512");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.partnerId", "^BDG^xdm415^YYA^us");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.partnerSubId", "downloadzipnow");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.pixelUrl", "hxxp://free.eliteunzip.com/install_pixels.jhtml?partner=^BDG^xdm415^YYA^us&sub_id=downloadzipnow&coId=d3bf3d36c2934a07a67ad[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.success", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.installation.toolbarId", "9E4443CC-88E7-4B13-826F-7094B0370BA9");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.lastKnownVersion", "6.85.5.63625");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.options.defaultSearch", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.options.homePageEnabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.options.keywordEnabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.options.tabEnabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.partnerPixelFired", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.successUrl", "hxxp://free.eliteunzip.com/installComplete.jhtml");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._aaMembers_.toolbarCollapsed", false);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.BUTTON_STRUCTURE", "[{\"b\":223677194,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":223677195,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.prev", "Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.savedPrev", "true");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.prev", "Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.savedPrev", "true");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=263F1455-5D1E-42C1-B013-CA8D1E7324F4&n=781ac9c8&p2=^Z7^xdm674^S12046^us&si=CNK[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.tb", 1);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.version.last", "35.0");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.firstKnownVersion", "6.85.6.3298");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=263F1455-5D1E-42C1-B013-CA8D1E7324F4&n=781ac9c8&p2=^Z7^xdm674^S12046^us&si=CNKm54qp48MCFYU9aQodrh[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.enabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.guardType", "HPR");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.user.defined", false);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installKeysSource", "LocalStorage");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installType", "XPI");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.contextKey", "");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2015021512");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "^Z7^xdm674^S12046^us");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "CNKm54qp48MCFYU9aQodrh0AzQ");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.pixelUrl", "hxxp://free.gamingwonderland.com/install_pixels.jhtml?partner=^Z7^xdm674^S12046^us&coId=8f6cb99d2cd546bbb7569d099d508e19&tb[...]
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarId", "263F1455-5D1E-42C1-B013-CA8D1E7324F4");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.lastKnownVersion", "6.85.6.3298");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.partnerPixelFired", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.successUrl", "hxxp://free.gamingwonderland.com/installComplete.jhtml");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbar.ownSearch", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbarCollapsed", false);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "eliteunzip@mindspark.com");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\jghww5fb.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "eliteunzip@mindspark.com");
[-] [C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [23909 bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 19 August 2015 - 12:41 PM

Use the System File Checker tool to repair missing or corrupted system files

Follow the instructions on this page.

When the sfc /scannow command is terminated execute the command under this title.

How to view details of the System File Checker process

At the command prompt, type the following command, and then press ENTER:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt

Attach the cbs.log for my review.

Let me know if the problem persists.

Edited by nasdaq, 20 August 2015 - 06:48 AM.


#5 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 19 August 2015 - 01:34 PM

I'm sorry I dont quite understand your directions. Also if anything in your last post is 'clickable' its not letting me click anything. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 20 August 2015 - 06:49 AM

My bad. Go to this link.

https://support.microsoft.com/en-us/kb/929833

Follow my instructions.

#7 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 20 August 2015 - 09:04 AM

Having problems trying to paste contents here. Its making this page unresponsive....



#8 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 20 August 2015 - 10:36 AM

I've tried several times but can't paste the log here... waiting for more instructions.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 21 August 2015 - 09:51 AM

The file is probably to large to post.

Try to Attach it.

In the Reply to this topic page, click the More Reply Options.

Browse to the saved file and select it.
Then hit the Attach button.

Post the log. The file should be attached.

#10 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 22 August 2015 - 09:55 AM

I cant find the file. this is where the page says it is located: The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache. 

 

Windows can't find that file. However there is a file on my desktop named  sfcdetails I opened it and this is what it has in it.....

 

 

2015-08-20 08:46:22, Info                  CSI    00000006 [SR] Verifying 100 (0x0000000000000064) components

2015-08-20 08:46:22, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:24, Info                  CSI    00000009 [SR] Verify complete
2015-08-20 08:46:25, Info                  CSI    0000000a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:25, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:26, Info                  CSI    0000000d [SR] Verify complete
2015-08-20 08:46:27, Info                  CSI    0000000e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:27, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:29, Info                  CSI    00000011 [SR] Verify complete
2015-08-20 08:46:30, Info                  CSI    00000012 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:30, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:31, Info                  CSI    00000015 [SR] Verify complete
2015-08-20 08:46:32, Info                  CSI    00000016 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:32, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:34, Info                  CSI    00000019 [SR] Verify complete
2015-08-20 08:46:35, Info                  CSI    0000001a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:35, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:37, Info                  CSI    0000001d [SR] Verify complete
2015-08-20 08:46:38, Info                  CSI    0000001e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:38, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:39, Info                  CSI    00000021 [SR] Verify complete
2015-08-20 08:46:40, Info                  CSI    00000022 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:40, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:41, Info                  CSI    00000025 [SR] Verify complete
2015-08-20 08:46:42, Info                  CSI    00000026 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:42, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:44, Info                  CSI    00000029 [SR] Verify complete
2015-08-20 08:46:44, Info                  CSI    0000002a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:44, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:46, Info                  CSI    0000002d [SR] Verify complete
2015-08-20 08:46:47, Info                  CSI    0000002e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:47, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:48, Info                  CSI    00000031 [SR] Verify complete
2015-08-20 08:46:49, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:49, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:50, Info                  CSI    00000035 [SR] Verify complete
2015-08-20 08:46:51, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:51, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:53, Info                  CSI    00000039 [SR] Verify complete
2015-08-20 08:46:53, Info                  CSI    0000003a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:53, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:55, Info                  CSI    0000003d [SR] Verify complete
2015-08-20 08:46:56, Info                  CSI    0000003e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:56, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:57, Info                  CSI    00000041 [SR] Verify complete
2015-08-20 08:46:58, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:46:58, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2015-08-20 08:46:59, Info                  CSI    00000045 [SR] Verify complete
2015-08-20 08:47:00, Info                  CSI    00000046 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:00, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:02, Info                  CSI    00000049 [SR] Verify complete
2015-08-20 08:47:02, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:02, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:04, Info                  CSI    0000004d [SR] Verify complete
2015-08-20 08:47:05, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:05, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:06, Info                  CSI    00000051 [SR] Verify complete
2015-08-20 08:47:07, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:07, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:09, Info                  CSI    00000055 [SR] Verify complete
2015-08-20 08:47:10, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:10, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:12, Info                  CSI    00000059 [SR] Verify complete
2015-08-20 08:47:13, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:13, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:15, Info                  CSI    0000005d [SR] Verify complete
2015-08-20 08:47:16, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:16, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:18, Info                  CSI    00000061 [SR] Verify complete
2015-08-20 08:47:18, Info                  CSI    00000062 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:18, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:20, Info                  CSI    00000065 [SR] Verify complete
2015-08-20 08:47:21, Info                  CSI    00000066 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:21, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:22, Info                  CSI    00000069 [SR] Verify complete
2015-08-20 08:47:23, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:23, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:25, Info                  CSI    0000006d [SR] Verify complete
2015-08-20 08:47:26, Info                  CSI    0000006e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:26, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:27, Info                  CSI    00000071 [SR] Verify complete
2015-08-20 08:47:28, Info                  CSI    00000072 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:28, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:29, Info                  CSI    00000075 [SR] Verify complete
2015-08-20 08:47:30, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:30, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:31, Info                  CSI    00000079 [SR] Verify complete
2015-08-20 08:47:32, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:32, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:34, Info                  CSI    0000007d [SR] Verify complete
2015-08-20 08:47:35, Info                  CSI    0000007e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:35, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:39, Info                  CSI    00000081 [SR] Verify complete
2015-08-20 08:47:39, Info                  CSI    00000082 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:39, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:43, Info                  CSI    00000086 [SR] Verify complete
2015-08-20 08:47:44, Info                  CSI    00000087 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:44, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:50, Info                  CSI    0000008c [SR] Verify complete
2015-08-20 08:47:51, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:51, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2015-08-20 08:47:56, Info                  CSI    00000092 [SR] Verify complete
2015-08-20 08:47:56, Info                  CSI    00000093 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:47:56, Info                  CSI    00000094 [SR] Beginning Verify and Repair transaction
2015-08-20 08:48:01, Info                  CSI    00000096 [SR] Verify complete
2015-08-20 08:48:01, Info                  CSI    00000097 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:48:01, Info                  CSI    00000098 [SR] Beginning Verify and Repair transaction
2015-08-20 08:48:07, Info                  CSI    000000aa [SR] Verify complete
2015-08-20 08:48:08, Info                  CSI    000000ab [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:48:08, Info                  CSI    000000ac [SR] Beginning Verify and Repair transaction
2015-08-20 08:48:16, Info                  CSI    000000c1 [SR] Verify complete
2015-08-20 08:48:16, Info                  CSI    000000c2 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:48:16, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2015-08-20 08:48:22, Info                  CSI    000000c5 [SR] Verify complete
2015-08-20 08:48:22, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:48:22, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2015-08-20 08:48:27, Info                  CSI    000000c9 [SR] Verify complete
2015-08-20 08:48:27, Info                  CSI    000000ca [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:48:27, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
2015-08-20 08:48:33, Info                  CSI    000000cd [SR] Verify complete
2015-08-20 08:48:34, Info                  CSI    000000ce [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:48:34, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
2015-08-20 08:48:41, Info                  CSI    000000d1 [SR] Verify complete
2015-08-20 08:48:42, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:48:42, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
2015-08-20 08:48:52, Info                  CSI    000000eb [SR] Verify complete
2015-08-20 08:48:52, Info                  CSI    000000ec [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:48:52, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:03, Info                  CSI    000000ef [SR] Verify complete
2015-08-20 08:49:03, Info                  CSI    000000f0 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:03, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:15, Info                  CSI    000000f3 [SR] Verify complete
2015-08-20 08:49:15, Info                  CSI    000000f4 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:15, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:17, Info                  CSI    000000f7 [SR] Verify complete
2015-08-20 08:49:17, Info                  CSI    000000f8 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:17, Info                  CSI    000000f9 [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:19, Info                  CSI    000000fb [SR] Verify complete
2015-08-20 08:49:19, Info                  CSI    000000fc [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:19, Info                  CSI    000000fd [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:22, Info                  CSI    000000ff [SR] Verify complete
2015-08-20 08:49:22, Info                  CSI    00000100 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:22, Info                  CSI    00000101 [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:31, Info                  CSI    00000114 [SR] Verify complete
2015-08-20 08:49:32, Info                  CSI    00000115 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:32, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:33, Info                  CSI    00000118 [SR] Verify complete
2015-08-20 08:49:33, Info                  CSI    00000119 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:33, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:36, Info                  CSI    0000011c [SR] Verify complete
2015-08-20 08:49:36, Info                  CSI    0000011d [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:36, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:38, Info                  CSI    00000120 [SR] Verify complete
2015-08-20 08:49:38, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:38, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:45, Info                  CSI    00000124 [SR] Verify complete
2015-08-20 08:49:46, Info                  CSI    00000125 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:46, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:53, Info                  CSI    00000129 [SR] Verify complete
2015-08-20 08:49:54, Info                  CSI    0000012a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:54, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2015-08-20 08:49:56, Info                  CSI    0000012d [SR] Verify complete
2015-08-20 08:49:56, Info                  CSI    0000012e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:49:56, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2015-08-20 08:50:02, Info                  CSI    00000131 [SR] Verify complete
2015-08-20 08:50:02, Info                  CSI    00000132 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:50:02, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2015-08-20 08:50:07, Info                  CSI    00000135 [SR] Verify complete
2015-08-20 08:50:07, Info                  CSI    00000136 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:50:07, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2015-08-20 08:50:14, Info                  CSI    00000139 [SR] Verify complete
2015-08-20 08:50:15, Info                  CSI    0000013a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:50:15, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
2015-08-20 08:50:26, Info                  CSI    00000153 [SR] Verify complete
2015-08-20 08:50:26, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:50:26, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2015-08-20 08:50:33, Info                  CSI    00000157 [SR] Verify complete
2015-08-20 08:50:33, Info                  CSI    00000158 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:50:33, Info                  CSI    00000159 [SR] Beginning Verify and Repair transaction
2015-08-20 08:50:50, Info                  CSI    0000015b [SR] Verify complete
2015-08-20 08:50:50, Info                  CSI    0000015c [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:50:50, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:00, Info                  CSI    0000015f [SR] Verify complete
2015-08-20 08:51:00, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:51:00, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:09, Info                  CSI    00000163 [SR] Verify complete
2015-08-20 08:51:10, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:51:10, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:15, Info                  CSI    00000167 [SR] Verify complete
2015-08-20 08:51:15, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:51:15, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:20, Info                  CSI    0000016b [SR] Verify complete
2015-08-20 08:51:20, Info                  CSI    0000016c [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:51:20, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:26, Info                  CSI    00000171 [SR] Verify complete
2015-08-20 08:51:26, Info                  CSI    00000172 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:51:26, Info                  CSI    00000173 [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:37, Info                  CSI    00000175 [SR] Verify complete
2015-08-20 08:51:37, Info                  CSI    00000176 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:51:37, Info                  CSI    00000177 [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:44, Info                  CSI    00000179 [SR] Verify complete
2015-08-20 08:51:45, Info                  CSI    0000017a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:51:45, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:52, Info                  CSI    0000017d [SR] Verify complete
2015-08-20 08:51:52, Info                  CSI    0000017e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:51:52, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
2015-08-20 08:51:57, Info                  CSI    00000181 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-08-20 08:52:00, Info                  CSI    00000183 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-08-20 08:52:00, Info                  CSI    00000184 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2015-08-20 08:52:01, Info                  CSI    00000186 [SR] Verify complete
2015-08-20 08:52:01, Info                  CSI    00000187 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:01, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
2015-08-20 08:52:07, Info                  CSI    0000018a [SR] Verify complete
2015-08-20 08:52:07, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:07, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2015-08-20 08:52:14, Info                  CSI    0000018e [SR] Verify complete
2015-08-20 08:52:14, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:14, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2015-08-20 08:52:23, Info                  CSI    00000193 [SR] Verify complete
2015-08-20 08:52:24, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:24, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2015-08-20 08:52:31, Info                  CSI    00000197 [SR] Verify complete
2015-08-20 08:52:31, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:31, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2015-08-20 08:52:36, Info                  CSI    0000019b [SR] Verify complete
2015-08-20 08:52:37, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:37, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2015-08-20 08:52:44, Info                  CSI    000001a0 [SR] Verify complete
2015-08-20 08:52:44, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:44, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
2015-08-20 08:52:51, Info                  CSI    000001a8 [SR] Verify complete
2015-08-20 08:52:51, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:51, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
2015-08-20 08:52:58, Info                  CSI    000001ac [SR] Verify complete
2015-08-20 08:52:58, Info                  CSI    000001ad [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:52:58, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
2015-08-20 08:53:07, Info                  CSI    000001b0 [SR] Verify complete
2015-08-20 08:53:07, Info                  CSI    000001b1 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:53:07, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
2015-08-20 08:53:09, Info                  CSI    000001b4 [SR] Verify complete
2015-08-20 08:53:09, Info                  CSI    000001b5 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:53:09, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2015-08-20 08:53:15, Info                  CSI    000001b8 [SR] Verify complete
2015-08-20 08:53:15, Info                  CSI    000001b9 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:53:15, Info                  CSI    000001ba [SR] Beginning Verify and Repair transaction
2015-08-20 08:53:22, Info                  CSI    000001bc [SR] Verify complete
2015-08-20 08:53:23, Info                  CSI    000001bd [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:53:23, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
2015-08-20 08:53:32, Info                  CSI    000001c0 [SR] Verify complete
2015-08-20 08:53:32, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:53:32, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2015-08-20 08:53:37, Info                  CSI    000001c4 [SR] Verify complete
2015-08-20 08:53:37, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:53:37, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2015-08-20 08:53:49, Info                  CSI    000001c8 [SR] Verify complete
2015-08-20 08:53:50, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:53:50, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2015-08-20 08:53:54, Info                  CSI    000001cc [SR] Verify complete
2015-08-20 08:53:54, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:53:54, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:03, Info                  CSI    000001d9 [SR] Verify complete
2015-08-20 08:54:03, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:03, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:08, Info                  CSI    000001dd [SR] Verify complete
2015-08-20 08:54:09, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:09, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:13, Info                  CSI    000001e1 [SR] Verify complete
2015-08-20 08:54:15, Info                  CSI    000001e2 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:15, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:21, Info                  CSI    000001e5 [SR] Verify complete
2015-08-20 08:54:21, Info                  CSI    000001e6 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:21, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:30, Info                  CSI    000001e9 [SR] Verify complete
2015-08-20 08:54:30, Info                  CSI    000001ea [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:30, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:31, Info                  CSI    000001ed [SR] Verify complete
2015-08-20 08:54:31, Info                  CSI    000001ee [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:31, Info                  CSI    000001ef [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:33, Info                  CSI    000001f1 [SR] Verify complete
2015-08-20 08:54:33, Info                  CSI    000001f2 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:33, Info                  CSI    000001f3 [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:42, Info                  CSI    000001f8 [SR] Verify complete
2015-08-20 08:54:42, Info                  CSI    000001f9 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:42, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2015-08-20 08:54:54, Info                  CSI    00000200 [SR] Verify complete
2015-08-20 08:54:55, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:54:55, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:03, Info                  CSI    00000214 [SR] Verify complete
2015-08-20 08:55:03, Info                  CSI    00000215 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:03, Info                  CSI    00000216 [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:07, Info                  CSI    00000218 [SR] Verify complete
2015-08-20 08:55:07, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:07, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:12, Info                  CSI    0000021c [SR] Verify complete
2015-08-20 08:55:12, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:12, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:16, Info                  CSI    00000223 [SR] Verify complete
2015-08-20 08:55:16, Info                  CSI    00000224 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:16, Info                  CSI    00000225 [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:20, Info                  CSI    00000227 [SR] Verify complete
2015-08-20 08:55:21, Info                  CSI    00000228 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:21, Info                  CSI    00000229 [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:27, Info                  CSI    0000024e [SR] Verify complete
2015-08-20 08:55:27, Info                  CSI    0000024f [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:27, Info                  CSI    00000250 [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:31, Info                  CSI    00000252 [SR] Verify complete
2015-08-20 08:55:32, Info                  CSI    00000253 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:32, Info                  CSI    00000254 [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:36, Info                  CSI    00000256 [SR] Verify complete
2015-08-20 08:55:36, Info                  CSI    00000257 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:36, Info                  CSI    00000258 [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:41, Info                  CSI    00000269 [SR] Verify complete
2015-08-20 08:55:41, Info                  CSI    0000026a [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:41, Info                  CSI    0000026b [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:51, Info                  CSI    0000026d [SR] Verify complete
2015-08-20 08:55:51, Info                  CSI    0000026e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:51, Info                  CSI    0000026f [SR] Beginning Verify and Repair transaction
2015-08-20 08:55:58, Info                  CSI    0000027d [SR] Verify complete
2015-08-20 08:55:58, Info                  CSI    0000027e [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:55:58, Info                  CSI    0000027f [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:00, Info                  CSI    00000281 [SR] Verify complete
2015-08-20 08:56:00, Info                  CSI    00000282 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:00, Info                  CSI    00000283 [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:05, Info                  CSI    00000286 [SR] Verify complete
2015-08-20 08:56:05, Info                  CSI    00000287 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:05, Info                  CSI    00000288 [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:12, Info                  CSI    0000028b [SR] Verify complete
2015-08-20 08:56:13, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:13, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:14, Info                  CSI    0000028f [SR] Verify complete
2015-08-20 08:56:15, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:15, Info                  CSI    00000291 [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:20, Info                  CSI    00000293 [SR] Verify complete
2015-08-20 08:56:20, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:20, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:24, Info                  CSI    00000297 [SR] Verify complete
2015-08-20 08:56:24, Info                  CSI    00000298 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:24, Info                  CSI    00000299 [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:32, Info                  CSI    000002af [SR] Verify complete
2015-08-20 08:56:32, Info                  CSI    000002b0 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:32, Info                  CSI    000002b1 [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:39, Info                  CSI    000002b9 [SR] Verify complete
2015-08-20 08:56:40, Info                  CSI    000002ba [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:40, Info                  CSI    000002bb [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:55, Info                  CSI    000002bd [SR] Verify complete
2015-08-20 08:56:56, Info                  CSI    000002be [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:56, Info                  CSI    000002bf [SR] Beginning Verify and Repair transaction
2015-08-20 08:56:59, Info                  CSI    000002c1 [SR] Verify complete
2015-08-20 08:56:59, Info                  CSI    000002c2 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:56:59, Info                  CSI    000002c3 [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:06, Info                  CSI    000002c5 [SR] Verify complete
2015-08-20 08:57:07, Info                  CSI    000002c6 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:07, Info                  CSI    000002c7 [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:10, Info                  CSI    000002ca [SR] Verify complete
2015-08-20 08:57:11, Info                  CSI    000002cb [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:11, Info                  CSI    000002cc [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:20, Info                  CSI    000002ce [SR] Verify complete
2015-08-20 08:57:21, Info                  CSI    000002cf [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:21, Info                  CSI    000002d0 [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:26, Info                  CSI    000002d2 [SR] Verify complete
2015-08-20 08:57:26, Info                  CSI    000002d3 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:26, Info                  CSI    000002d4 [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:30, Info                  CSI    000002d6 [SR] Verify complete
2015-08-20 08:57:30, Info                  CSI    000002d7 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:30, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:34, Info                  CSI    000002da [SR] Verify complete
2015-08-20 08:57:34, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:34, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:39, Info                  CSI    000002df [SR] Verify complete
2015-08-20 08:57:39, Info                  CSI    000002e0 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:39, Info                  CSI    000002e1 [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:44, Info                  CSI    000002e3 [SR] Verify complete
2015-08-20 08:57:44, Info                  CSI    000002e4 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:44, Info                  CSI    000002e5 [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:50, Info                  CSI    000002ea [SR] Verify complete
2015-08-20 08:57:50, Info                  CSI    000002eb [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:50, Info                  CSI    000002ec [SR] Beginning Verify and Repair transaction
2015-08-20 08:57:56, Info                  CSI    000002ee [SR] Verify complete
2015-08-20 08:57:56, Info                  CSI    000002ef [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:57:56, Info                  CSI    000002f0 [SR] Beginning Verify and Repair transaction
2015-08-20 08:58:00, Info                  CSI    000002f3 [SR] Verify complete
2015-08-20 08:58:01, Info                  CSI    000002f4 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:58:01, Info                  CSI    000002f5 [SR] Beginning Verify and Repair transaction
2015-08-20 08:58:07, Info                  CSI    000002f7 [SR] Verify complete
2015-08-20 08:58:08, Info                  CSI    000002f8 [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:58:08, Info                  CSI    000002f9 [SR] Beginning Verify and Repair transaction
2015-08-20 08:58:14, Info                  CSI    000002fb [SR] Verify complete
2015-08-20 08:58:15, Info                  CSI    000002fc [SR] Verifying 100 (0x0000000000000064) components
2015-08-20 08:58:15, Info                  CSI    000002fd [SR] Beginning Verify and Repair transaction
2015-08-20 08:58:20, Info                  CSI    000002ff [SR] Verify complete
2015-08-20 08:58:20, Info                  CSI    00000300 [SR] Verifying 13 (0x000000000000000d) components
2015-08-20 08:58:20, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
2015-08-20 08:58:21, Info                  CSI    00000303 [SR] Verify complete
2015-08-20 08:58:21, Info                  CSI    00000304 [SR] Repairing 1 components
2015-08-20 08:58:21, Info                  CSI    00000305 [SR] Beginning Verify and Repair transaction
2015-08-20 08:58:21, Info                  CSI    00000307 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-08-20 08:58:21, Info                  CSI    00000309 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-08-20 08:58:21, Info                  CSI    0000030a [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2015-08-20 08:58:21, Info                  CSI    0000030c [SR] Repair complete
2015-08-20 08:58:21, Info                  CSI    0000030d [SR] Committing transaction
2015-08-20 08:58:21, Info                  CSI    00000311 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 
Reminder I have performed all these task in safe mode. Regular mode freezes. 


#11 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 22 August 2015 - 09:57 AM

Yes, problem still persist as far as windows freezing. 



#12 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 22 August 2015 - 10:02 AM

I was searching for more files and came across this hoping its useful. 

I have to attach it bc its to big.   hmm its saying the file is to big to upload..... but its marked as a CBS.

log



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 22 August 2015 - 01:23 PM

Repair the important services.

You may not be able to do a Restore point in Save mode. Ignore it.

Please Download Tweaking.com - Windows Repair from
Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    07 - Repair Internet Explorer
    08 - Repair MDAC/MS Jet
    09 - Repair HOSTS File
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    13 - Repair Network (previously Repair Winsock & DNS Cache)
    14 - Removed Temp Files
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    25 - Repair Print Spooler
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===


#14 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:12:02 PM

Posted 23 August 2015 - 10:26 AM

Log:
Tweaking.com - Windows Repair v3.4.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Premium
OS Architecture: 64-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: THERESA-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Theresa
Current Profile SID: S-1-5-21-1215446760-1989245984-247186789-1000
Current Profile Classes: S-1-5-21-1215446760-1989245984-247186789-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Theresa\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:34:24
 
Process Count: 74
Commit Total: 1.59 GB
Commit Limit: 8.03 GB
Commit Peak: 8.84 GB
Handle Count: 15388
Kernel Total: 372.60 MB
Kernel Paged: 292.70 MB
Kernel Non Paged: 79.90 MB
System Cache: 2.55 GB
Thread Count: 671
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.90 GB
Memory Used: 1.15 GB(29.5808%)
Memory Avail.: 2.75 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.90 GB
Memory Used: 837.11 MB(20.9369%)
Memory Avail.: 3.09 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (8/23/2015 10:05:47 AM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 24
 
   Done (8/23/2015 10:05:48 AM)
 
03 - Reset Service Permissions
   Start (8/23/2015 10:05:48 AM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:05:59 AM)
 
04 - Register System Files
   Start (8/23/2015 10:05:59 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:07:45 AM)
 
05 - Repair WMI
   Start (8/23/2015 10:07:45 AM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   No Antivirus Products Reported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (8/23/2015 10:09:33 AM)
 
06 - Repair Windows Firewall
   Start (8/23/2015 10:09:33 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:10:08 AM)
 
07 - Repair Internet Explorer
   Start (8/23/2015 10:10:08 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:11:06 AM)
 
08 - Repair MDAC/MS Jet
   Start (8/23/2015 10:11:06 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:11:23 AM)
 
09 - Repair Hosts File
   Start (8/23/2015 10:11:23 AM)
   Running Repair Under System Account
   Done (8/23/2015 10:11:24 AM)
 
10 - Remove Policies Set By Infections
   Start (8/23/2015 10:11:24 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:11:27 AM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (8/23/2015 10:11:27 AM)
   Running Repair Under System Account
   Done (8/23/2015 10:11:28 AM)
 
13 - Repair Network
   Start (8/23/2015 10:11:28 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:11:41 AM)
 
14 - Remove Temp Files
   Start (8/23/2015 10:11:41 AM)
   Running Repair Under System Account
   Done (8/23/2015 10:11:43 AM)
 
15 - Repair Proxy Settings
   Start (8/23/2015 10:11:43 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:11:46 AM)
 
17 - Repair Windows Updates
   Start (8/23/2015 10:11:46 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (8/23/2015 10:12:28 AM)
 
19 - Repair Volume Shadow Copy Service
   Start (8/23/2015 10:12:28 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:13:00 AM)
 
21 - Repair MSI (Windows Installer)
   Start (8/23/2015 10:13:00 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:13:16 AM)
 
25 - Repair Print Spooler
   Start (8/23/2015 10:13:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:13:31 AM)
 
26 - Restore Important Windows Services
   Start (8/23/2015 10:13:31 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:13:41 AM)
 
27 - Set Windows Services To Default Startup
   Start (8/23/2015 10:13:41 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/23/2015 10:13:54 AM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (8/23/2015 10:13:54 AM)
   Total Repair Time: 00:08:08
 
 
...YOU MUST RESTART YOUR SYSTEM...


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 23 August 2015 - 12:22 PM

Any improvement after the restart?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users