Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen after trying to detect virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 marym

marym

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:02:44 AM

Posted 25 January 2016 - 05:31 PM

I was following BC instructions to eliminate whatever was making my IE11 frequently stop responding. After following all instructions, downloading detection programs and posting logs, I was instructed to try something else. I downloaded (Step 6) FRST64 and the logs below appeared. I stepped away from my computer for a few hours and when I came back, waking from hibernation, the computer turned off and on again, now showing the BLUE SCREEN. I started up again in Safe Mode with Networking. Now I'm really nervous. My computer got worse since following instructions from the beginning.

 

Below are the last two logs: I'm not a computer expert so I can't decipher what this means.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by Mary (administrator) on MARY-PC (24-01-2016 21:10:57)
Running from C:\Users\Mary\Desktop
Loaded Profiles: Mary (Available Profiles: Mary)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2011-01-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\917\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [36776 2016-01-18] (Glarysoft Ltd)
HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\MountPoints2: {15af635c-4bad-11e0-856d-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-326479466-2012091454-3323493520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * 
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C0D8A0C-37A7-4EEE-96B0-BDED29585215}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{0C0D8A0C-37A7-4EEE-96B0-BDED29585215}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{117EC525-A14F-46C8-92A1-D72B6A0B329A}: [DhcpNameServer] 167.206.254.1 167.206.254.2

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-326479466-2012091454-3323493520-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-326479466-2012091454-3323493520-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.mail.aol.com&seamless=novl&lang=en&locale=US&authLev=0&siteState=sid%3A6765c67d-67d6-4253-bcc8-72389be84d0e%7Cqp%3A%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Cat%3ASNS%7Clc%3Aen_US%7Crt%3ASTD%7Csnt%3AScreenName%7C&offerId=newmail-en-us-v2
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKU\S-1-5-21-326479466-2012091454-3323493520-1000 -> DefaultScope {3520ADD9-08AE-4C95-89E4-C5809973E64B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-326479466-2012091454-3323493520-1000 -> {3520ADD9-08AE-4C95-89E4-C5809973E64B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab
DPF: HKLM-x32 {354D91A8-E3C9-491F-BB89-0FB27DEEED86} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab
DPF: HKLM-x32 {45EEDB84-57BC-4FBD-8065-7AB8E971B545} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7A162288-DE78-473C-A6BA-23FF17F768E9} hxxps://connect19.uc.att.com/EventEntry/Websites/res/Windows/AxWebInstaller.cab
DPF: HKLM-x32 {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab
DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: HKLM-x32 {B2D168E0-5597-101D-843A-DA16297B4C87} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://farmers-training-center.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\xeug0fne.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-05] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-01-28] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-05] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-19] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-19] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-01-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-326479466-2012091454-3323493520-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mary\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-27] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-09-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-09-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-09-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-09-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-09-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mary\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-11-10] (Cisco WebEx LLC)
FF Extension: QuickJava - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\xeug0fne.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-08-10]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-24] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-12-24] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-12-24] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-19] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://speedial.com/?f=1&a=spd_frg_14_23_ie&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0D0E0BtB0ByB0C0D0F0AtN0D0Tzu0SzzzytDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzz0AyCtB0FtA0AtGtA0A0EtBtGtDtA0C0EtGtB0E0EtBtGyEtAyEtByC0ByDzzyCyE0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyCtA0AyD0BtAtGzz0AtDyDtG0EyByE0EtG0C0BtCyCtGtCyDzz0B0Fzz0CtC0D0CtC0E2QtN1B1L1H1Ezu1O2U1M1B&cr=1633780034&ir=
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Google Docs) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Google Drive) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Kaspersky Protection) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-03]
CHR Extension: (Google Sheets) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR Extension: (Gmail) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 atnthost; C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe [16776 2012-01-30] (WebEx Communications, Inc.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-19] (Kaspersky Lab ZAO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-08] (Dropbox, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Mary\AppData\Local\Temp\7zS3609\hpslpsvc64.dll [X]
S3 LBTServ; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-01] (Broadcom Corporation.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-19] (Kaspersky Lab UK Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-04-29] (Glarysoft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-19] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-07-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-07-19] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-07-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831672 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-07-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-07-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-07-19] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-07-19] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-07-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
S3 WLRAWMp50x64; System32\Drivers\WLRAWMp50x64.sys [X]
S3 WLRAWSp50x64; System32\Drivers\WLRAWSp50x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 21:10 - 2016-01-24 21:11 - 00028969 _____ C:\Users\Mary\Desktop\FRST.txt
2016-01-24 21:10 - 2016-01-24 21:10 - 00000000 ____D C:\FRST
2016-01-24 21:09 - 2016-01-24 21:10 - 02370560 _____ (Farbar) C:\Users\Mary\Desktop\FRST64.exe
2016-01-24 12:22 - 2016-01-24 12:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\27D46B97.sys
2016-01-24 10:01 - 2016-01-24 10:01 - 00006337 _____ C:\Users\Mary\AppData\Local\recently-used.xbel
2016-01-23 17:35 - 2016-01-23 17:35 - 00000000 ____D C:\Users\Mary\AppData\Local\{F2520DAA-025D-48FA-A19B-7C3F73EA8B41}
2016-01-23 12:17 - 2016-01-23 12:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3B181970.sys
2016-01-22 11:58 - 2016-01-22 11:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\7FF13CC4.sys
2016-01-21 11:57 - 2016-01-21 11:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\17C86DBA.sys
2016-01-21 09:04 - 2015-05-17 09:56 - 00001413 _____ C:\Users\Mary\Desktop\Internet Explorer.lnk
2016-01-20 20:08 - 2016-01-20 20:08 - 00000201 _____ C:\Users\Mary\Documents\Toilet and Tile.txt
2016-01-20 10:22 - 2016-01-20 10:22 - 00659968 _____ C:\Users\Mary\Downloads\MicrosoftFixit50195.msi
2016-01-20 09:59 - 2016-01-20 09:59 - 00545964 _____ C:\Users\Mary\Documents\Torres_Luis_Mildred BOR pages.pdf
2016-01-19 12:08 - 2016-01-19 12:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\5FA55A63.sys
2016-01-17 09:06 - 2016-01-17 09:06 - 00022722 _____ C:\Users\Mary\Downloads\Image (2)
2016-01-17 09:05 - 2016-01-17 09:05 - 00022722 _____ C:\Users\Mary\Downloads\Image (1)
2016-01-16 18:00 - 2016-01-16 18:00 - 00000724 _____ C:\Users\Mary\Desktop\ESET Online Scan.txt
2016-01-16 15:45 - 2016-01-16 15:45 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-15 16:54 - 2016-01-15 16:54 - 00022722 _____ C:\Users\Mary\Downloads\Image
2016-01-15 11:56 - 2016-01-15 11:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\27911847.sys
2016-01-14 19:21 - 2016-01-14 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-01-14 19:21 - 2016-01-14 19:21 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-01-14 19:18 - 2016-01-14 19:19 - 142940472 _____ (Sophos Limited) C:\Users\Mary\Desktop\Sophos Virus Removal Tool.exe
2016-01-14 19:18 - 2016-01-14 19:18 - 00000000 ____D C:\ProgramData\Sophos
2016-01-14 19:13 - 2016-01-14 19:21 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-01-14 18:52 - 2016-01-14 18:52 - 00009260 _____ C:\Users\Mary\Desktop\JRT.txt
2016-01-14 18:44 - 2016-01-14 18:44 - 01600184 _____ (Malwarebytes) C:\Users\Mary\Desktop\JRT.exe
2016-01-14 17:51 - 2016-01-14 17:51 - 00001565 _____ C:\Users\Mary\Desktop\Clean1.txt
2016-01-14 17:45 - 2016-01-14 19:03 - 00000000 ____D C:\AdwCleaner
2016-01-14 17:44 - 2016-01-14 17:44 - 01754112 _____ C:\Users\Mary\Desktop\adwcleaner_5.029.exe
2016-01-14 17:36 - 2016-01-14 17:36 - 00448512 _____ (OldTimer Tools) C:\Users\Mary\Desktop\TFC.exe
2016-01-14 15:28 - 2016-01-14 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-13 20:35 - 2016-01-13 20:38 - 00002032 _____ C:\Users\Mary\Desktop\Rkill.txt
2016-01-13 20:35 - 2016-01-13 20:35 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Mary\Desktop\rkill.exe
2016-01-13 19:57 - 2016-01-13 20:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-13 19:56 - 2016-01-13 20:21 - 00000000 ____D C:\Users\Mary\Desktop\mbar
2016-01-13 19:56 - 2016-01-13 19:56 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Mary\Desktop\mbar-1.09.3.1001.exe
2016-01-13 19:49 - 2016-01-13 19:49 - 00001064 _____ C:\Users\Mary\Desktop\BleepingCompuerMWB.txt
2016-01-13 19:17 - 2016-01-13 19:17 - 00048109 _____ C:\Users\Mary\Desktop\BleepingComputerLogs.txt
2016-01-13 19:13 - 2016-01-13 19:13 - 00044555 _____ C:\Users\Mary\Desktop\MTB.txt
2016-01-13 19:10 - 2016-01-13 19:10 - 00002457 _____ C:\Users\Mary\Desktop\FSS.txt
2016-01-13 18:56 - 2016-01-13 18:56 - 00852720 _____ C:\Users\Mary\Desktop\SecurityCheck.exe
2016-01-11 11:01 - 2016-01-11 11:01 - 00003318 _____ C:\Windows\System32\Tasks\PinItAutoUpdate
2016-01-11 11:01 - 2016-01-11 11:01 - 00000000 ____D C:\Program Files (x86)\Pinterest
2016-01-11 10:08 - 2016-01-11 10:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3F710D81.sys
2016-01-11 09:52 - 2016-01-11 09:52 - 00536200 _____ (Pinterest ) C:\Users\Mary\Downloads\Pinterest-IE-0.0.4.exe
2016-01-10 21:39 - 2016-01-10 21:40 - 00773943 _____ C:\Users\Mary\Desktop\strong-testimonials.zip
2016-01-09 11:08 - 2016-01-09 11:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\77621E73.sys
2016-01-08 11:17 - 2016-01-08 11:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\10735762.sys
2016-01-05 10:45 - 2016-01-05 10:45 - 00278313 _____ C:\Users\Mary\Downloads\img-105094022-0001.pdf
2016-01-05 10:01 - 2016-01-05 10:01 - 00494480 _____ C:\Users\Mary\Downloads\doc02360620151230115823 (5).pdf
2016-01-04 12:52 - 2016-01-04 12:52 - 00013739 _____ C:\Users\Mary\Desktop\InitialM - Shortcut.lnk
2016-01-04 11:04 - 2016-01-04 11:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\5653154F.sys
2016-01-03 11:08 - 2016-01-03 11:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3FB04A57.sys
2016-01-02 22:42 - 2016-01-02 22:42 - 00025377 _____ C:\Users\Mary\Downloads\Attachment-1 (1).jpeg
2016-01-02 22:41 - 2016-01-02 22:41 - 00049765 _____ C:\Users\Mary\Downloads\Attachment-1.jpeg
2016-01-02 09:16 - 2016-01-02 09:16 - 00027436 _____ C:\Users\Mary\Downloads\Acord 80_2 pg.pdf
2016-01-02 09:14 - 2016-01-02 09:14 - 00032393 _____ C:\Users\Mary\Downloads\Acord90 NY Auto App.pdf
2016-01-01 13:18 - 2016-01-01 13:18 - 00494480 _____ C:\Users\Mary\Downloads\doc02360620151230115823 (4).pdf
2016-01-01 13:12 - 2016-01-01 13:12 - 00080665 _____ C:\Users\Mary\Downloads\Endorsement (7).pdf
2016-01-01 13:10 - 2016-01-01 13:10 - 00070693 _____ C:\Users\Mary\Downloads\K2745153 (1).pdf
2016-01-01 13:08 - 2016-01-01 13:08 - 00021163 _____ C:\Users\Mary\Downloads\0910bba4-b711-4173-87e5-e7fa9dad98f4 (3).pdf
2016-01-01 13:05 - 2016-01-01 13:05 - 00080665 _____ C:\Users\Mary\Downloads\Endorsement (6).pdf
2016-01-01 13:04 - 2016-01-01 13:04 - 00080665 _____ C:\Users\Mary\Downloads\Endorsement (5).pdf
2016-01-01 12:58 - 2016-01-01 12:58 - 00371036 _____ C:\Users\Mary\Downloads\insurance_house12312015.pdf
2015-12-31 18:36 - 2015-12-31 18:36 - 00710941 _____ C:\Users\Mary\Downloads\SULLO_MICHAEL_APPLICANTS STATEMENT_ 12 18 15_SIGNATURE (1).pdf
2015-12-31 17:21 - 2015-12-31 17:21 - 00494480 _____ C:\Users\Mary\Downloads\doc02360620151230115823 (3).pdf
2015-12-31 13:12 - 2015-12-31 13:12 - 00022665 _____ C:\Users\Mary\Downloads\Sorensen dec pages (5).pdf
2015-12-31 13:06 - 2015-12-31 13:06 - 00080665 _____ C:\Users\Mary\Downloads\Endorsement (4).pdf
2015-12-31 13:02 - 2015-12-31 13:02 - 00080665 _____ C:\Users\Mary\Downloads\Endorsement (3).pdf
2015-12-31 12:59 - 2015-12-31 12:59 - 00022665 _____ C:\Users\Mary\Downloads\Sorensen dec pages (4).pdf
2015-12-31 10:43 - 2015-12-31 10:43 - 00021163 _____ C:\Users\Mary\Downloads\0910bba4-b711-4173-87e5-e7fa9dad98f4 (2).pdf
2015-12-31 10:29 - 2015-12-31 10:29 - 00070693 _____ C:\Users\Mary\Downloads\K2745153.pdf
2015-12-31 10:23 - 2015-12-31 10:23 - 00021163 _____ C:\Users\Mary\Downloads\0910bba4-b711-4173-87e5-e7fa9dad98f4 (1).pdf
2015-12-31 10:21 - 2015-12-31 10:22 - 00021163 _____ C:\Users\Mary\Downloads\0910bba4-b711-4173-87e5-e7fa9dad98f4.pdf
2015-12-31 07:52 - 2015-12-31 07:52 - 00255385 _____ C:\Users\Mary\Downloads\HP Pavilion 550 016 Desktop.pdf
2015-12-30 18:56 - 2015-12-31 07:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\32E17803.sys
2015-12-30 17:22 - 2015-12-30 17:22 - 00080665 _____ C:\Users\Mary\Downloads\Endorsement (2).pdf
2015-12-30 17:16 - 2015-12-30 17:16 - 00710941 _____ C:\Users\Mary\Downloads\SULLO_MICHAEL_APPLICANTS STATEMENT_ 12 18 15_SIGNATURE.pdf
2015-12-30 17:01 - 2015-12-30 17:01 - 00494480 _____ C:\Users\Mary\Downloads\doc02360620151230115823 (2).pdf
2015-12-30 16:57 - 2015-12-30 16:57 - 07654621 _____ C:\Users\Mary\Downloads\Sullo_Michael National General Auto Policy Docs.pdf
2015-12-30 16:50 - 2015-12-30 16:50 - 00494480 _____ C:\Users\Mary\Downloads\doc02360620151230115823 (1).pdf
2015-12-30 16:42 - 2015-12-30 16:42 - 00080665 _____ C:\Users\Mary\Downloads\Endorsement (1).pdf
2015-12-30 16:37 - 2015-12-30 16:37 - 00080665 _____ C:\Users\Mary\Downloads\Endorsement.pdf
2015-12-30 14:20 - 2015-12-30 14:20 - 00494480 _____ C:\Users\Mary\Downloads\doc02360620151230115823.pdf
2015-12-29 22:23 - 2015-12-29 22:23 - 04290002 _____ C:\Users\Mary\Downloads\Attachment.pdf
2015-12-29 16:19 - 2015-12-29 16:19 - 00431221 _____ C:\Users\Mary\Downloads\Application HO #978987453 (1).pdf
2015-12-29 16:10 - 2015-12-29 16:10 - 00314661 _____ C:\Users\Mary\Downloads\BIJALA_VENKAT_EVIDENCE_12 29 15.pdf
2015-12-29 14:18 - 2015-12-29 14:18 - 00659302 _____ C:\Users\Mary\Downloads\FARMERS BP Sample McDonald.xps
2015-12-29 14:14 - 2015-12-29 14:14 - 06854512 _____ C:\Users\Mary\Downloads\State Farm Business Plan.pdf
2015-12-29 13:47 - 2015-12-29 13:47 - 00431221 _____ C:\Users\Mary\Downloads\Application HO #978987453.pdf
2015-12-29 11:33 - 2015-12-29 11:33 - 02097152 _____ C:\Users\Mary\Downloads\e2cabf59-590c-4ff2-8581-e44c620febec (2).pdf
2015-12-29 11:26 - 2015-12-29 11:27 - 00028055 _____ C:\Users\Mary\Downloads\doc02345120151228131916.pdf
2015-12-29 11:25 - 2015-12-29 11:25 - 00061763 _____ C:\Users\Mary\Downloads\non-payment cancellation.pdf
2015-12-29 11:22 - 2015-12-29 11:22 - 00000006 _____ C:\Users\Mary\Downloads\ATT00001 (2).txt
2015-12-29 11:18 - 2015-12-29 11:18 - 00060492 _____ C:\Users\Mary\Downloads\Cancellation Notice or LPR (3).PDF
2015-12-29 11:17 - 2015-12-29 11:17 - 00679108 _____ C:\Users\Mary\Downloads\Narragansett Bay Declarations Page (1).pdf
2015-12-29 11:16 - 2015-12-29 11:16 - 01407784 _____ C:\Users\Mary\Downloads\RAO_CHRISTINE_BHARAT_ACORD 35_CANCELLATION OF STATE FARM POLICY (2).pdf
2015-12-29 11:15 - 2015-12-29 11:15 - 00022665 _____ C:\Users\Mary\Downloads\Sorensen dec pages (3).pdf
2015-12-29 11:14 - 2015-12-29 11:14 - 00022420 _____ C:\Users\Mary\Downloads\RAO_CHRISTINE_BHARAT_DEC PAGE_HO3 10797649_NBIC_12 23 15.pdf
2015-12-29 11:07 - 2015-12-29 11:07 - 00015147 _____ C:\Users\Mary\Downloads\Document.pdf
2015-12-28 23:18 - 2015-12-28 23:18 - 02097152 _____ C:\Users\Mary\Downloads\a8f989ad-cfae-4afb-ae31-4ca33b1ad6b2.pdf
2015-12-28 22:51 - 2015-12-28 22:51 - 00012710 _____ C:\Users\Mary\Downloads\Binder (1).pdf
2015-12-28 22:13 - 2015-12-28 22:13 - 00012710 _____ C:\Users\Mary\Downloads\Binder.pdf
2015-12-28 22:00 - 2015-12-28 22:00 - 02097152 _____ C:\Users\Mary\Downloads\b1c7d6bf-8d25-4ac1-916f-145ed8c063d3.pdf
2015-12-28 21:45 - 2015-12-28 21:45 - 02097152 _____ C:\Users\Mary\Downloads\e2cabf59-590c-4ff2-8581-e44c620febec (1).pdf
2015-12-28 21:31 - 2015-12-28 21:31 - 02097152 _____ C:\Users\Mary\Downloads\e2cabf59-590c-4ff2-8581-e44c620febec.pdf
2015-12-28 20:15 - 2015-12-28 20:15 - 00032233 _____ C:\Users\Mary\Downloads\Certificate - mario kokkonis.pdf
2015-12-28 20:14 - 2015-12-28 20:14 - 02213341 _____ C:\Users\Mary\Downloads\Kokkonis_Mario Signed App_Alarm Cert_Quote_Payment.pdf
2015-12-28 18:26 - 2015-12-28 18:26 - 00000006 _____ C:\Users\Mary\Downloads\ATT00001 (1).txt
2015-12-28 14:33 - 2015-12-28 14:33 - 02412735 _____ C:\Users\Mary\Documents\Buderus - 196006 - Install Instructions.pdf
2015-12-27 13:30 - 2015-12-27 13:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_motmodem_01009.Wdf
2015-12-27 13:24 - 2016-01-04 09:21 - 00000000 ____D C:\Temp
2015-12-27 13:24 - 2015-12-27 13:24 - 00003484 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
2015-12-27 13:24 - 2015-12-27 13:24 - 00003292 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2015-12-27 13:24 - 2015-12-27 13:24 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Motorola Mobility
2015-12-27 13:24 - 2015-12-27 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2015-12-27 13:24 - 2015-12-27 13:24 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
2015-12-27 13:23 - 2015-12-27 13:23 - 00000000 ____D C:\Program Files\Motorola Mobility LLC
2015-12-27 13:23 - 2015-12-27 13:23 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2015-12-27 13:22 - 2015-12-27 13:22 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Motorola
2015-12-27 13:11 - 2015-12-27 13:31 - 00000000 ____D C:\ProgramData\Motorola
2015-12-27 13:08 - 2015-12-27 13:24 - 00000000 ____D C:\Program Files (x86)\Motorola
2015-12-27 13:06 - 2015-12-27 13:06 - 06992149 _____ (Motorola ) C:\Users\Mary\Downloads\setup_final.exe
2015-12-27 12:21 - 2015-12-27 12:21 - 00000194 _____ C:\Users\Mary\Documents\Motorola Razr chat Dec 2015.txt
2015-12-27 10:12 - 2015-12-27 10:12 - 00000000 ____D C:\Users\Mary\Documents\Bluetooth Exchange Folder
2015-12-27 10:12 - 2015-12-27 10:12 - 00000000 ____D C:\Users\Mary\AppData\Local\Broadcom
2015-12-27 10:05 - 2013-10-01 15:35 - 00172760 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2015-12-27 10:05 - 2012-10-17 09:46 - 00057399 _____ C:\Windows\system32\Drivers\BCM20702A1_001.002.014.0889.0896.hex
2015-12-27 10:02 - 2015-12-27 10:02 - 00000000 ____D C:\Program Files\WIDCOMM

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 21:11 - 2014-02-26 10:59 - 00000536 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-326479466-2012091454-3323493520-1000.job
2016-01-24 21:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-24 21:06 - 2015-11-08 10:01 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-24 21:04 - 2013-11-10 21:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-24 21:03 - 2011-05-19 12:49 - 00000000 ____D C:\Users\Mary\Documents\MARY
2016-01-24 20:45 - 2015-07-19 12:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-24 20:32 - 2009-07-13 23:45 - 00020816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-24 20:32 - 2009-07-13 23:45 - 00020816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-24 20:27 - 2015-05-31 15:51 - 00000632 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-326479466-2012091454-3323493520-1000.job
2016-01-24 14:01 - 2014-04-15 08:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-24 13:41 - 2011-01-29 01:16 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F149C686-0E3A-4276-BF6D-8C691DB656DE}
2016-01-24 10:11 - 2015-08-24 20:45 - 00000000 ____D C:\Users\Mary\.gimp-2.8
2016-01-24 10:06 - 2015-11-08 10:01 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-24 10:01 - 2015-12-15 07:33 - 00000000 ____D C:\Users\Mary\AppData\Local\gtk-2.0
2016-01-24 09:13 - 2014-05-21 08:43 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-01-24 09:12 - 2014-01-27 11:08 - 00000000 ___RD C:\Users\Mary\Dropbox
2016-01-24 09:12 - 2014-01-27 11:06 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Dropbox
2016-01-24 09:11 - 2013-11-10 21:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-24 09:04 - 2012-10-23 15:53 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-24 09:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-23 19:59 - 2015-04-02 12:34 - 00000000 ____D C:\Users\Mary\AppData\Local\CrashDumps
2016-01-23 18:21 - 2011-04-19 15:52 - 00000000 ____D C:\Users\Mary\AppData\Local\Windows Live
2016-01-23 17:34 - 2011-04-03 14:03 - 00049152 _____ C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-22 19:18 - 2011-01-31 11:12 - 00000000 ____D C:\Users\Mary\Documents\Outlook Files
2016-01-22 18:50 - 2011-02-07 12:05 - 00000000 ____D C:\Users\Mary\Documents\CHRIS
2016-01-22 18:22 - 2015-10-17 08:18 - 00000000 ____D C:\Users\Mary\Documents\DA NICO
2016-01-22 12:26 - 2015-09-17 20:02 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-22 12:26 - 2013-11-10 21:20 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-22 10:47 - 2014-08-21 05:54 - 00001040 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2016-01-22 10:47 - 2014-05-21 08:43 - 00003308 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-01-22 10:47 - 2014-05-21 08:43 - 00002968 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-01-22 10:47 - 2014-05-21 08:43 - 00001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-01-21 09:04 - 2013-08-21 14:20 - 00000000 ____D C:\DashConfig
2016-01-19 23:08 - 2015-05-31 15:51 - 00003658 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-326479466-2012091454-3323493520-1000
2016-01-19 23:08 - 2014-02-26 10:59 - 00003562 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-326479466-2012091454-3323493520-1000
2016-01-16 15:45 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-14 17:29 - 2011-04-13 08:04 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Skype
2016-01-14 15:28 - 2011-04-13 08:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 15:28 - 2011-04-13 08:03 - 00000000 ____D C:\ProgramData\Skype
2016-01-14 15:15 - 2015-08-03 17:12 - 00000000 ____D C:\Users\Mary\AppData\Local\Skype
2016-01-13 19:56 - 2014-05-02 05:36 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-13 19:43 - 2011-03-16 09:10 - 00284160 ___SH C:\Users\Mary\Desktop\Thumbs.db
2016-01-11 11:32 - 2011-01-29 20:59 - 00000000 ____D C:\Users\Mary\AppData\Local\ElevatedDiagnostics
2016-01-09 14:17 - 2011-05-31 13:40 - 00842752 ___SH C:\Users\Mary\Documents\Thumbs.db
2016-01-05 08:32 - 2012-05-06 17:59 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 08:32 - 2011-05-18 21:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-05 08:32 - 2011-01-28 23:56 - 00000000 ____D C:\Users\Mary\AppData\Local\Adobe
2015-12-27 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
2015-12-27 13:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-27 13:24 - 2011-01-28 03:36 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-12-27 13:23 - 2011-01-28 00:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-27 12:34 - 2011-02-07 21:49 - 00000000 ____D C:\Users\Mary\Documents\VANESSA
2015-12-27 10:14 - 2011-06-11 10:05 - 00809366 _____ C:\Windows\system32\perfh010.dat
2015-12-27 10:14 - 2011-06-11 10:05 - 00172954 _____ C:\Windows\system32\perfc010.dat
2015-12-27 10:14 - 2009-07-14 00:13 - 01856174 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 01:16 - 2015-12-24 08:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-26 01:16 - 2013-01-31 20:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-09-06 06:43 - 2014-09-06 06:42 - 0268563 _____ () C:\Program Files\MOV_2225.3gp
2014-09-06 06:43 - 2014-09-06 06:42 - 0342119 _____ () C:\Program Files\MOV_8922.3gp
2015-11-21 11:28 - 2015-11-21 11:28 - 0000425 _____ () C:\Program Files\webcast.ics
2011-03-04 16:23 - 2011-03-04 16:23 - 0000268 ___RH () C:\Users\Mary\AppData\Roaming\CIOSupport
2012-09-11 08:49 - 2011-12-22 12:45 - 0076407 _____ () C:\Users\Mary\AppData\Roaming\Smiley.ico
2014-06-08 12:55 - 2014-06-08 12:55 - 0000045 _____ () C:\Users\Mary\AppData\Roaming\WB.CFG
2011-04-03 14:03 - 2016-01-23 17:34 - 0049152 _____ () C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-10 13:00 - 2013-09-10 13:00 - 0004096 ____H () C:\Users\Mary\AppData\Local\keyfile3.drm
2014-03-31 08:29 - 2014-03-31 08:29 - 0000206 _____ () C:\Users\Mary\AppData\Local\poetsch.bat
2016-01-24 10:01 - 2016-01-24 10:01 - 0006337 _____ () C:\Users\Mary\AppData\Local\recently-used.xbel
2015-12-08 09:06 - 2015-12-08 09:06 - 0007609 _____ () C:\Users\Mary\AppData\Local\Resmon.ResmonCfg
2012-11-16 09:58 - 2012-11-16 09:58 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-03-04 16:23 - 2015-08-02 11:35 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT

Files to move or delete:
====================
C:\Users\Mary\Adobe_Photoshop_Elements_9-AkamaiDLM.exe
C:\Users\Mary\MetricCollection.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-19 12:36

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by Mary (2016-01-24 21:12:00)
Running from C:\Users\Mary\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-01-28 05:50:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-326479466-2012091454-3323493520-500 - Administrator - Disabled)
Guest (S-1-5-21-326479466-2012091454-3323493520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-326479466-2012091454-3323493520-1011 - Limited - Enabled)
Mary (S-1-5-21-326479466-2012091454-3323493520-1000 - Administrator - Enabled) => C:\Users\Mary

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Out of date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Out of date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Connect Add-in (HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.1.88 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Aimersoft DVD Ripper(Build 2.7.2.0) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version:  - Aimersoft Software)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMS 360 Client Rev 4 (HKLM-x32\...\{6F5A8711-918A-496D-B7C2-495F99006854}) (Version: 8.5.112 - AMS Services, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
ASUS E-Green Uninstall (HKLM-x32\...\EGREEN) (Version:  - )
AT&T Connect Participant Application v9.0.82 (HKLM-x32\...\{1F3A6960-8470-4C84-820C-EBFFAF4DA580}) (Version: 9.0.82 - AT&T Inc.)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Business Plan Pro 2007 (HKLM-x32\...\{1141BAE3-DEF7-4189-A6DC-4635BE3EAD9E}) (Version: 9.04.0002 - Palo Alto Software)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Gimp Themes v1.0 (HKLM-x32\...\{833D97B9-AC16-45C1-AD44-0A32198956F8}) (Version: 1.0.0 - www.gimp-tutorials.net)
Glary Utilities PRO 5.43 (HKLM-x32\...\Glary Utilities 5) (Version: 5.43.0.63 - Glarysoft Ltd)
Go Gateway (HKU\.DEFAULT\...\39d47b9c9d0eec2e) (Version: 2.3.4.7 - Allstate)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.82 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.917 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.9.0.4288 (HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\GoToMeeting) (Version: 7.9.0.4288 - CitrixOnline)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{24E45339-C750-4EAE-8241-BA25A7DABBDD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP SmartPrint 1.0.1.0 (HKLM-x32\...\{CAF5658F-F3DE-4F19-80ED-D5B43FED1F89}) (Version: 1.01.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Moto Contacts Tool (HKLM-x32\...\{018C7ADA-ED29-413F-BE57-2200A0FEFC06}) (Version: 1.00.0007 - Motorola)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{d6e459b2-729d-4bd2-bfd7-9a50610c8b59}) (Version:  - Nero AG)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.0 - Nikon)
NVIDIA 3D Vision Controller Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks Remote Access (HKLM-x32\...\MyWebExPC) (Version:  - WebEx Communications, Inc)
QuickBooks Remote Access Patch (HKLM-x32\...\{8ACAC8BB-FB3D-4839-B2D7-B1F40C525FF1}) (Version: 1.0.0 - WebEx Communications Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rating_Workstation_Basic (HKLM-x32\...\{2970B270-64C7-4B12-949A-46693474EE1A}) (Version: 1.00.0000 - PL Rating)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (x32 Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.1.008 - Serif (Europe) Ltd)
Serif PagePlus Starter Edition (HKLM-x32\...\{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}) (Version: 2.0.2.009 - Serif (Europe) Ltd)
Serif WebPlus X4 (HKLM-x32\...\{9ADA45A0-8043-470A-8E8B-02EA7D95F896}) (Version: 12.0.5.033 - Serif (Europe) Ltd)
Serif WebPlus X4 Resources (HKLM-x32\...\{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}) (Version: 12.0.0.008 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.79.0 - Verizon)
VzDownloadManager (HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinX DVD Ripper 5.5.8 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-326479466-2012091454-3323493520-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0144DFB1-2B1F-40CB-8E36-097EADB03080} - System32\Tasks\G2MUpdateTask-S-1-5-21-326479466-2012091454-3323493520-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4288\g2mupdate.exe [2016-01-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {06BD7EBA-04EA-4AF2-945D-A7F556256BD0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-08] (Dropbox, Inc.)
Task: {0A6A1506-06FE-496A-A9ED-C85A68B31D1D} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {2EE5BAFF-70CD-41AF-8CA4-EF9E4FEB27B0} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {4D0F8185-B530-4B2A-8167-7CC25EFFD239} - System32\Tasks\{C59FD189-C41E-4B07-B963-9B7C5C4B3071} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-01-11] (Skype Technologies S.A.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5A5FC479-1197-4813-9E89-9CD7756DF8EC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5F57AC69-976E-4196-868F-4BD36F355064} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {64730218-A383-4D92-AC64-FE7F7E2F3B1E} - System32\Tasks\{88A55B90-F3F7-4475-8EC7-9CC9F1F2D3F2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.108.259/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {84A62C89-EADC-4A38-BDAA-07E0FDFB6C4A} - System32\Tasks\G2MUploadTask-S-1-5-21-326479466-2012091454-3323493520-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4288\g2mupload.exe [2016-01-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {8C3D56E0-198C-49AF-ABF5-8311BA955B1B} - System32\Tasks\{FA3F44FF-FEBD-409C-AACE-B35840C739C2} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.12.0.101/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {92559B14-576A-4C5C-8CA6-6380B71B44A8} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {9265A1CF-B162-48E0-A605-D2C79D00C365} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9285F9A2-66A1-451E-872F-73EF136A10A3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {9FD8C092-8160-4CD9-8674-0BD3223E8007} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A11E5AAF-8FDE-4E50-ABC1-BF40AEB6372E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-01-18] (Glarysoft Ltd)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DDACE683-FB25-4FD7-AEA7-9FC6D1BD3952} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F2267163-AA94-43E8-9E72-D1A4E280A101} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-08] (Dropbox, Inc.)
Task: {F6147785-223F-4954-BF31-B6CC49CE5886} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-01-18] (Glarysoft Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-326479466-2012091454-3323493520-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4288\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-326479466-2012091454-3323493520-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4288\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-10-23 15:52 - 2015-02-03 21:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-02 10:18 - 2015-06-02 10:18 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-12-14 20:09 - 2015-10-30 19:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-14 20:08 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2015-12-14 20:08 - 2015-10-30 19:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-14 20:09 - 2015-10-30 19:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-14 20:09 - 2015-10-30 19:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-14 20:09 - 2015-12-08 16:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2015-12-14 20:08 - 2015-10-30 19:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-14 20:09 - 2015-12-08 16:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-14 20:09 - 2015-10-30 19:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-14 20:09 - 2015-12-08 16:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-14 20:09 - 2015-12-08 16:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-14 20:08 - 2015-10-30 20:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-14 20:09 - 2015-12-08 16:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2015-12-14 20:08 - 2015-10-30 20:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-14 20:09 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-14 20:09 - 2015-12-08 16:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 20:09 - 2015-10-30 19:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2015-12-14 20:08 - 2015-10-30 19:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2015-12-14 20:08 - 2015-10-30 20:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-14 20:08 - 2015-12-08 16:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-14 20:09 - 2015-10-30 20:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-14 20:09 - 2015-12-08 16:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-12-14 20:08 - 2015-12-08 16:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-14 20:09 - 2015-10-30 20:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-11-08 10:02 - 2015-10-30 20:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-12-14 20:09 - 2015-10-30 20:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-12-14 20:09 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2016-01-18 00:51 - 2016-01-18 00:51 - 00079784 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\MOV_2225.3gp:com.dropbox.attributes
AlternateDataStreams: C:\Program Files\MOV_8922.3gp:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mary\Downloads\Dropbox_v3.10.9.exe:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mary\Documents\Ma Maison Website draft.backup.wpp:SummaryInformation
AlternateDataStreams: C:\Users\Mary\Documents\Ma Maison Website draft.backup.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Mary\Documents\Ma Maison Website draft.wpp:SummaryInformation
AlternateDataStreams: C:\Users\Mary\Documents\Ma Maison Website draft.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Mary\Documents\Martha Raye.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Mary\Documents\Martha Raye.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Mary\Documents\Publication1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Mary\Documents\Publication1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\accessallstate.com -> accessallstate.com
IE trusted site: HKU\.DEFAULT\...\aicpcu.org -> aicpcu.org
IE trusted site: HKU\.DEFAULT\...\allstate-lcec.lrn.com -> allstate-lcec.lrn.com
IE trusted site: HKU\.DEFAULT\...\allstate.com -> agencygateway.allstate.com
IE trusted site: HKU\.DEFAULT\...\allstateagencies.com -> allstateagencies.com
IE trusted site: HKU\.DEFAULT\...\allstatehelp.com -> allstatehelp.com
IE trusted site: HKU\.DEFAULT\...\allstateinsurance.skillwsa.com -> allstateinsurance.skillwsa.com
IE trusted site: HKU\.DEFAULT\...\allstateuniversity.com -> allstateuniversity.com
IE trusted site: HKU\.DEFAULT\...\bisyseducation.com -> bisyseducation.com
IE trusted site: HKU\.DEFAULT\...\custhelp.com -> custhelp.com
IE trusted site: HKU\.DEFAULT\...\elementk.com -> elementk.com
IE trusted site: HKU\.DEFAULT\...\gotoassist.com -> gotoassist.com
IE trusted site: HKU\.DEFAULT\...\insmark.com -> insmark.com
IE trusted site: HKU\.DEFAULT\...\insmark.us -> insmark.us
IE trusted site: HKU\.DEFAULT\...\insmarkstore.com -> insmarkstore.com
IE trusted site: HKU\.DEFAULT\...\ivantageselectagency.com -> ivantageselectagency.com
IE trusted site: HKU\.DEFAULT\...\learn.net -> learn.net
IE trusted site: HKU\.DEFAULT\...\nicta.org -> nicta.org
IE trusted site: HKU\.DEFAULT\...\plateau.com -> plateau.com
IE trusted site: HKU\.DEFAULT\...\successfactors.com -> successfactors.com

There are 2 more sites.

IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\360-value.com -> 360-value.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\billerweb.com -> billerweb.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\bristolwest.com -> bristolwest.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\bwproducers.com -> bwproducers.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\cisgroup.com -> cisgroup.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\co-optimum.com -> co-optimum.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\eclbiz.com -> eclbiz.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\farmers.com -> farmers.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\farmers.csod.com -> farmers.csod.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\farmersces.com -> farmersces.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\farmersflood.com -> farmersflood.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\farmersinsurance.com -> farmersinsurance.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\farmersleadcenter.com -> farmersleadcenter.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\farmerslife.com -> farmerslife.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\farmersmarketpoint.com -> farmersmarketpoint.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\force.com -> force.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\foremost.com -> foremost.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\foremostfarmers.com -> foremostfarmers.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\foremoststar.com -> foremoststar.com
IE trusted site: HKU\S-1-5-21-326479466-2012091454-3323493520-1000\...\ipipeline.com -> ipipeline.com

There are 11 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-326479466-2012091454-3323493520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: atashost => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk => C:\Windows\pss\Palo Alto Software Update Manager 9.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\Windows\pss\Nikon Monitor.lnk.Startup
MSCONFIG\startupreg: 6F284982F75B426C41806AB2D9EC2F22CFE08617._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EPSON Stylus CX7800 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\Users\Mary\AppData\Local\Temp\E_SE110.tmp" /EF "HKCU"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9BE8B0D9-B590-4070-BC36-10B59BF15D59}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{F62B53E8-28A0-4444-9861-77892521926C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{F8202032-4716-48F4-97AC-C9D41BFDE95A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{995C2D2A-116B-4B4B-8178-DAEE57135F6F}] => (Allow) LPort=2869
FirewallRules: [{C396FF4D-0213-447B-A2F3-7CDF0E43EE7E}] => (Allow) LPort=1900
FirewallRules: [{FBFDD359-B58A-4965-BD7D-29F501585825}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DA60C4AA-AFB6-4E72-AD73-D9432BB30990}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D7E8FE0C-582A-4210-8036-1260F070EFC2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A182485A-7DB5-42EE-904B-FA61600EC03E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{06584D03-4B51-43BA-A502-86D6C408C265}C:\program files (x86)\serif\webplus\x4\program\webplus.exe] => (Allow) C:\program files (x86)\serif\webplus\x4\program\webplus.exe
FirewallRules: [UDP Query User{8C9C4FEE-DA60-4B97-A571-905236442F43}C:\program files (x86)\serif\webplus\x4\program\webplus.exe] => (Allow) C:\program files (x86)\serif\webplus\x4\program\webplus.exe
FirewallRules: [{517D6564-7B9B-4F58-B3E8-684C9A367FF5}] => (Allow) C:\Users\Mary\AppData\Local\Temp\7zS33B7\HPDiagnosticCoreUI.exe
FirewallRules: [{7B721203-DFA7-4D95-9381-A1DF270DAB08}] => (Allow) C:\Users\Mary\AppData\Local\Temp\7zS33B7\HPDiagnosticCoreUI.exe
FirewallRules: [{944D2E2F-41D8-4B1D-8321-27B578848D9C}] => (Allow) C:\Users\Mary\AppData\Local\Temp\7zS3609\hppiw.exe
FirewallRules: [{2AA0842F-579E-4A6F-9B79-6B5283749A7C}] => (Allow) C:\Users\Mary\AppData\Local\Temp\7zS3609\hppiw.exe
FirewallRules: [{4A47647E-2B7C-4574-AD8E-E3F0D0B6DD5A}] => (Allow) C:\Users\Mary\AppData\Local\Temp\7zS0D7B\hppiw.exe
FirewallRules: [{B3A8E599-91EF-4DE8-BADC-005A5C6850AE}] => (Allow) C:\Users\Mary\AppData\Local\Temp\7zS0D7B\hppiw.exe
FirewallRules: [TCP Query User{059DD337-EB04-4A63-A39C-76C56D3DC2F0}C:\users\mary\appdata\local\temp\7zs34fb\enterprisedu.exe] => (Allow) C:\users\mary\appdata\local\temp\7zs34fb\enterprisedu.exe
FirewallRules: [UDP Query User{5CA5C87C-D03D-4757-BD90-BF67910146CD}C:\users\mary\appdata\local\temp\7zs34fb\enterprisedu.exe] => (Allow) C:\users\mary\appdata\local\temp\7zs34fb\enterprisedu.exe
FirewallRules: [{543FC5E7-281C-40AC-8DD5-F02C52D11BA5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{CE0C61B6-03B1-4D95-9DA7-D09EBCFFACE6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{9F9FF7F3-F422-4EBE-88E3-FB745182ED0E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{23DDEE9A-F43B-4CFF-9A78-7412E6448DEB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{7496DF2D-7B9E-4055-BF05-2C5B8D26001D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E349B2FF-1645-4EEC-824B-6342939438C7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9052F964-0728-4217-99CB-37BB0A77850D}] => (Allow) C:\Users\Mary\AppData\Local\Temp\7zS4007\hppiw.exe
FirewallRules: [{577B377F-AC32-4F47-BDE2-ED3098E0CCB8}] => (Allow) C:\Users\Mary\AppData\Local\Temp\7zS4007\hppiw.exe
FirewallRules: [TCP Query User{72A5F111-6D1E-4013-BAB9-6CFFC7BF41AB}C:\users\mary\appdata\local\temp\7zs227f\enterprisedu.exe] => (Allow) C:\users\mary\appdata\local\temp\7zs227f\enterprisedu.exe
FirewallRules: [UDP Query User{A825FC2A-B8E8-4744-9CD8-ED5D1F8C8202}C:\users\mary\appdata\local\temp\7zs227f\enterprisedu.exe] => (Allow) C:\users\mary\appdata\local\temp\7zs227f\enterprisedu.exe
FirewallRules: [{A3B5AEA2-6FE1-4E14-A9DF-3B4C322B8BD4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{BADE355A-8911-4680-90B1-4F5F70A2BD41}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C1BF9F2E-70D5-4269-81D8-7DDB5ECD31A3}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{9994AA8A-3D04-4138-A986-680866427CB7}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{81BF005E-F943-4ECF-B7FE-C28D79965918}] => (Allow) C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
FirewallRules: [{40F64A5C-6212-4E2D-A826-AFB3145BC0FA}] => (Allow) C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
FirewallRules: [{E8835155-0480-41AA-B29C-B48F667183F5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{5338B778-0E41-4C66-AAEC-4DF5781FF9EB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{7CD28AD9-7DF2-4DEA-A36B-813AFC7D79BC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{3BAE7D41-4584-4BA6-BAA2-70801A889094}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{8372C761-E7EF-4338-BF75-48238E7D91AA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4E244745-1839-4602-9CAA-C6468C9A2A71}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7E64EBAC-3557-4744-99BC-777690935D8D}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{B92724FA-EA1A-408F-978C-984DD7E08BE4}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{4314E8C4-9932-4BF1-95B2-B3396485268C}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{06D0D56D-771D-4AFD-A71E-196A1E23305C}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{CC513430-FB85-424C-9E84-CED24EADBABF}] => (Allow) C:\Users\Mary\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{6E5F79A2-74EC-4667-8916-0A39620F95D6}] => (Allow) C:\Users\Mary\AppData\Local\iLivid\iLivid.exe
FirewallRules: [TCP Query User{249070C9-7F9E-4DD5-9B36-170CE72F06D9}C:\users\mary\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mary\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7D6AE39C-828A-46AE-A9C5-9324E7E5C7E8}C:\users\mary\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mary\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{3CF63EF0-9A27-49F8-995B-ADF515BD2547}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{60CA7F25-2E0B-403E-B2A2-2E153A53940F}] => (Allow) LPort=50000
FirewallRules: [{1F5CC119-18E3-42B3-A746-497499526C3B}] => (Allow) LPort=50000
FirewallRules: [{EE9EA2ED-8113-4F89-B082-1A063C57BE0F}] => (Allow) C:\Users\Mary\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{510EBB67-4132-4019-BC6A-66F9ED70E476}] => (Allow) C:\Users\Mary\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{52A1FCEE-C7E5-4B83-B70E-7ADCB3835824}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D68CEC22-46BD-41FC-AB10-BC51288B0142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAF658DC-F6F5-4B75-BD4C-A5CDFC8094D9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{A0F378D7-E609-4098-A619-3A7540FE0216}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{86D562BA-034D-4FD6-8766-3EF68D362F5F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{7A4EAAB9-7A61-42FC-8E3C-235D3DCC778D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{CFE8B960-3F78-4E96-A013-FC7BC86D7F2E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1436213312\ee\aolsoftware.exe
FirewallRules: [{AB5CF50E-BDC2-4CC4-8A18-725C4EDBA749}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1436213312\ee\aolsoftware.exe
FirewallRules: [{775A1549-3DAC-49F7-B60D-45E09E666D99}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{B3D52786-9E21-4574-9506-2FDBDB3F66A5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{D5267DA4-4E3B-4917-B15B-969DDD1F1A07}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{B1AB278A-E39A-45CB-891F-A49AA5B92930}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{5BE2AB49-AD67-4E84-9ECA-EAF48886BB7A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{86545DF8-4D3A-45F7-BBCD-CC26F2A27594}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{16FAD509-1527-4982-8FF9-61076FC50CED}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{39AA26B0-EAE3-4D4A-94D2-3DBE9B6C6B1C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{D1955C16-C8DF-4996-9036-4F63F82FE0E1}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{7D5448DF-B8D6-4B29-8B72-310D1BF2F046}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{6377D5ED-6357-4819-8663-CA9CC2303B69}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{9F6E4DCB-8D69-4DF6-8FD5-10620A129CB1}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{82703859-CE5F-43CF-B5ED-0D6CC3BCD237}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E32372B2-EBD7-4605-B9D9-85EB5B069D02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E82D3462-8C5F-47D8-BC89-61E7B2986FD8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{BEA4E22B-360B-47A0-B51E-FE9D23095F05}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{63630015-DF9C-4E8E-ADFA-08C1BC1B6AA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-01-2016 00:00:19 Windows Backup
12-01-2016 08:17:09 Windows Update
14-01-2016 18:49:18 JRT Pre-Junkware Removal
14-01-2016 19:12:44 Installed Sophos Virus Removal Tool.
14-01-2016 19:18:01 Removed Sophos Virus Removal Tool.
14-01-2016 19:20:49 Installed Sophos Virus Removal Tool.
18-01-2016 03:40:36 Windows Backup
20-01-2016 10:23:13 Installed Microsoft Fix it 50195
20-01-2016 10:31:12 Installed Microsoft Fix it 50195
24-01-2016 09:14:26 Windows Backup

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2016 07:58:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7164.5001, time stamp: 0x564cb687
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x188ef640
Faulting process id: 0x17b0
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (01/23/2016 07:24:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a1c

Start Time: 01d156200c5631c3

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/23/2016 05:34:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.18840, time stamp: 0x55411584
Faulting module name: QuickTime.qts, version: 7.75.80.95, time stamp: 0x52d49206
Exception code: 0xc0000005
Fault offset: 0x00107f32
Faulting process id: 0x19b4
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3

Error: (01/22/2016 11:29:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 43.0.2.5833, time stamp: 0x567893ad
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2890fba0
Faulting process id: 0x2288
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/21/2016 05:17:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 43.0.2.5833, time stamp: 0x567893ad
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2975fa28
Faulting process id: 0x1a14
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/20/2016 10:18:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1
Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6
Exception code: 0x80000003
Fault offset: 0x0000ed36
Faulting process id: 0x208
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/20/2016 10:07:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 43.0.2.5833, time stamp: 0x567893ad
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2c69f9ec
Faulting process id: 0xcd0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/19/2016 12:47:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/19/2016 12:47:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (01/19/2016 12:41:50 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

System errors:
=============
Error: (01/24/2016 12:40:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/24/2016 09:06:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (01/24/2016 09:05:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/23/2016 08:39:23 PM) (Source: DCOM) (EventID: 10016) (User: Mary-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Mary-PCMaryS-1-5-21-326479466-2012091454-3323493520-1000LocalHost (Using LRPC)

Error: (01/23/2016 08:39:23 PM) (Source: DCOM) (EventID: 10016) (User: Mary-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Mary-PCMaryS-1-5-21-326479466-2012091454-3323493520-1000LocalHost (Using LRPC)

Error: (01/23/2016 07:08:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (01/23/2016 06:22:06 PM) (Source: DCOM) (EventID: 10016) (User: Mary-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Mary-PCMaryS-1-5-21-326479466-2012091454-3323493520-1000LocalHost (Using LRPC)

Error: (01/23/2016 06:22:06 PM) (Source: DCOM) (EventID: 10016) (User: Mary-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Mary-PCMaryS-1-5-21-326479466-2012091454-3323493520-1000LocalHost (Using LRPC)

Error: (01/23/2016 06:05:27 PM) (Source: DCOM) (EventID: 10016) (User: Mary-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Mary-PCMaryS-1-5-21-326479466-2012091454-3323493520-1000LocalHost (Using LRPC)

Error: (01/23/2016 06:05:27 PM) (Source: DCOM) (EventID: 10016) (User: Mary-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Mary-PCMaryS-1-5-21-326479466-2012091454-3323493520-1000LocalHost (Using LRPC)

CodeIntegrity:
===================================
  Date: 2015-02-16 10:36:57.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-16 10:36:56.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 16:13:56.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 16:13:56.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 10:49:53.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 10:49:53.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 10:47:54.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 10:47:54.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-20 10:17:52.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-20 10:17:52.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 48%
Total physical RAM: 4077.25 MB
Available physical RAM: 2101.58 MB
Total Virtual: 8152.71 MB
Available Virtual: 5098.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.16 GB) (Free:481.43 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (My Book) (Fixed) (Total:931.28 GB) (Free:511.92 GB) FAT32
Drive h: (FIRELITE) (Fixed) (Total:74.54 GB) (Free:0.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 44777544)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 74.6 GB) (Disk ID: FCEECC2D)
Partition 1: (Not Active) - (Size=74.6 GB) - (Type=0B)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 25 January 2016 - 06:39 PM

Hello marym and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 

C:\Program Files\MOV_2225.3gp
C:\Program Files\MOV_8922.3gp
C:\Program Files\webcast.ics
C:\Users\Mary\MetricCollection.dll

Do you know what these are?

======================================================

I see many PDF files in download folder. Are they reliable?

=================================================

Kaspersky Internet Security

Windows Firewall is enabled.

 

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

 

Completely turn off the Windows Firewall, please

========================================================================================
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Glary Utilities

Sophos Virus Removal Tool

Coupon Printer for Windows

C:\Program Files (x86)\Glary Utilities

============================================

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

======================================================================================

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 4:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   41 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Sincerely
:hello:


Edited by olgun52, 25 January 2016 - 07:06 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:02:44 AM

Posted 28 January 2016 - 01:17 PM

Thank you for your response Yilmaz. Please note, in addition to the Blue Screen, I was infected with the Ransom virus when my husband opened an email.  I have been trying to remove all instances of that via advice from Microsoft for the past two days. The first scan showed 2 infections that are hopefully removed. The second scan is almost finished running now and no infections are showing which is great. However I'm not sure my computer is still error free. I keep getting updater.exe pop-up when I open Firefox. I DO NOT click it.

 

When this second scan finishes, I will follow the steps you outlined in your message. I will get back with you in several hours if that is okay.

 

Thank you for your assistance!

MaryM



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 28 January 2016 - 03:10 PM

I understand MaryM. Thank you. I am waiting.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:02:44 AM

Posted 30 January 2016 - 01:44 PM

FINALLY, sorry it took so long to run the logs. Here is the information you requested in your most recent post:

 

 Quote

    C:\Program Files\MOV_2225.3gp
    C:\Program Files\MOV_8922.3gp
    C:\Program Files\webcast.ics
    C:\Users\Mary\MetricCollection.dll

Do you know what these are?  

I believe these are for my smartphone and are safe to remove.

======================================================

I see many PDF files in download folder. Are they reliable?

I deleted these PDF files from "download" as they were already saved in

separate file folders.


=================================================

Quote

    Kaspersky Internet Security

    Windows Firewall is enabled.

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product

installed and running on your computer at a time.

Completely turn off the Windows Firewall, please.

I turned off the Firewall and disabled Kaspersky Internet Security while

running scans.  Am I able to turn on the firewall once all scans are run.

MS Windows says Kaspersky handles the firewall so apparently I don't

have a separate one from Windows running.


=======================================================
Please uninstall the following via Start->(or My Computer)->Control

Panel->(Programs)->Programs and Features if it still exists:

Glary Utilities

Sophos Virus Removal Tool

Coupon Printer for Windows

C:\Program Files (x86)\Glary Utilities

The above files were uninstalled.
-------------------------------------------------------------------------------------
AdwCleaner Log:

# AdwCleaner v5.031 - Logfile created 30/01/2016 at 11:10:57
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Mary - MARY-PC
# Running from : C:\Users\Mary\Desktop\adwcleaner_5.031.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Web

data] [Search Provider] Found : aol.com
[C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Web

data] [Search Provider] Found : ask.com

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [793 bytes]

##########

============================================

Junkware Removal Tool Log:

Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 66  
 Java version 32-bit out of Date!
 Adobe Flash Player 20.0.0.267  
 Adobe Reader XI  
 Mozilla Firefox (43.0.2)
 Google Chrome (48.0.2564.82)
 Google Chrome (48.0.2564.97)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avpui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

------------------------------------------------------------------------------------
ZHPCleaner Log:
ZHPCleaner v2016.1.30.18 by Nicolas Coolman (2016/01/30)
~ Run by Mary (Administrator)  (30/01/2016 13:04:33)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Mary\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Mary\AppData\Roaming\ZHP

\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\  Other deletions. (27)
~ Registry Keys Tracing deleted (27)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 1068
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


~ End of clean in 00h00mn12s
===================
ZHPCleaner-[R]-30012016-11_30_02.txt
ZHPCleaner-[R]-30012016-13_04_45.txt
ZHPCleaner-[S]-30012016-11_23_45.txt
ZHPCleaner-[S]-30012016-13_04_08.txt

~ Items cancelled : 0
~ Items repaired : 24


~ End of clean in 00h00mn38s
===================
ZHPCleaner-[R]-30012016-11_30_02.txt
ZHPCleaner-[S]-30012016-11_23_45.txt
--------------------------------------------------------------------------------------

ZOEKscript

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mary on Sat 01/30/2016 at 13:13:37.48.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mary\Desktop\zoek.exe
Script used: C:\Users\Mary\Desktop\zoekscript.txt

==== Older Logs ======================

C:\zoek-results2016-01-30-170214.log    11149 bytes

==== System Restore Info ======================

1/30/2016 1:14:03 PM Zoek.exe System Restore Point Created

Successfully.

==== Empty Folders Check ======================

C:\Users\Mary\AppData\Local\Logitechr Webcam Software

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles

\xeug0fne.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultenginename.US", "Google");

Added to C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles

\xeug0fne.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================


==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles

\xeug0fne.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox

\Extensions]
"online_banking_08806E753BE44495B44E90AA2513BDC5@kaspers

ky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet

Security 15.0.2\FFExt\online_banking@kaspersky.com" [07/19/2015

12:51 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles

\xeug0fne.default
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-

8C24-E7770CC3AE66}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-

BD5E-43525BDAD38A}
- Undetermined - %AppDir%\extensions\{CAFEEFAC-0016-0000-

0035-ABCDEFFEDCBA}
- Undetermined - %AppDir%\extensions\{CAFEEFAC-0016-0000-

0037-ABCDEFFEDCBA}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-

405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-

a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles

\xeug0fne.default
87132527E2256CF6683A18C4EB34DD3B    - C:\Windows

\system32\Wat\npWatWeb.dll -    Windows Activation Technologies
70858ED7836E5C849D33576A84DC8CCF    - C:\Windows

\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll -    

Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\Mary

\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix

Online Web Deployment Plugin 1.0.0.104
07830962388220133F299C0C1F80EA38    - C:\Users\Mary

\AppData\Roaming\Mozilla\plugins\npatgpc.dll -    ActiveTouch

General Plugin Container


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dbhjdbfgekjfcfkkfjjmlmojhbllhbho -

https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhb

ho[]

Comodo Web Inspector - Mary\AppData\Local\COMODO\Dragon\User

Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://my.screenname.aol.com/_cqr/login/login.psp?

sitedomain=sns.mail.aol.com&seamless=novl&lang=en&locale=US&aut

hLev=0&siteState=sid%3A6765c67d-67d6-4253-bcc8-

72389be84d0e%7Cqp%3A%7Cld%3Amail.aol.com%7Cuv%3AAOL

%7Cat%3ASNS%7Clc%3Aen_US%7Crt%3ASTD%7Csnt

%3AScreenName%7C&offerId=newmail-en-us-v2"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://my.screenname.aol.com/_cqr/login/login.psp?

sitedomain=sns.mail.aol.com&seamless=novl&lang=en&locale=US&aut

hLev=0&siteState=sid%3A6765c67d-67d6-4253-bcc8-

72389be84d0e%7Cqp%3A%7Cld%3Amail.aol.com%7Cuv%3AAOL

%7Cat%3ASNS%7Clc%3Aen_US%7Crt%3ASTD%7Csnt

%3AScreenName%7C&offerId=newmail-en-us-v2"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-

A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

- http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}

- No_Url_Value
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-

D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-

E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}

&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{3520ADD9-08AE-4C95-

89E4-C5809973E64B}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} -

http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

- http://www.bing.com/search?q={searchTerms}&src=IE-

SearchBox&FORM=IESR02
HKCU\SearchScopes\{3520ADD9-08AE-4C95-89E4-

C5809973E64B} - https://www.google.com/search?q={searchTerms}

&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie=

{inputEncoding?}&oe={outputEncoding?}

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft

\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Content.IE5 emptied successfully
C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft

\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft

\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft

\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Mary\AppData\Local\Mozilla\Firefox\Profiles\xeug0fne.default

\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default

\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=121 folders=42 60722104 bytes)

==== Empty Temp Folders ======================

C:\Users\Mary\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp

emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied

successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mary\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 01/30/2016 at 13:34:17.32

======================

I hope that's everything. Thank you for all your help. I look forward to hearing from you.

Mary M



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 30 January 2016 - 03:56 PM

I understand. Thank you for informing.

Please do the following  

 Java 8 Update 66  
 Java version 32-bit out of Date!

Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 71
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

======================================================================================

Step 1:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 05 February 2016 - 06:03 PM

Are you still with me and  is there still the issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 11 February 2016 - 12:29 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users