Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably still infrected, I can't instal Java or Adobe Reader or Flash


  • This topic is locked This topic is locked
13 replies to this topic

#1 Computer Angelz

Computer Angelz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 05 March 2016 - 05:36 PM

I started cleaning this computer up for a friend. Initially she couldn't even access the internet. Initially it seemed as if I was able to clean it up pretty good. I used Malwarebytes to do the job. However each time I clean it up & rescan it, it seems to find the same infections even after they are quarantined and deleted. Once the trial for Malwarebytes expired, I decided to try using Microsoft Security Essential, made some headway there, The system seemed to be responding pretty well as I was uninstalling unnecessary programs and some browser ad-ons. Windows updates were now coming in and actually being installed successfully on the first try. Unfortunately, that only lasted for a while, because again as I quarantine remove infections, they were detected, quarantined and removed...a few times

Currently, it seems as if it isn't the same infections being detected, but something "new".

I recently disabled Microsoft Security Essentials and Installed Avast Antivirus. I wanted to see what it would catch. It is scanning now, so far it has stopped one or two threats, It hasn't completed it's scan yet. So I am waiting to see what it finds. In the mean time, I decided I'd better reach out for some help, so I hope you guys can help me.

 

At some point during all of this I decided to uninstall Java so I could go on download and install the newest version of Java available. Once I begin the install, it just stops, then a little while later the message will pop asking if I wanted to Reinstall this program with correctly or it the other option is no the program Installed correctly.

I also uninstalled Adobe Reader and Adobe Flash in an attempt to Reinstall the newest version of each. Each time I go to install either of them neither of them will install. The Adobe Download Manager will pop up and just sit there, a blank box in the middle of the screen until I close it. Once I close it, instantly Internet Explorer which is not my default browser opens up to the Adobe (reader / flash) website to try to get me to try downloading and installing the Adobe programs from Internet Explorer.I tried it, and of course, it the same as it did when I tried to download an install it from Firefox, which is my default browser.

 

Again, I hope you guys can help, I really do. I know I could just reset the system back to factory conditions, but I was really hoping I wouldn't have to do that, unless I absolutely have to. Besides I'm really curious as to advice you guys can give me, so I can see what's really going on with this system.

 

Thanks



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:38 AM

Posted 06 March 2016 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets have a closer look.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 Computer Angelz

Computer Angelz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 06 March 2016 - 07:17 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Cheryl D. White (administrator) on CHERYLDWHITE-HP (06-03-2016 17:42:32)
Running from C:\Users\Cheryl D. White\Desktop\FarBar Tool
Loaded Profiles: Cheryl D. White (Available Profiles: Cheryl D. White)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP KEYBOARDx] => C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM\...\Run: [HP Remote Solution] => C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM\...\Run: [BATINDICATOR] => C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM\...\Run: [LaunchHPOSIAPP] => C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM\...\Run: [File Sanitizer] => c:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-11] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-08-10] (Symantec Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [BackupNowEZ4Tray] => C:\Program Files\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe [1093832 2014-11-06] (NTI Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-03-05] (AVAST Software)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll [2009-12-07] (Hewlett-Packard Limited)
Lsa: [Notification Packages] DPPassFilter scecli
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-05] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cheryl D. White\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cheryl D. White\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cheryl D. White\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-01-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-01-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49364;https=127.0.0.1:49364
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:49364;https=127.0.0.1:49364
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2005-11-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{85A025B2-B8E5-45BF-B952-AF19704701AE}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-652439225-1890198162-91388531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130981861630649166&GUID=434BDB56-8739-3FEA-0FC7-914A981980AC
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130981861631139194&GUID=434BDB56-8739-3FEA-0FC7-914A981980AC
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130981861631009187&GUID=434BDB56-8739-3FEA-0FC7-914A981980AC
HKU\S-1-5-21-652439225-1890198162-91388531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-652439225-1890198162-91388531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-652439225-1890198162-91388531-1003 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> DefaultScope {68AC7630-B10C-464B-960F-34B487C48993} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {68AC7630-B10C-464B-960F-34B487C48993} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-11] (Hewlett-Packard)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-24] (Microsoft Corporation)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-01-22] (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-05] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2016-01-25] (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-14] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-24] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-14] (Google Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2016-01-25] (LastPass)
Toolbar: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-20] (Microsoft Corporation)
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\Cheryl D. White\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-01-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Cheryl D. White\AppData\Roaming\Mozilla\Firefox\Profiles\43ldvwj3.default-1453710820394
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-25] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2016-01-25] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-20] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-652439225-1890198162-91388531-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Cheryl D. White\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-652439225-1890198162-91388531-1003: @microsoft.com/Office on Demand;version=1 -> C:\Users\Cheryl D. White\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll [2012-11-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF Extension: LastPass - C:\Users\Cheryl D. White\AppData\Roaming\Mozilla\Firefox\Profiles\43ldvwj3.default-1453710820394\extensions\support@lastpass.com [2016-03-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: No Name - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-08-23] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-23] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-05]
FF HKU\S-1-5-21-652439225-1890198162-91388531-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-25]
CHR Extension: (Google Docs) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-25]
CHR Extension: (Google Drive) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-25]
CHR Extension: (YouTube) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-06]
CHR Extension: (Google Search) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-25]
CHR Extension: (Google Sheets) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-02-06]
CHR Extension: (Skype) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-25]
CHR Extension: (Gmail) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-05]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284160 2010-11-10] (Advanced Micro Devices, Inc.) [File not signed]
S2 AMD Reservation Manager; c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-05] (AVAST Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2005-11-28] (Apple Computer, Inc.) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S4 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-08-10] (Symantec Corporation)
S4 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-08-10] (Symantec Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S4 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
S4 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-01-22] (DigitalPersona, Inc.)
S4 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
S4 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-06-18] (WildTangent, Inc.)
S4 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
S2 HPFSService; c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-11] (Hewlett-Packard) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 NTI Backup Now EZ 4 Scheduler; C:\Program Files\NTI\NTI Backup Now EZ 4\ScheduleService.exe [95432 2014-11-06] ()
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [447216 2010-01-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2013-03-31] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2013-03-31] (Advanced Micro Devices)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-05] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-05] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-05] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812720 2016-03-05] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-05] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-05] (AVAST Software)
S3 AuviUADFilter; C:\Windows\System32\DRIVERS\AuviUADFilter.sys [20992 2009-08-03] (Auvitek Corp.) [File not signed]
S3 AuviUATV; C:\Windows\System32\DRIVERS\AuviUATV.sys [1886976 2010-02-04] (Auvitek Corp.) [File not signed]
S3 AuviUDTV; C:\Windows\System32\DRIVERS\AuviUDTV.sys [1881472 2010-02-08] (Auvitek Corp.) [File not signed]
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-10] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140730.003\NAVENG.SYS [93272 2013-08-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140730.003\NAVEX15.SYS [1612376 2013-08-22] (Symantec Corporation)
R3 netr28; C:\Windows\System32\DRIVERS\netr28.sys [2075792 2014-12-10] (MediaTek Inc.)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [129144 2016-03-05] (AVAST Software)
S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [82048 2008-07-31] (OEM)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-12-18] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [284720 2010-09-17] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-09-17] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-09-17] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [125488 2016-02-06] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [99696 2010-11-12] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67472 2010-08-16] (Symantec Corporation)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43888 2010-11-12] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-10-05] (Symantec Corporation)
S3 catchme; \??\C:\Users\CHERYL~1.WHI\AppData\Local\Temp\catchme.sys [X]
S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 17:42 - 2016-03-06 17:42 - 00000000 ____D C:\FRST
2016-03-06 16:25 - 2016-03-06 17:42 - 00000000 ____D C:\Users\Cheryl D. White\Desktop\FarBar Tool
2016-03-06 14:01 - 2016-03-06 14:01 - 00129450 _____ C:\Users\Cheryl D. White\Downloads\Probably still infrected, I can't instal Java or Adobe Reader or Flash - Virus, Trojan, Spyware, and Malware Removal Logs.htm
2016-03-06 14:01 - 2016-03-06 14:01 - 00000000 ____D C:\Users\Cheryl D. White\Downloads\Probably still infrected, I can't instal Java or Adobe Reader or Flash - Virus, Trojan, Spyware, and Malware Removal Logs_files
2016-03-05 16:58 - 2016-03-05 16:58 - 01190608 _____ (Adobe Systems Incorporated) C:\Users\Cheryl D. White\Downloads\flashplayer20_ha_install.exe
2016-03-05 16:52 - 2016-03-05 16:52 - 00735328 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jxpiinstall(7).exe
2016-03-05 16:13 - 2016-03-05 16:13 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-05 16:13 - 2016-03-05 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-05 16:13 - 2016-03-05 16:13 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-05 16:09 - 2016-03-05 16:09 - 00001817 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-03-05 16:09 - 2016-03-05 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-05 16:08 - 2016-03-05 16:09 - 00000000 ____D C:\Program Files\QuickTime
2016-03-05 15:45 - 2016-03-05 15:44 - 00129144 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-03-05 15:44 - 2016-03-05 15:41 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-05 15:42 - 2016-03-05 15:42 - 00002073 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-05 15:42 - 2016-03-05 15:42 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\AVAST Software
2016-03-05 15:42 - 2016-03-05 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-05 15:41 - 2016-03-05 15:42 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-03-05 15:41 - 2016-03-05 15:42 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-05 15:41 - 2016-03-05 15:41 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-05 15:40 - 2016-03-05 15:40 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-05 15:39 - 2016-03-05 15:39 - 05207096 _____ (AVAST Software) C:\Users\Cheryl D. White\Downloads\avast_free_antivirus_setup_online.exe
2016-03-04 00:53 - 2016-03-04 00:53 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Cheryl D. White\Downloads\rkill(1).exe
2016-03-04 00:49 - 2016-03-04 00:49 - 00735328 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jxpiinstall(6).exe
2016-03-04 00:24 - 2016-03-04 00:24 - 00029819 _____ C:\ComboFix.txt
2016-03-04 00:02 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-04 00:02 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-04 00:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-03 23:57 - 2016-03-04 00:24 - 00000000 ____D C:\Qoobox
2016-03-03 23:56 - 2016-03-04 00:23 - 00000000 ____D C:\Windows\erdnt
2016-03-03 23:56 - 2016-03-03 23:56 - 05658435 ____R (Swearware) C:\Users\Cheryl D. White\Downloads\ComboFix.exe
2016-02-29 20:11 - 2016-02-29 20:11 - 00000000 ____D C:\Windows\86B3F2D6AC2B00158AE1F2F77F781B0C.TMP
2016-02-27 17:44 - 2015-12-20 13:45 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-27 17:44 - 2015-12-20 13:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-27 17:44 - 2015-12-20 11:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-27 17:44 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-02-27 17:44 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-02-27 17:44 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-02-27 17:44 - 2015-07-16 10:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-02-27 17:44 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-02-26 01:26 - 2016-03-06 16:42 - 00000360 _____ C:\Windows\Tasks\HPCeeScheduleForCheryl D. White.job
2016-02-26 01:11 - 2016-01-11 13:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-02-26 01:05 - 2015-11-19 09:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-26 00:47 - 2015-12-16 13:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-02-26 00:47 - 2015-12-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-26 00:47 - 2015-12-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-26 00:47 - 2015-12-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-26 00:47 - 2015-12-16 09:38 - 00419928 _____ C:\Windows\system32\locale.nls
2016-02-26 00:40 - 2015-08-05 12:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-02-26 00:40 - 2015-08-05 11:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-02-26 00:24 - 2013-10-01 18:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-02-26 00:23 - 2013-10-01 19:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-02-26 00:23 - 2013-10-01 19:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-02-26 00:23 - 2013-10-01 19:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-02-26 00:23 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-02-26 00:23 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-02-26 00:23 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-02-26 00:08 - 2012-08-23 09:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-02-26 00:08 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-02-25 23:57 - 2016-02-25 23:57 - 00735328 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jxpiinstall(5).exe
2016-02-25 23:56 - 2016-02-25 23:56 - 01193696 _____ (Adobe Systems Incorporated) C:\Users\Cheryl D. White\Downloads\readerdc_en_ha_install.exe
2016-02-25 23:54 - 2016-03-06 17:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-25 20:26 - 2016-03-04 00:58 - 00002338 _____ C:\Users\Cheryl D. White\Desktop\Rkill.txt
2016-02-25 20:26 - 2016-02-25 20:26 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Cheryl D. White\Downloads\rkill.exe
2016-02-25 20:21 - 2016-02-25 20:21 - 00735328 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jxpiinstall(4).exe
2016-02-25 20:18 - 2016-02-25 20:18 - 00735328 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jxpiinstall(3).exe
2016-02-13 21:17 - 2016-01-16 13:42 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-13 21:17 - 2016-01-16 13:34 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-13 21:17 - 2016-01-11 13:47 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-13 21:17 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-13 21:17 - 2016-01-11 13:35 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-13 21:17 - 2016-01-11 13:17 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-13 21:17 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-13 21:17 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-13 20:48 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-13 20:48 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-13 20:48 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-13 20:48 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-13 20:43 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-13 20:43 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-13 20:43 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-13 20:43 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-13 20:43 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-13 20:43 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-13 20:41 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-13 20:41 - 2016-01-22 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-13 20:41 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-13 20:41 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-13 20:41 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-13 20:41 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-13 20:41 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-13 20:41 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-13 20:41 - 2016-01-22 00:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-13 20:41 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-13 20:41 - 2016-01-22 00:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-13 20:41 - 2016-01-22 00:46 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-13 20:41 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-13 20:41 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-13 20:41 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-13 20:41 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-13 20:41 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-13 20:41 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-13 20:41 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-13 20:41 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-13 20:41 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-13 20:41 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-13 20:41 - 2016-01-22 00:25 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-13 20:41 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-13 20:41 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-13 20:41 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-13 20:41 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-13 20:40 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-13 20:40 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-13 20:27 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-13 20:25 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-13 20:25 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-13 20:25 - 2016-01-06 12:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-13 20:24 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-13 20:24 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-13 20:24 - 2016-01-22 01:13 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-13 20:24 - 2016-01-22 01:13 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-13 20:24 - 2016-01-22 01:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-13 20:24 - 2016-01-22 01:05 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-13 20:24 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-13 20:24 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-13 20:24 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-13 20:24 - 2016-01-22 00:01 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-13 20:24 - 2016-01-22 00:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-13 20:24 - 2016-01-21 23:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-13 20:24 - 2016-01-21 23:53 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-13 20:24 - 2016-01-21 23:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-13 20:24 - 2016-01-21 23:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-13 20:24 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-13 20:24 - 2016-01-21 23:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-13 20:11 - 2016-01-07 12:47 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-13 20:10 - 2016-01-07 12:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-13 19:24 - 2016-02-13 19:24 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\ElevatedDiagnostics
2016-02-13 19:10 - 2016-02-13 19:10 - 00347816 _____ (Microsoft Corporation) C:\Users\Cheryl D. White\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2016-02-13 18:54 - 2016-02-13 18:55 - 00735328 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jxpiinstall(2).exe
2016-02-13 17:14 - 2016-02-13 17:14 - 50265184 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jre-8u73-windows-i586.exe
2016-02-13 17:13 - 2016-02-13 17:14 - 00735328 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jxpiinstall(1).exe
2016-02-13 17:05 - 2016-02-13 18:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-13 17:04 - 2016-02-13 17:04 - 00000000 ____D C:\Users\Cheryl D. White\AppData\LocalLow\Oracle
2016-02-13 17:03 - 2016-02-13 17:03 - 00735328 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jxpiinstall.exe
2016-02-13 16:57 - 2016-02-13 16:57 - 00001220 _____ C:\Users\Cheryl D. White\Desktop\Revo Uninstaller.lnk
2016-02-13 16:57 - 2016-02-13 16:57 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-13 16:56 - 2016-02-13 16:56 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Cheryl D. White\Downloads\revosetup.exe
2016-02-13 16:50 - 2016-02-13 16:50 - 00894960 _____ C:\Users\Cheryl D. White\Downloads\Norton_Removal_Tool(3).exe
2016-02-13 16:43 - 2016-02-13 16:43 - 00894960 _____ C:\Users\Cheryl D. White\Downloads\Norton_Removal_Tool(2).exe
2016-02-13 16:41 - 2016-02-13 16:41 - 00894960 _____ C:\Users\Cheryl D. White\Downloads\Norton_Removal_Tool(1).exe
2016-02-08 19:25 - 2016-02-08 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ 4
2016-02-06 22:50 - 2016-02-06 22:50 - 00894960 _____ C:\Users\Cheryl D. White\Downloads\Norton_Removal_Tool.exe
2016-02-06 20:45 - 2016-02-06 20:46 - 00242000 _____ C:\Users\Cheryl D. White\Downloads\Firefox Setup Stub 44.0.exe
2016-02-06 16:40 - 2016-03-06 15:14 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-06 16:39 - 2016-02-06 19:30 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-06 16:39 - 2016-02-06 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-06 16:39 - 2016-02-06 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-06 16:39 - 2016-02-06 16:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-06 16:39 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-06 16:39 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-06 16:39 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 17:38 - 2016-01-18 00:08 - 00000000 ____D C:\Users\Cheryl D. White\AppData\LocalLow\LastPass
2016-03-06 17:37 - 2016-01-14 20:14 - 00304830 _____ C:\Windows\ntbtlog.txt
2016-03-06 17:30 - 2009-07-13 23:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-06 17:30 - 2009-07-13 23:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-06 17:22 - 2012-08-23 17:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-06 17:20 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-06 16:49 - 2012-08-23 17:35 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-06 16:22 - 2015-05-31 16:20 - 00000718 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-652439225-1890198162-91388531-1003.job
2016-03-06 15:39 - 2015-03-16 15:00 - 00000622 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-652439225-1890198162-91388531-1003.job
2016-03-06 14:03 - 2016-01-17 23:45 - 00000000 ____D C:\Users\Cheryl D. White\Documents\AnGeLz
2016-03-05 17:09 - 2013-07-11 19:55 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\Adobe
2016-03-05 17:05 - 2015-04-19 07:20 - 00000626 _____ C:\Users\Cheryl D. White\AppData\Roaming\SD8q2m6edwcB
2016-03-05 16:15 - 2012-04-21 04:52 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\Skype
2016-03-05 16:13 - 2014-07-28 10:19 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\Skype
2016-03-05 16:13 - 2012-04-21 04:51 - 00000000 ___RD C:\Program Files\Skype
2016-03-05 16:13 - 2012-04-21 04:51 - 00000000 ____D C:\ProgramData\Skype
2016-03-05 16:10 - 2014-02-10 21:04 - 00000000 ____D C:\Program Files\Adobe
2016-03-05 16:10 - 2012-08-23 17:34 - 00000000 ____D C:\ProgramData\Adobe
2016-03-05 16:10 - 2011-10-14 20:33 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\Adobe
2016-03-05 16:10 - 2011-05-14 15:56 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-03-05 16:08 - 2012-01-16 13:34 - 00000000 ____D C:\ProgramData\Apple Computer
2016-03-05 15:39 - 2014-08-01 11:40 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-04 00:21 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2016-02-29 20:11 - 2012-01-09 19:10 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2016-02-28 03:54 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2016-02-26 01:54 - 2011-11-09 19:49 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\CrashDumps
2016-02-26 01:33 - 2013-08-13 20:52 - 00000000 ____D C:\Windows\system32\MRT
2016-02-26 01:21 - 2011-10-19 07:54 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-26 01:13 - 2009-07-13 23:33 - 00440768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-26 00:12 - 2012-04-07 10:04 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-26 00:12 - 2011-11-24 09:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-26 00:10 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-26 00:10 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-02-25 23:50 - 2011-05-14 15:17 - 00000000 ____D C:\Windows\system32\RTCOM
2016-02-25 19:59 - 2009-07-25 07:54 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-25 19:57 - 2015-04-14 05:43 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-25 19:51 - 2009-07-13 23:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-25 17:40 - 2013-03-16 11:47 - 00000000 ___RD C:\Users\Cheryl D. White\Podcasts
2016-02-25 17:40 - 2011-10-14 20:18 - 00000000 ___RD C:\Users\Cheryl D. White\Virtual Machines
2016-02-25 03:02 - 2016-01-25 03:56 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-25 03:02 - 2016-01-25 03:40 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-25 03:01 - 2016-01-25 03:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-24 23:55 - 2016-01-18 01:10 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-24 23:42 - 2015-09-20 21:43 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-24 23:35 - 2015-09-20 21:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-24 23:12 - 2014-12-14 16:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-24 23:12 - 2014-05-07 06:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-24 23:01 - 2009-07-14 02:50 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 22:22 - 2009-07-13 21:04 - 00000615 _____ C:\Windows\win.ini
2016-02-13 19:33 - 2013-11-18 10:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-13 19:26 - 2014-08-06 07:47 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\PC_Drivers_Headquarters
2016-02-13 18:47 - 2016-01-14 20:31 - 00000000 ____D C:\Program Files\VS Revo Group
2016-02-08 19:25 - 2016-01-14 21:21 - 00002012 _____ C:\Users\Public\Desktop\NTI Backup Now EZ 4.lnk
2016-02-08 19:25 - 2016-01-14 21:21 - 00000000 ____D C:\ProgramData\BUNEZv4
2016-02-06 23:47 - 2011-05-14 15:59 - 00000000 ____D C:\ProgramData\Symantec
2016-02-06 23:38 - 2012-01-02 14:18 - 00125488 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2016-02-06 23:38 - 2012-01-02 14:18 - 00007456 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2016-02-06 22:06 - 2011-05-14 15:30 - 00000000 ____D C:\ProgramData\HPQLOG
2016-02-06 20:57 - 2014-02-10 21:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-06 20:49 - 2013-11-18 10:47 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-06 20:49 - 2013-11-18 10:47 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-06 20:09 - 2016-01-18 00:40 - 00002284 _____ C:\Users\Cheryl D. White\Desktop\Chrome App Launcher.lnk
2016-02-06 19:31 - 2016-01-14 20:26 - 00002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-02-06 19:31 - 2015-10-24 20:33 - 00000843 _____ C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2016-02-06 19:31 - 2015-10-24 20:18 - 00001110 _____ C:\Users\Cheryl D. White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-06 19:31 - 2014-07-03 13:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-06 19:31 - 2013-04-02 18:49 - 00001110 _____ C:\Users\Cheryl D. White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2016-02-06 19:31 - 2013-03-16 11:42 - 00000929 _____ C:\Users\Public\Desktop\Zune.lnk
2016-02-06 19:31 - 2012-05-28 11:58 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
2016-02-06 19:31 - 2012-01-16 12:36 - 00000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Family Tree Maker 2012.lnk
2016-02-06 19:31 - 2011-10-23 19:11 - 00002543 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2016-02-06 19:31 - 2011-10-14 20:36 - 00001281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-02-06 19:31 - 2011-10-14 20:36 - 00001020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-02-06 19:31 - 2011-10-14 20:18 - 00000514 _____ C:\Users\Public\Desktop\Try HP Virtual Rooms.lnk
2016-02-06 19:31 - 2011-10-14 20:14 - 00002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2016-02-06 19:31 - 2011-05-14 15:57 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Connect Solutions.lnk
2016-02-06 19:31 - 2011-05-14 15:55 - 00002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install HP Power Assistant.lnk
2016-02-06 19:31 - 2011-05-14 15:45 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2016-02-06 19:31 - 2011-05-14 15:45 - 00001767 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Warranty.lnk
2016-02-06 19:31 - 2009-07-25 07:46 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-06 19:31 - 2009-07-25 07:46 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-06 19:31 - 2009-07-13 23:46 - 00001491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-06 19:31 - 2009-07-13 23:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-06 19:31 - 2009-07-13 23:42 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-02-06 19:31 - 2009-07-13 23:42 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-06 19:31 - 2009-07-13 23:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-02-06 19:31 - 2009-07-13 23:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-02-06 19:31 - 2009-07-13 23:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-06 19:30 - 2016-01-25 04:37 - 00001168 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2016-02-06 19:30 - 2016-01-14 20:26 - 00002064 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-02-06 19:30 - 2014-11-15 09:03 - 00001960 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-02-06 19:30 - 2014-01-20 17:21 - 00002161 _____ C:\Users\Cheryl D. White\Desktop\HP Support Assistant.lnk
2016-02-06 19:30 - 2012-05-28 13:06 - 00002154 _____ C:\Users\Public\Desktop\DCR-SX45 Handbook (PDF).lnk
2016-02-06 19:30 - 2012-05-28 11:58 - 00001796 _____ C:\Users\Public\Desktop\PMB Help.lnk
2016-02-06 19:30 - 2012-05-28 11:58 - 00000996 _____ C:\Users\Public\Desktop\PMB Launcher.lnk
2016-02-06 19:30 - 2012-02-21 20:21 - 00003023 _____ C:\Users\Cheryl D. White\Desktop\Microsoft Publisher 2010.lnk
2016-02-06 19:30 - 2012-02-21 20:21 - 00003003 _____ C:\Users\Cheryl D. White\Desktop\Microsoft Word 2010.lnk
2016-02-06 19:30 - 2012-02-21 20:21 - 00002933 _____ C:\Users\Cheryl D. White\Desktop\Microsoft Excel 2010.lnk
2016-02-06 19:30 - 2012-02-21 20:21 - 00002919 _____ C:\Users\Cheryl D. White\Desktop\Microsoft PowerPoint 2010.lnk
2016-02-06 19:30 - 2012-01-16 13:30 - 00002074 _____ C:\Users\Public\Desktop\Kodak EasyShare.lnk
2016-02-06 19:30 - 2012-01-16 12:36 - 00000942 _____ C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
2016-02-06 19:30 - 2011-11-24 06:55 - 00002017 _____ C:\Users\Public\Desktop\BlazeDTV 6.0.lnk
2016-02-06 19:30 - 2011-10-14 20:36 - 00001275 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2016-02-06 19:30 - 2011-05-14 15:56 - 00002031 _____ C:\Users\Public\Desktop\Blio.lnk
2016-02-06 19:30 - 2011-05-14 15:47 - 00001082 _____ C:\Users\Public\Desktop\Play HP Games.lnk
2016-02-06 19:30 - 2011-05-14 15:18 - 00000368 _____ C:\Users\Cheryl D. White\Desktop\Solitaire.lnk
2016-02-06 19:30 - 2009-07-13 23:42 - 00001212 _____ C:\Users\Cheryl D. White\Desktop\Calculator.lnk
2016-02-06 19:24 - 2012-01-16 13:37 - 00000000 ____D C:\Windows\Downloaded Installations
2016-02-06 19:19 - 2015-10-24 20:43 - 00000000 ____D C:\Users\Cheryl D. White\AppData\LocalLow\Company
2016-02-06 19:19 - 2013-08-13 11:35 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\BabSolution
2016-02-06 19:18 - 2015-11-26 17:37 - 00000000 ____D C:\ProgramData\Browser
2016-02-06 19:18 - 2015-11-07 07:49 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0

==================== Files in the root of some directories =======

2016-01-25 04:40 - 2016-01-25 04:40 - 17181720 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0001171 _____ () C:\Users\Cheryl D. White\AppData\Roaming\CCqoYQsARDD7ZCfGt8eg
2015-04-19 07:20 - 2016-03-05 17:05 - 0000626 _____ () C:\Users\Cheryl D. White\AppData\Roaming\SD8q2m6edwcB
2013-05-23 06:29 - 2013-05-23 06:29 - 0045967 _____ () C:\Users\Cheryl D. White\AppData\Local\rkmkcmvi
2011-10-14 20:27 - 2012-01-16 14:20 - 0001281 _____ () C:\ProgramData\hpzinstall.log
2012-03-11 17:00 - 2012-03-11 17:04 - 0002932 ___SH () C:\ProgramData\KGyGaAvL.sys
2011-11-24 06:58 - 2014-03-08 08:25 - 0002609 _____ () C:\ProgramData\LmeUSB.log
2011-11-24 06:58 - 2014-03-08 08:25 - 0002554 _____ () C:\ProgramData\LmeZJSW.log
2011-11-24 06:58 - 2014-03-08 08:25 - 0002609 _____ () C:\ProgramData\LSDmbTH.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 00:58

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:38 AM

Posted 07 March 2016 - 08:13 AM

Task: {0B4F850B-68CB-4235-A653-7C56E27A935D} - System32\Tasks\updateTask => c:\task.vbs

Do you know what this is?

If not then add these two lines in bold in the code box below before you save the fixlist.txt file.
Task: {0B4F850B-68CB-4235-A653-7C56E27A935D} - System32\Tasks\updateTask => c:\task.vbs
c:\task.vbs


Remove this program via the Control Panel > Programs and Features applet.
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-652439225-1890198162-91388531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-652439225-1890198162-91388531-1003 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL => No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-05]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
S4 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
S3 catchme; \??\C:\Users\CHERYL~1.WHI\AppData\Local\Temp\catchme.sys [X]
S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X]
CustomCLSID: HKU\S-1-5-21-652439225-1890198162-91388531-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cheryl D. White\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-652439225-1890198162-91388531-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Cheryl D. White\AppData\Local\Citrix\GoToMeeting\2417\G2MOutlookAddin.dll => No File
Task: {21849E98-813A-420F-A719-7ADC28E58250} - \Smp -> No File <==== ATTENTION
Task: {2E58424B-9AF8-4A84-9528-938C8D8253A6} - System32\Tasks\{9771B004-6BF2-422A-863C-9755DE476C50} => pcalua.exe -a "C:\Users\Cheryl D. White\Downloads\jxpiinstall.exe" -d "C:\Users\Cheryl D. White\Downloads"
Task: {53AE89C3-F5EA-47E9-9FB2-3B74401000A9} - System32\Tasks\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0 => C:\Users\Cheryl D. White\AppData\Local\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0.exe <==== ATTENTION
Task: {C711A3BC-45A7-45EF-A8D4-15A189455324} - System32\Tasks\Misbo => C:\PROGRA~1\SHOPPE~3\Nijter.bat
Task: {D391E425-E7E0-468C-BDEC-59DCB8F89A2E} - System32\Tasks\{A24F7277-78D4-4DA0-82B0-4DB7C665A306} => pcalua.exe -a "C:\Users\Cheryl D. White\Downloads\jxpiinstall(1).exe" -d "C:\Users\Cheryl D. White\Downloads"
Task: {D846D3A1-4F77-4952-AA29-0736AE6D2AF2} - System32\Tasks\runTask => C:\Users\Cheryl D. White\AppData\Local\temp/Updater.exe
Task: {E1149B8B-C70A-4E7F-9279-160117AC1202} - System32\Tasks\{710BC846-FA91-4CE1-895C-4CC70296458D} => pcalua.exe -a "C:\Users\Cheryl D. White\AppData\Local\Temp\jds2122814.tmp\jxpiinstall(1).exe" -d "C:\Users\Cheryl D. White\AppData\Local\Temp\jds2122814.tmp"
Task: {E2ED8062-5F05-42D3-B107-6F882650BE9D} - \systemmgr -> No File <==== ATTENTION
C:\PROGRA~1\SHOPPE~3
C:\Users\Cheryl D. White\AppData\Local\temp/Updater.exe
C:\Users\Cheryl D. White\AppData\Roaming\SD8q2m6edwcB
C:\Users\Cheryl D. White\AppData\Local\rkmkcmvi


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#5 Computer Angelz

Computer Angelz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 07 March 2016 - 03:22 PM

The two lines that are in bold, that I am to add in the code box:

     Task: {0B4F850B-68CB-4235-A653-7C56E27A935D} - System32\Tasks\updateTask => c:\task.vbs
     c:\task.vbs

 

Do I add (paste)  them to the end of the code box after the last line and before the End command ?



#6 Computer Angelz

Computer Angelz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 07 March 2016 - 05:51 PM

I can't uninstall the program below from the Programs and Features applet.

I can use Revo Uninstaller to uninstall it, if that doesn't work, I can use the program's built in uninstall feature.
 

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated


Edited by Computer Angelz, 07 March 2016 - 05:56 PM.


#7 Computer Angelz

Computer Angelz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 07 March 2016 - 06:50 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01 Ran by Cheryl D. White (2016-03-07 18:39:43) Run:1 Running from C:\Users\Cheryl D. White\Desktop\FarBar Tool Loaded Profiles: Cheryl D. White (Available Profiles: Cheryl D. White) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** Start CreateRestorePoint: EmptyTemp: CloseProcesses: ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File [ ] ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-652439225-1890198162-91388531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION URLSearchHook: HKU\S-1-5-21-652439225-1890198162-91388531-1003 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL => No File Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.) Toolbar: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.) CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms} CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-05] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx S4 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.) S3 catchme; \??\C:\Users\CHERYL~1.WHI\AppData\Local\Temp\catchme.sys [X] S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X] CustomCLSID: HKU\S-1-5-21-652439225-1890198162-91388531-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cheryl D. White\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-652439225-1890198162-91388531-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Cheryl D. White\AppData\Local\Citrix\GoToMeeting\2417\G2MOutlookAddin.dll => No File Task: {21849E98-813A-420F-A719-7ADC28E58250} - \Smp -> No File <==== ATTENTION Task: {2E58424B-9AF8-4A84-9528-938C8D8253A6} - System32\Tasks\{9771B004-6BF2-422A-863C-9755DE476C50} => pcalua.exe -a "C:\Users\Cheryl D. White\Downloads\jxpiinstall.exe" -d "C:\Users\Cheryl D. White\Downloads" Task: {53AE89C3-F5EA-47E9-9FB2-3B74401000A9} - System32\Tasks\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0 => C:\Users\Cheryl D. White\AppData\Local\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0.exe <==== ATTENTION Task: {C711A3BC-45A7-45EF-A8D4-15A189455324} - System32\Tasks\Misbo => C:\PROGRA~1\SHOPPE~3\Nijter.bat Task: {D391E425-E7E0-468C-BDEC-59DCB8F89A2E} - System32\Tasks\{A24F7277-78D4-4DA0-82B0-4DB7C665A306} => pcalua.exe -a "C:\Users\Cheryl D. White\Downloads\jxpiinstall(1).exe" -d "C:\Users\Cheryl D. White\Downloads" Task: {D846D3A1-4F77-4952-AA29-0736AE6D2AF2} - System32\Tasks\runTask => C:\Users\Cheryl D. White\AppData\Local\temp/Updater.exe Task: {E1149B8B-C70A-4E7F-9279-160117AC1202} - System32\Tasks\{710BC846-FA91-4CE1-895C-4CC70296458D} => pcalua.exe -a "C:\Users\Cheryl D. White\AppData\Local\Temp\jds2122814.tmp\jxpiinstall(1).exe" -d "C:\Users\Cheryl D. White\AppData\Local\Temp\jds2122814.tmp" Task: {E2ED8062-5F05-42D3-B107-6F882650BE9D} - \systemmgr -> No File <==== ATTENTION C:\PROGRA~1\SHOPPE~3 C:\Users\Cheryl D. White\AppData\Local\temp/Updater.exe C:\Users\Cheryl D. White\AppData\Roaming\SD8q2m6edwcB C:\Users\Cheryl D. White\AppData\Local\rkmkcmvi Task: {0B4F850B-68CB-4235-A653-7C56E27A935D} - System32\Tasks\updateTask => c:\task.vbs c:\task.vbs End ***************** Error: Restore point can only be created in normal mode. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value removed successfully. "HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => key removed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => key removed successfully. "HKCR\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => key removed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => key removed successfully. "HKCR\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => key removed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => key removed successfully. "HKCR\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => key removed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => key removed successfully. "HKCR\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => key removed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => key removed successfully. "HKCR\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => key removed successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. "HKU\S-1-5-21-652439225-1890198162-91388531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. HKU\S-1-5-21-652439225-1890198162-91388531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully. "HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => key removed successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully. HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully. HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully. HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully. HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. "HKU\S-1-5-21-652439225-1890198162-91388531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully. HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. "HKU\S-1-5-21-652439225-1890198162-91388531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully. HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKU\S-1-5-21-652439225-1890198162-91388531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully. HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKU\S-1-5-21-652439225-1890198162-91388531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully. HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully. "HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => key removed successfully. "HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => key removed successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully. HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found. HKU\S-1-5-21-652439225-1890198162-91388531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully. C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully Chrome DefaultSearchURL => removed successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully. C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx => moved successfully "HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully. CouponPrinterService => service not found. catchme => service removed successfully. NTIDrvr => service removed successfully. "HKU\S-1-5-21-652439225-1890198162-91388531-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully. "HKU\S-1-5-21-652439225-1890198162-91388531-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21849E98-813A-420F-A719-7ADC28E58250}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21849E98-813A-420F-A719-7ADC28E58250}" => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E58424B-9AF8-4A84-9528-938C8D8253A6}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E58424B-9AF8-4A84-9528-938C8D8253A6}" => key removed successfully. C:\Windows\System32\Tasks\{9771B004-6BF2-422A-863C-9755DE476C50} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9771B004-6BF2-422A-863C-9755DE476C50}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53AE89C3-F5EA-47E9-9FB2-3B74401000A9}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53AE89C3-F5EA-47E9-9FB2-3B74401000A9}" => key removed successfully. C:\Windows\System32\Tasks\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FCF31FA6-7DE1-44BB-966D-D4DFEA3D7B0" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C711A3BC-45A7-45EF-A8D4-15A189455324}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C711A3BC-45A7-45EF-A8D4-15A189455324}" => key removed successfully. C:\Windows\System32\Tasks\Misbo => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Misbo" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D391E425-E7E0-468C-BDEC-59DCB8F89A2E}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D391E425-E7E0-468C-BDEC-59DCB8F89A2E}" => key removed successfully. C:\Windows\System32\Tasks\{A24F7277-78D4-4DA0-82B0-4DB7C665A306} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A24F7277-78D4-4DA0-82B0-4DB7C665A306}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D846D3A1-4F77-4952-AA29-0736AE6D2AF2}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D846D3A1-4F77-4952-AA29-0736AE6D2AF2}" => key removed successfully. C:\Windows\System32\Tasks\runTask => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\runTask" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1149B8B-C70A-4E7F-9279-160117AC1202}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1149B8B-C70A-4E7F-9279-160117AC1202}" => key removed successfully. C:\Windows\System32\Tasks\{710BC846-FA91-4CE1-895C-4CC70296458D} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{710BC846-FA91-4CE1-895C-4CC70296458D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2ED8062-5F05-42D3-B107-6F882650BE9D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2ED8062-5F05-42D3-B107-6F882650BE9D}" => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\systemmgr => key not found. "C:\PROGRA~1\SHOPPE~3" => not found. "C:\Users\Cheryl D. White\AppData\Local\temp/Updater.exe" => not found. C:\Users\Cheryl D. White\AppData\Roaming\SD8q2m6edwcB => moved successfully C:\Users\Cheryl D. White\AppData\Local\rkmkcmvi => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B4F850B-68CB-4235-A653-7C56E27A935D}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B4F850B-68CB-4235-A653-7C56E27A935D}" => key removed successfully. C:\Windows\System32\Tasks\updateTask => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updateTask" => key removed successfully. "c:\task.vbs" => not found. EmptyTemp: => 643.4 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 18:40:32 ====

Attached Files



#8 Computer Angelz

Computer Angelz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 07 March 2016 - 07:49 PM

I still cannot Install Java or Adobe Reader or Flash Player.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:38 AM

Posted 08 March 2016 - 07:31 AM

You have executed my fix in Safe mode.

Can you boot to normal mode?

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#10 Computer Angelz

Computer Angelz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 11 March 2016 - 01:06 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Cheryl D. White (administrator) on CHERYLDWHITE-HP (11-03-2016 00:50:36)
Running from C:\Users\Cheryl D. White\Desktop\FarBar Tool New
Loaded Profiles: Cheryl D. White (Available Profiles: Cheryl D. White)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\NTI\NTI Backup Now EZ 4\ScheduleService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-03-05] (AVAST Software)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll [2009-12-07] (Hewlett-Packard Limited)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-05] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cheryl D. White\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cheryl D. White\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cheryl D. White\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-01-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-01-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49364;https=127.0.0.1:49364
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:49364;https=127.0.0.1:49364
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2005-11-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{85A025B2-B8E5-45BF-B952-AF19704701AE}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130981861630649166&GUID=434BDB56-8739-3FEA-0FC7-914A981980AC
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130981861631139194&GUID=434BDB56-8739-3FEA-0FC7-914A981980AC
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130981861631009187&GUID=434BDB56-8739-3FEA-0FC7-914A981980AC
HKU\S-1-5-21-652439225-1890198162-91388531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-652439225-1890198162-91388531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> DefaultScope {68AC7630-B10C-464B-960F-34B487C48993} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {68AC7630-B10C-464B-960F-34B487C48993} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-652439225-1890198162-91388531-1003 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-11] (Hewlett-Packard)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-24] (Microsoft Corporation)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-01-22] (DigitalPersona, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-05] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2016-01-25] (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-14] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-24] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-14] (Google Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2016-01-25] (LastPass)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-20] (Microsoft Corporation)
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\Cheryl D. White\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-01-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Cheryl D. White\AppData\Roaming\Mozilla\Firefox\Profiles\43ldvwj3.default-1453710820394
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-25] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2016-01-25] (LastPass)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-20] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-652439225-1890198162-91388531-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Cheryl D. White\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-652439225-1890198162-91388531-1003: @microsoft.com/Office on Demand;version=1 -> C:\Users\Cheryl D. White\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll [2012-11-10] (Microsoft Corporation)
FF Extension: LastPass - C:\Users\Cheryl D. White\AppData\Roaming\Mozilla\Firefox\Profiles\43ldvwj3.default-1453710820394\extensions\support@lastpass.com [2016-03-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: No Name - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-08-23] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-23] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-05]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-05]
FF HKU\S-1-5-21-652439225-1890198162-91388531-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-25]
CHR Extension: (Google Docs) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-25]
CHR Extension: (Google Drive) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-25]
CHR Extension: (YouTube) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-07]
CHR Extension: (Google Search) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-25]
CHR Extension: (Google Sheets) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-25]
CHR Extension: (Skype) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-25]
CHR Extension: (Gmail) - C:\Users\Cheryl D. White\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284160 2010-11-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-05] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4403136 2016-03-05] (Avast Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2005-11-28] (Apple Computer, Inc.) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S4 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-08-10] (Symantec Corporation)
S4 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-08-10] (Symantec Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S4 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-01-22] (DigitalPersona, Inc.)
S4 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
S4 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-06-18] (WildTangent, Inc.)
S4 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
S4 HPFSService; c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-11] (Hewlett-Packard) [File not signed]
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 NTI Backup Now EZ 4 Scheduler; C:\Program Files\NTI\NTI Backup Now EZ 4\ScheduleService.exe [95432 2014-11-06] ()
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [447216 2010-01-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2013-03-31] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2013-03-31] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-05] (AVAST Software)
S3 AuviUADFilter; C:\Windows\System32\DRIVERS\AuviUADFilter.sys [20992 2009-08-03] (Auvitek Corp.) [File not signed]
S3 AuviUATV; C:\Windows\System32\DRIVERS\AuviUATV.sys [1886976 2010-02-04] (Auvitek Corp.) [File not signed]
S3 AuviUDTV; C:\Windows\System32\DRIVERS\AuviUDTV.sys [1881472 2010-02-08] (Auvitek Corp.) [File not signed]
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-10] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-07] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140730.003\NAVENG.SYS [93272 2013-08-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140730.003\NAVEX15.SYS [1612376 2013-08-22] (Symantec Corporation)
R3 netr28; C:\Windows\System32\DRIVERS\netr28.sys [2075792 2014-12-10] (MediaTek Inc.)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [129144 2016-03-05] (AVAST Software)
S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [82048 2008-07-31] (OEM)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-12-18] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [284720 2010-09-17] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-09-17] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-09-17] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [125488 2016-02-06] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [99696 2010-11-12] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67472 2010-08-16] (Symantec Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [252152 2016-03-05] (Avast Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43888 2010-11-12] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-10-05] (Symantec Corporation)
S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-11 00:47 - 2016-03-11 00:50 - 00000000 ____D C:\Users\Cheryl D. White\Desktop\FarBar Tool New
2016-03-11 00:37 - 2016-03-11 00:37 - 00003736 ____N C:\bootsqm.dat
2016-03-07 19:48 - 2016-03-07 19:49 - 78148856 _____ (Adobe Systems Incorporated) C:\Users\Cheryl D. White\Downloads\ApplicationManager9.0_all(1).exe
2016-03-07 19:46 - 2016-03-07 19:48 - 78148856 _____ (Adobe Systems Incorporated) C:\Users\Cheryl D. White\Downloads\ApplicationManager9.0_all.exe
2016-03-07 19:02 - 2016-03-07 20:08 - 00000360 _____ C:\Windows\Tasks\HPCeeScheduleForCheryl D. White.job
2016-03-07 18:47 - 2016-03-11 00:48 - 00000000 ____D C:\Windows\system32\vbox
2016-03-06 17:42 - 2016-03-11 00:50 - 00000000 ____D C:\FRST
2016-03-06 16:25 - 2016-03-07 19:33 - 00000000 ____D C:\Users\Cheryl D. White\Desktop\FarBar Tool
2016-03-06 14:01 - 2016-03-06 14:01 - 00129450 _____ C:\Users\Cheryl D. White\Downloads\Probably still infrected, I can't instal Java or Adobe Reader or Flash - Virus, Trojan, Spyware, and Malware Removal Logs.htm
2016-03-06 14:01 - 2016-03-06 14:01 - 00000000 ____D C:\Users\Cheryl D. White\Downloads\Probably still infrected, I can't instal Java or Adobe Reader or Flash - Virus, Trojan, Spyware, and Malware Removal Logs_files
2016-03-05 16:13 - 2016-03-05 16:13 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-05 16:13 - 2016-03-05 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-05 16:13 - 2016-03-05 16:13 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-05 16:09 - 2016-03-05 16:09 - 00001817 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-03-05 16:09 - 2016-03-05 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-05 16:08 - 2016-03-05 16:09 - 00000000 ____D C:\Program Files\QuickTime
2016-03-05 15:45 - 2016-03-05 15:44 - 00129144 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-03-05 15:44 - 2016-03-05 15:41 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-05 15:42 - 2016-03-05 15:42 - 00002073 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-05 15:42 - 2016-03-05 15:42 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\AVAST Software
2016-03-05 15:42 - 2016-03-05 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-05 15:41 - 2016-03-11 00:46 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-05 15:41 - 2016-03-11 00:46 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-05 15:41 - 2016-03-05 15:42 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-03-05 15:41 - 2016-03-05 15:42 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1457675196566
2016-03-05 15:41 - 2016-03-05 15:41 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1457675196566
2016-03-05 15:41 - 2016-03-05 15:41 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-05 15:41 - 2016-03-05 15:41 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-05 15:41 - 2016-03-05 15:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-05 15:40 - 2016-03-05 15:40 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-05 15:39 - 2016-03-05 15:39 - 05207096 _____ (AVAST Software) C:\Users\Cheryl D. White\Downloads\avast_free_antivirus_setup_online.exe
2016-03-04 00:53 - 2016-03-04 00:53 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Cheryl D. White\Downloads\rkill(1).exe
2016-03-04 00:24 - 2016-03-04 00:24 - 00029819 _____ C:\ComboFix.txt
2016-03-04 00:02 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-04 00:02 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-04 00:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-04 00:02 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-03 23:57 - 2016-03-04 00:24 - 00000000 ____D C:\Qoobox
2016-03-03 23:56 - 2016-03-04 00:23 - 00000000 ____D C:\Windows\erdnt
2016-03-03 23:56 - 2016-03-03 23:56 - 05658435 ____R (Swearware) C:\Users\Cheryl D. White\Downloads\ComboFix.exe
2016-02-29 20:11 - 2016-02-29 20:11 - 00000000 ____D C:\Windows\86B3F2D6AC2B00158AE1F2F77F781B0C.TMP
2016-02-27 17:44 - 2015-12-20 13:45 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-27 17:44 - 2015-12-20 13:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-27 17:44 - 2015-12-20 11:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-27 17:44 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-02-27 17:44 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-02-27 17:44 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-02-27 17:44 - 2015-07-16 10:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-02-27 17:44 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-02-26 01:11 - 2016-01-11 13:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-02-26 01:05 - 2015-11-19 09:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-26 01:05 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-26 00:47 - 2015-12-16 13:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-02-26 00:47 - 2015-12-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-26 00:47 - 2015-12-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-26 00:47 - 2015-12-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-26 00:47 - 2015-12-16 09:38 - 00419928 _____ C:\Windows\system32\locale.nls
2016-02-26 00:40 - 2015-08-05 12:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-02-26 00:40 - 2015-08-05 11:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-02-26 00:24 - 2013-10-01 18:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-02-26 00:23 - 2013-10-01 19:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-02-26 00:23 - 2013-10-01 19:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-02-26 00:23 - 2013-10-01 19:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-02-26 00:23 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-02-26 00:23 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-02-26 00:23 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-02-26 00:08 - 2012-08-23 09:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-02-26 00:08 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-02-25 23:56 - 2016-02-25 23:56 - 01193696 _____ (Adobe Systems Incorporated) C:\Users\Cheryl D. White\Downloads\readerdc_en_ha_install.exe
2016-02-25 23:54 - 2016-03-07 20:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-25 20:26 - 2016-03-04 00:58 - 00002338 _____ C:\Users\Cheryl D. White\Desktop\Rkill.txt
2016-02-25 20:26 - 2016-02-25 20:26 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Cheryl D. White\Downloads\rkill.exe
2016-02-13 21:17 - 2016-01-16 13:42 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-13 21:17 - 2016-01-16 13:34 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-13 21:17 - 2016-01-11 13:47 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-13 21:17 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-13 21:17 - 2016-01-11 13:35 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-13 21:17 - 2016-01-11 13:17 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-13 21:17 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-13 21:17 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-13 21:17 - 2016-01-11 13:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-13 21:17 - 2016-01-11 09:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-13 20:48 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-13 20:48 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-13 20:48 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-13 20:48 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-13 20:43 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-13 20:43 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-13 20:43 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-13 20:43 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-13 20:43 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-13 20:43 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-13 20:41 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-13 20:41 - 2016-01-22 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-13 20:41 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-13 20:41 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-13 20:41 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-13 20:41 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-13 20:41 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-13 20:41 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-13 20:41 - 2016-01-22 00:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-13 20:41 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-13 20:41 - 2016-01-22 00:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-13 20:41 - 2016-01-22 00:46 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-13 20:41 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-13 20:41 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-13 20:41 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-13 20:41 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-13 20:41 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-13 20:41 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-13 20:41 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-13 20:41 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-13 20:41 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-13 20:41 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-13 20:41 - 2016-01-22 00:25 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-13 20:41 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-13 20:41 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-13 20:41 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-13 20:41 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-13 20:40 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-13 20:40 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-13 20:27 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-13 20:25 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-13 20:25 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-13 20:25 - 2016-01-06 12:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-13 20:24 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-13 20:24 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-13 20:24 - 2016-01-22 01:13 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-13 20:24 - 2016-01-22 01:13 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-13 20:24 - 2016-01-22 01:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-13 20:24 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-13 20:24 - 2016-01-22 01:05 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-13 20:24 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-13 20:24 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-13 20:24 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-13 20:24 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-13 20:24 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-13 20:24 - 2016-01-22 00:01 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-13 20:24 - 2016-01-22 00:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-13 20:24 - 2016-01-21 23:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-13 20:24 - 2016-01-21 23:53 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-13 20:24 - 2016-01-21 23:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-13 20:24 - 2016-01-21 23:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-13 20:24 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-13 20:24 - 2016-01-21 23:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-13 20:24 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-13 20:11 - 2016-01-07 12:47 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-13 20:10 - 2016-01-07 12:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-13 19:24 - 2016-02-13 19:24 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\ElevatedDiagnostics
2016-02-13 19:10 - 2016-02-13 19:10 - 00347816 _____ (Microsoft Corporation) C:\Users\Cheryl D. White\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2016-02-13 17:14 - 2016-02-13 17:14 - 50265184 _____ (Oracle Corporation) C:\Users\Cheryl D. White\Downloads\jre-8u73-windows-i586.exe
2016-02-13 17:05 - 2016-02-13 18:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-13 17:04 - 2016-02-13 17:04 - 00000000 ____D C:\Users\Cheryl D. White\AppData\LocalLow\Oracle
2016-02-13 16:57 - 2016-02-13 16:57 - 00001220 _____ C:\Users\Cheryl D. White\Desktop\Revo Uninstaller.lnk
2016-02-13 16:57 - 2016-02-13 16:57 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-13 16:56 - 2016-02-13 16:56 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Cheryl D. White\Downloads\revosetup.exe
2016-02-13 16:50 - 2016-02-13 16:50 - 00894960 _____ C:\Users\Cheryl D. White\Downloads\Norton_Removal_Tool(3).exe
2016-02-13 16:43 - 2016-02-13 16:43 - 00894960 _____ C:\Users\Cheryl D. White\Downloads\Norton_Removal_Tool(2).exe
2016-02-13 16:41 - 2016-02-13 16:41 - 00894960 _____ C:\Users\Cheryl D. White\Downloads\Norton_Removal_Tool(1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-11 00:49 - 2012-08-23 17:35 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-11 00:49 - 2009-07-13 23:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-11 00:49 - 2009-07-13 23:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-11 00:44 - 2016-01-18 00:08 - 00000000 ____D C:\Users\Cheryl D. White\AppData\LocalLow\LastPass
2016-03-11 00:41 - 2012-08-23 17:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-11 00:39 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-07 20:33 - 2016-01-14 20:56 - 00000000 ____D C:\Windows\pss
2016-03-07 20:32 - 2016-02-06 16:40 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-07 20:13 - 2015-03-16 15:00 - 00000622 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-652439225-1890198162-91388531-1003.job
2016-03-07 20:08 - 2015-05-31 16:20 - 00000718 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-652439225-1890198162-91388531-1003.job
2016-03-07 19:58 - 2013-07-11 19:55 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\Adobe
2016-03-07 19:55 - 2016-01-14 20:14 - 00346922 _____ C:\Windows\ntbtlog.txt
2016-03-07 18:54 - 2011-11-09 19:49 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\CrashDumps
2016-03-06 14:03 - 2016-01-17 23:45 - 00000000 ____D C:\Users\Cheryl D. White\Documents\AnGeLz
2016-03-05 16:15 - 2012-04-21 04:52 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\Skype
2016-03-05 16:13 - 2014-07-28 10:19 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\Skype
2016-03-05 16:13 - 2012-04-21 04:51 - 00000000 ___RD C:\Program Files\Skype
2016-03-05 16:13 - 2012-04-21 04:51 - 00000000 ____D C:\ProgramData\Skype
2016-03-05 16:10 - 2014-02-10 21:04 - 00000000 ____D C:\Program Files\Adobe
2016-03-05 16:10 - 2012-08-23 17:34 - 00000000 ____D C:\ProgramData\Adobe
2016-03-05 16:10 - 2011-10-14 20:33 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Roaming\Adobe
2016-03-05 16:10 - 2011-05-14 15:56 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-03-05 16:08 - 2012-01-16 13:34 - 00000000 ____D C:\ProgramData\Apple Computer
2016-03-05 15:39 - 2014-08-01 11:40 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-04 00:21 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2016-02-29 20:11 - 2012-01-09 19:10 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2016-02-28 03:54 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2016-02-26 01:33 - 2013-08-13 20:52 - 00000000 ____D C:\Windows\system32\MRT
2016-02-26 01:21 - 2011-10-19 07:54 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-26 01:13 - 2009-07-13 23:33 - 00440768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-26 00:12 - 2012-04-07 10:04 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-26 00:12 - 2011-11-24 09:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-26 00:10 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-26 00:10 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-02-25 23:50 - 2011-05-14 15:17 - 00000000 ____D C:\Windows\system32\RTCOM
2016-02-25 19:59 - 2009-07-25 07:54 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-25 19:57 - 2015-04-14 05:43 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-25 19:51 - 2009-07-13 23:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-25 17:40 - 2013-03-16 11:47 - 00000000 ___RD C:\Users\Cheryl D. White\Podcasts
2016-02-25 17:40 - 2011-10-14 20:18 - 00000000 ___RD C:\Users\Cheryl D. White\Virtual Machines
2016-02-25 03:02 - 2016-01-25 03:56 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-25 03:02 - 2016-01-25 03:40 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-25 03:01 - 2016-01-25 03:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-24 23:55 - 2016-01-18 01:10 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-24 23:42 - 2015-09-20 21:43 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-24 23:35 - 2015-09-20 21:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-24 23:12 - 2014-12-14 16:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-24 23:12 - 2014-05-07 06:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-24 23:01 - 2009-07-14 02:50 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 22:22 - 2009-07-13 21:04 - 00000615 _____ C:\Windows\win.ini
2016-02-13 19:33 - 2013-11-18 10:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-13 19:26 - 2014-08-06 07:47 - 00000000 ____D C:\Users\Cheryl D. White\AppData\Local\PC_Drivers_Headquarters
2016-02-13 18:47 - 2016-01-14 20:31 - 00000000 ____D C:\Program Files\VS Revo Group

==================== Files in the root of some directories =======

2016-01-25 04:40 - 2016-01-25 04:40 - 17181720 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0001171 _____ () C:\Users\Cheryl D. White\AppData\Roaming\CCqoYQsARDD7ZCfGt8eg
2011-10-14 20:27 - 2012-01-16 14:20 - 0001281 _____ () C:\ProgramData\hpzinstall.log
2012-03-11 17:00 - 2012-03-11 17:04 - 0002932 ___SH () C:\ProgramData\KGyGaAvL.sys
2011-11-24 06:58 - 2014-03-08 08:25 - 0002609 _____ () C:\ProgramData\LmeUSB.log
2011-11-24 06:58 - 2014-03-08 08:25 - 0002554 _____ () C:\ProgramData\LmeZJSW.log
2011-11-24 06:58 - 2014-03-08 08:25 - 0002609 _____ () C:\ProgramData\LSDmbTH.log

Some files in TEMP:
====================
C:\Users\Cheryl D. White\AppData\Local\temp\install_flashplayer11x32_ltr5x32d_awc_aih.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 00:58

==================== End of FRST.txt ============================

Attached Files



#11 Computer Angelz

Computer Angelz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 11 March 2016 - 01:27 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Professional x86
Ran by Cheryl D. White (Administrator) on Fri 03/11/2016 at  1:16:27.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 22

Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder)
Successfully deleted: C:\ProgramData\babylon (Folder)
Successfully deleted: C:\ProgramData\browser (Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Local\installer (Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\Cheryl D. White\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Cheryl D. White\Appdata\LocalLow\Toolbar4 (Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Roaming\babsolution (Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Roaming\babylon (Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Roaming\Mozilla\Firefox\Profiles\33j9cg97.default\searchplugins\bingp.xml (File)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Roaming\Mozilla\Firefox\Profiles\43ldvwj3.default-1453710820394\extensions\staged (Folder)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Windows\reimage.ini (File)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADWDT5NB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMU17G3L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1BH9DD4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl D. White\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0Q2GA62 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADWDT5NB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMU17G3L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1BH9DD4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0Q2GA62 (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/11/2016 at  1:22:04.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 Computer Angelz

Computer Angelz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 11 March 2016 - 01:33 AM

Farbar Service Scanner Version: 27-01-2016
Ran by Cheryl D. White (administrator) on 11-03-2016 at 01:31:09
Running from "C:\Users\Cheryl D. White\Desktop\Bleeping Computer Instructions & Stuff\FarBar's Service Scanner Utility"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:38 AM

Posted 11 March 2016 - 10:10 AM


I did not act on this proxy in my first fix.
Will remove it and if you need it you can restore it when all is well.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49364;https=127.0.0.1:49364
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:49364;https=127.0.0.1:49364
S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X]
RemoveProxy:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Can you now install Java and the Adobe reader?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:38 AM

Posted 17 March 2016 - 07:09 AM

Are you still with me?

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users