Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Scans Done--Older Computer with Several Users


  • This topic is locked This topic is locked
41 replies to this topic

#1 guiyak1

guiyak1

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 28 March 2016 - 05:28 PM

I'd have to have as many scans done as possible on the computer since the computer has been used for years by several people and has problems.  eg.  Can't reinstall Service Pack 2, lots of errors showing up in Event Viewer.  I'd like to eventually upgrade the computer to Windows 7.

 

I didn't receive an addition.txt.

 

Thank you.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Melinda Yakich (administrator) on YAKICH (28-03-2016 18:11:16)
Running from C:\Users\Melinda Yakich\Downloads
Loaded Profiles: Melinda Yakich (Available Profiles: Melinda Yakich)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
(Microsoft Corporation) C:\Windows\System32\MdRes.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Melinda Yakich\Downloads\FRST (4).exe
(Farbar) C:\Users\Melinda Yakich\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2006-11-27] (Creative Technology Ltd)
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [49152 2006-11-08] (Primax Electronics Ltd.)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-25] ( )
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\Run: [GoogleChromeAutoLaunch_109FB7528EE47E2F1B3F0CF25FBA19F0] => C:\Program Files\Google\Chrome\Application\chrome.exe [746648 2016-02-18] (Google Inc.)
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-02-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]   <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:47574
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File 
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{814D0A4E-5E70-4944-8249-43A9F86BB5EB}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> DefaultScope {8E8D4279-00EE-40E1-A827-E43936938879} URL = hxxp://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> {894BD6B4-D349-403E-BAD8-3BB6FD4FB56F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> {8E8D4279-00EE-40E1-A827-E43936938879} URL = hxxp://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - No CLSID Value - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Melinda Yakich\AppData\Roaming\Mozilla\Firefox\Profiles\6tkynhla.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-22] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.1.18\ma\bin\npMotive.dll [2013-12-02] (Alcatel-Lucent)
FF Plugin: @Motive.com/NpMotive,version=1.1 -> C:\Program Files\ATT\8.5.0.48\ma\bin\npMotive.dll [No File]
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3767507623-1024998872-888413707-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Melinda Yakich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Melinda Yakich\AppData\Roaming\Mozilla\Firefox\Profiles\6tkynhla.default\searchplugins\yahoo-avast.xml [2016-02-22]
FF Extension: YouTube™ Flash® Player - C:\Users\Melinda Yakich\AppData\Roaming\Mozilla\Firefox\Profiles\6tkynhla.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-03-01]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-09] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=503828&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=503828&fr=yo-yhp-ch"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10]
CHR Extension: (Google Drive) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-21]
CHR Extension: (YouTube) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pin It Button) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10]
CHR Extension: (Gmail) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]
CHR HKLM\...\Chrome\Extension: [fdhbkaahephniejapepaiggngjnedpci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S3 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2571704 2012-12-03] (WIBU-SYSTEMS AG)
S3 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2007-11-16] (Creative Labs) [File not signed]
S3 DCLoader; C:\Program Files\DCLoader\DCLoader.exe [168448 2015-05-18] () [File not signed] <==== ATTENTION
R2 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2004-03-05] (Lexmark International, Inc.) [File not signed]
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2013-10-22] (Emsisoft GmbH)
S3 AtiDCM; C:\AMD\Support\13-12_winvista_32_dd_ccc_whql\Bin\atidcmxx.sys [23808 2013-12-06] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2015-09-17] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2012-08-18] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-12-04] (Windows ® Win 7 DDK provider)
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2013-10-22] (Emsisoft GmbH)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [29400 2015-09-11] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [19984 2015-09-11] (Dell Computer Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2012-10-18] (EldoS Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-24] (GFI Software)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2007-11-01] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [267776 2007-11-01] (Conexant Systems, Inc.) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-09-17] (REALiX™)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-08-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-10-20] (Matrox Graphics Inc.)
R3 PGR1394b; C:\Windows\System32\DRIVERS\PGR1394.sys [92672 2011-02-04] (Point Grey Research)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [15248 2012-08-02] (PenMount)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [53960 2015-12-30] (360.cn)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [11527680 2015-09-17] (Advanced Micro Devices, Inc.)
S3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)
R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [31616 2007-01-15] ()
R2 SecDrv; C:\Windows\system32\drivers\SECDRV.SYS [12400 2015-11-19] (Macrovision Europe Ltd) [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-20] (Anchorfree Inc.)
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 2007-11-01] (Conexant Systems, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\MELIND~1\AppData\Local\Temp\catchme.sys [X]
S3 DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; no ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; no ImagePath
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 yeddef; System32\Drivers\yeddef.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-28 18:10 - 2016-03-28 18:11 - 01725440 _____ (Farbar) C:\Users\Melinda Yakich\Downloads\FRST (1).exe
2016-03-28 18:01 - 2016-03-28 18:01 - 01725440 _____ (Farbar) C:\Users\Melinda Yakich\Downloads\FRST (4).exe
2016-03-28 11:37 - 2016-03-28 11:37 - 00633089 _____ C:\Users\Melinda Yakich\Downloads\BI-NA-Caring-for-DuPont-Corian-literature.pdf
2016-03-28 11:10 - 2016-03-28 11:10 - 00035050 _____ C:\Users\Melinda Yakich\Downloads\housekeeping-checklist.pdf
2016-03-27 16:09 - 2016-03-27 16:09 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-27 16:09 - 2016-03-27 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-27 16:09 - 2016-03-27 16:09 - 00000000 ____D C:\Program Files\CCleaner
2016-03-27 16:07 - 2016-03-27 16:08 - 06868672 _____ (Piriform Ltd) C:\Users\Melinda Yakich\Downloads\ccsetup516.exe
2016-03-27 10:31 - 2016-03-27 10:31 - 00083077 _____ C:\Users\Melinda Yakich\Documents\Windows 7 Upgrade Advisor.mht
2016-03-27 09:33 - 2016-03-27 09:33 - 00001958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2016-03-27 09:33 - 2016-03-27 09:33 - 00001946 _____ C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2016-03-27 09:33 - 2016-03-27 09:33 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2016-03-27 09:32 - 2016-03-27 09:33 - 08669472 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\Windows7UpgradeAdvisorSetup (1).exe
2016-03-27 09:24 - 2016-03-27 09:24 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.Performance.Run (4).exe
2016-03-26 17:05 - 2016-03-26 17:05 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run (4).exe
2016-03-26 16:58 - 2016-03-26 16:58 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.wu.MATSKB.Run (12).exe
2016-03-26 16:57 - 2016-03-26 16:57 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.Performance.RNP.Run (5).exe
2016-03-26 15:12 - 2016-03-26 15:12 - 00146308 _____ C:\Users\Melinda Yakich\Downloads\WS08_Vista_SP2_RTM_KBList.xlsx
2016-03-26 13:48 - 2016-03-26 13:48 - 00356209 _____ C:\Users\Melinda Yakich\Downloads\ViewNoticeServlet.pdf
2016-03-25 21:17 - 2016-03-25 21:17 - 04613718 _____ C:\Users\Melinda Yakich\Downloads\Reader_s_Favorite_Recipes_from_Six_Sisters_Stuff.pdf
2016-03-25 16:53 - 2016-03-25 17:05 - 455611504 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\Windows6.0-KB936330-X86-wave0.exe
2016-03-25 11:30 - 2016-03-25 11:30 - 01417033 _____ C:\Users\Melinda Yakich\Downloads\March-7-March-25-menu (1).pdf
2016-03-25 11:27 - 2016-03-25 11:27 - 01417033 _____ C:\Users\Melinda Yakich\Downloads\March-7-March-25-menu.pdf
2016-03-23 10:16 - 2016-03-23 10:16 - 00030236 _____ C:\Users\Melinda Yakich\Downloads\april2016calendar.pdf
2016-03-23 10:16 - 2016-03-23 10:16 - 00029964 _____ C:\Users\Melinda Yakich\Downloads\february2016calendar.pdf
2016-03-23 10:16 - 2016-03-23 10:16 - 00029793 _____ C:\Users\Melinda Yakich\Downloads\may2016calendar.pdf
2016-03-23 10:15 - 2016-03-23 10:15 - 00029843 _____ C:\Users\Melinda Yakich\Downloads\january2016calendar (1).pdf
2016-03-23 10:12 - 2016-03-23 10:12 - 00030036 _____ C:\Users\Melinda Yakich\Downloads\march2016calendar (1).pdf
2016-03-23 10:09 - 2016-03-23 10:09 - 00029843 _____ C:\Users\Melinda Yakich\Downloads\january2016calendar.pdf
2016-03-23 10:05 - 2016-03-23 10:05 - 00030036 _____ C:\Users\Melinda Yakich\Downloads\march2016calendar.pdf
2016-03-21 13:06 - 2016-03-21 13:08 - 75137189 _____ C:\Users\Melinda Yakich\Downloads\Windows6.0-KB947821-v4-x86 (5).msu
2016-03-20 21:18 - 2016-03-20 21:18 - 00030712 _____ C:\Users\Melinda Yakich\Downloads\Top-5-Ingredients-to-Avoid-in-Food.pdf
2016-03-18 22:33 - 2016-03-18 22:33 - 00000000 ____D C:\Users\Melinda Yakich\Downloads\tweaking.com_windows_repair_aio
2016-03-18 22:27 - 2016-03-18 22:30 - 18025373 _____ C:\Users\Melinda Yakich\Downloads\tweaking.com_windows_repair_aio.zip
2016-03-18 21:23 - 2016-03-18 21:23 - 00002886 _____ C:\Users\Melinda Yakich\Desktop\FSS.txt
2016-03-18 21:22 - 2016-03-18 21:23 - 00002883 _____ C:\Users\Melinda Yakich\Downloads\FSS.txt
2016-03-18 21:22 - 2016-03-18 21:22 - 00899584 _____ (Farbar) C:\Users\Melinda Yakich\Downloads\FSS.exe
2016-03-18 19:59 - 2016-03-18 19:59 - 00001487 _____ C:\Users\Melinda Yakich\Desktop\AdwCleaner[C2].txt
2016-03-18 19:51 - 2016-03-18 19:51 - 01527296 _____ C:\Users\Melinda Yakich\Downloads\AdwCleaner (1).exe
2016-03-18 16:30 - 2016-03-18 16:30 - 00001278 _____ C:\Users\Melinda Yakich\Desktop\ESET.txt
2016-03-18 13:52 - 2016-03-18 13:52 - 00000000 ____D C:\Program Files\ESET
2016-03-18 13:51 - 2016-03-18 13:52 - 02870984 _____ (ESET) C:\Users\Melinda Yakich\Downloads\esetsmartinstaller_enu (2).exe
2016-03-18 13:50 - 2016-03-18 13:50 - 02870984 _____ (ESET) C:\Users\Melinda Yakich\Downloads\esetsmartinstaller_enu (1).exe
2016-03-18 13:47 - 2016-03-18 13:47 - 01610352 _____ (Malwarebytes) C:\Users\Melinda Yakich\Downloads\JRT (1).exe
2016-03-18 13:47 - 2016-03-18 13:47 - 01527296 _____ C:\Users\Melinda Yakich\Downloads\adwcleaner_5.102 (1).exe
2016-03-18 13:43 - 2016-03-18 15:19 - 00003990 _____ C:\Users\Melinda Yakich\Desktop\JRT.txt
2016-03-18 13:39 - 2016-03-18 13:40 - 01610352 _____ (Malwarebytes) C:\Users\Melinda Yakich\Downloads\JRT.exe
2016-03-18 13:27 - 2016-03-18 13:28 - 01527296 _____ C:\Users\Melinda Yakich\Downloads\adwcleaner_5.102.exe
2016-03-18 13:26 - 2016-03-18 13:26 - 00891392 _____ (Farbar) C:\Users\Melinda Yakich\Downloads\MiniToolBox (2).exe
2016-03-18 13:20 - 2016-03-18 13:20 - 00891392 _____ (Farbar) C:\Users\Melinda Yakich\Downloads\MiniToolBox (1).exe
2016-03-18 13:18 - 2016-03-18 13:18 - 00074594 _____ C:\Users\Melinda Yakich\Desktop\download.htm
2016-03-18 13:15 - 2016-03-18 15:20 - 00037057 _____ C:\Users\Melinda Yakich\Documents\MTB.txt
2016-03-18 13:13 - 2016-03-18 13:15 - 00035971 _____ C:\Users\Melinda Yakich\Downloads\MTB.txt
2016-03-18 13:10 - 2016-03-18 13:11 - 00891392 _____ (Farbar) C:\Users\Melinda Yakich\Downloads\MiniToolBox.exe
2016-03-18 12:21 - 2016-03-18 12:21 - 07475752 _____ C:\Users\Melinda Yakich\Downloads\SCUDownloader (3).exe
2016-03-18 12:21 - 2016-03-18 12:21 - 00000930 _____ C:\Users\Melinda Yakich\Desktop\System Checkup.lnk
2016-03-18 12:02 - 2016-03-18 12:02 - 00420192 _____ () C:\Users\Melinda Yakich\Downloads\DellSystemDetect.exe
2016-03-17 14:11 - 2016-03-17 14:11 - 00319488 _____ (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2016-03-17 14:11 - 2008-07-29 15:42 - 00528384 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-03-17 14:10 - 2016-03-17 14:10 - 19653832 _____ C:\Users\Melinda Yakich\Downloads\REALTEK_ALC888-HD-AUDIO-FOR-_A02_R198473.EXE
2016-03-16 20:21 - 2016-03-16 20:21 - 00000413 _____ C:\Users\Melinda Yakich\Documents\reset.cmd
2016-03-16 20:19 - 2016-03-16 20:19 - 00000000 ____D C:\Program Files\Windows Resource Kits
2016-03-16 20:18 - 2016-03-16 20:18 - 00379392 _____ C:\Users\Melinda Yakich\Downloads\subinacl.msi
2016-03-16 20:06 - 2016-03-16 20:06 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.wu.MATSKB.Run (11).exe
2016-03-16 12:01 - 2016-03-16 12:04 - 134381328 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\msert (3).exe
2016-03-16 11:52 - 2016-03-16 11:52 - 01250816 _____ C:\Users\Melinda Yakich\Downloads\MicrosoftEasyFix50202 (4).msi
2016-03-16 11:52 - 2016-03-16 11:52 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.wu.MATSKB.Run (10).exe
2016-03-16 11:12 - 2016-03-16 11:13 - 00615478 _____ C:\Users\Melinda Yakich\Downloads\Autoruns (1).zip
2016-03-15 20:22 - 2016-03-15 20:22 - 00649728 _____ C:\Users\Melinda Yakich\Downloads\MicrosoftFixit50097.msi
2016-03-15 15:23 - 2016-03-15 15:23 - 00650240 _____ C:\Users\Melinda Yakich\Downloads\MicrosoftFixit50203 (1).msi
2016-03-15 08:33 - 2016-03-15 08:33 - 00083977 _____ C:\Users\Melinda Yakich\Downloads\8-Week-Cleaning-Challenge-Kitchen.pdf
2016-03-14 11:40 - 2016-03-14 11:44 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-14 11:39 - 2016-03-14 11:39 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-14 11:39 - 2016-03-14 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-14 11:39 - 2016-03-14 11:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-14 11:39 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-14 11:39 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-14 11:39 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-14 11:27 - 2016-03-14 11:27 - 01279488 _____ C:\Users\Melinda Yakich\Downloads\MicrosoftFixit50356 (1).msi
2016-03-14 11:24 - 2016-03-14 11:25 - 22908888 _____ (Malwarebytes ) C:\Users\Melinda Yakich\Downloads\mbam-setup-2.2.0.1024 (4).exe
2016-03-13 18:56 - 2016-03-13 18:57 - 22908888 _____ (Malwarebytes ) C:\Users\Melinda Yakich\Downloads\mbam-setup-2.2.0.1024 (3).exe
2016-03-13 18:41 - 2016-03-13 18:41 - 22908888 _____ (Malwarebytes ) C:\Users\Melinda Yakich\Downloads\mbam-setup-2.2.0.1024 (2).exe
2016-03-13 18:21 - 2016-03-13 18:21 - 05658088 _____ (Swearware) C:\Users\Melinda Yakich\Downloads\ComboFix (1).exe
2016-03-13 18:00 - 2016-03-13 18:00 - 00852798 _____ C:\Users\Melinda Yakich\Downloads\SecurityCheck (1).exe
2016-03-13 17:44 - 2016-03-13 17:44 - 00019675 _____ C:\Users\Melinda Yakich\Documents\ComboFix.txt
2016-03-13 17:30 - 2016-03-13 17:30 - 00019675 ____C C:\ComboFix.txt
2016-03-13 17:11 - 2016-03-13 17:12 - 05658088 ____R (Swearware) C:\Users\Melinda Yakich\Downloads\ComboFix.exe
2016-03-13 17:03 - 2016-03-13 17:03 - 03145728 _____ C:\Users\Melinda Yakich\Downloads\msert (2).exe
2016-03-13 16:59 - 2016-03-13 16:59 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.Performance.Run (3).exe
2016-03-13 16:59 - 2016-03-13 16:59 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.IEPerformance.Run (1).exe
2016-03-13 16:57 - 2016-03-13 16:57 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.Devices.Run (3).exe
2016-03-13 11:56 - 2016-03-13 11:56 - 01194406 _____ (Huntersoft ) C:\Users\Melinda Yakich\Downloads\UnknownDeviceIdentifier (1).exe
2016-03-13 11:48 - 2016-03-13 11:48 - 01194406 _____ (Huntersoft ) C:\Users\Melinda Yakich\Downloads\UnknownDeviceIdentifier.exe
2016-03-13 11:23 - 2016-03-13 11:23 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.Devices.RNP.Run.exe
2016-03-12 21:55 - 2016-03-12 21:55 - 00000000 ____D C:\Windows\system32\SPReview
2016-03-12 15:08 - 2016-03-18 19:53 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-12 15:08 - 2016-03-12 15:08 - 01524224 _____ C:\Users\Melinda Yakich\Downloads\adwcleaner_5.101.exe
2016-03-12 13:23 - 2016-03-12 13:23 - 02870984 _____ (ESET) C:\Users\Melinda Yakich\Downloads\esetsmartinstaller_enu.exe
2016-03-12 11:28 - 2016-03-12 11:28 - 24988048 _____ (SUPERAntiSpyware) C:\Users\Melinda Yakich\Downloads\SUPERAntiSpyware.exe
2016-03-12 09:42 - 2016-03-12 09:43 - 22294856 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\BOIE9_ENUS_BO0084_VIS.EXE
2016-03-11 13:56 - 2016-03-11 13:56 - 00280924 _____ C:\Users\Melinda Yakich\Downloads\Donation_Valuation_Guide.pdf
2016-03-11 11:47 - 2016-03-12 11:18 - 00001788 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-03-11 11:47 - 2016-03-12 11:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-03-11 11:45 - 2016-03-11 11:45 - 11588952 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\mseinstall.exe
2016-03-11 10:08 - 2016-03-11 10:08 - 00300830 _____ C:\Users\Melinda Yakich\Downloads\Trader-Joes-Stores.pdf
2016-03-11 00:34 - 2016-03-11 00:34 - 04002104 _____ (Secunia) C:\Users\Melinda Yakich\Downloads\PSISetup (1).exe
2016-03-10 21:27 - 2016-03-10 21:27 - 04002104 _____ (Secunia) C:\Users\Melinda Yakich\Downloads\PSISetup.exe
2016-03-10 11:27 - 2016-03-10 11:27 - 00195612 _____ C:\Users\Melinda Yakich\Downloads\ATT_3216906995606_20151116.pdf
2016-03-10 11:26 - 2016-03-10 11:26 - 00193071 _____ C:\Users\Melinda Yakich\Downloads\ATT_3216906995606_20151216.pdf
2016-03-10 11:25 - 2016-03-10 11:25 - 00191698 _____ C:\Users\Melinda Yakich\Downloads\ATT_3216906995606_20160116.pdf
2016-03-10 09:55 - 2016-03-10 09:58 - 133183760 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\msert (1).exe
2016-03-10 09:45 - 2016-03-10 09:45 - 00185392 _____ C:\Users\Melinda Yakich\Downloads\FREE-Clutterfree30-Printable-via-Clean-Mama.pdf
2016-03-07 16:44 - 2016-03-07 16:44 - 07385640 _____ C:\Users\Melinda Yakich\Downloads\HPPSdr (4).exe
2016-03-07 16:42 - 2016-03-07 16:42 - 00000000 ___DC C:\swsetup
2016-03-07 16:40 - 2016-03-07 16:41 - 40779512 _____ (HP ) C:\Users\Melinda Yakich\Downloads\sp74103.exe
2016-03-07 16:29 - 2016-03-07 16:30 - 16877456 _____ C:\Users\Melinda Yakich\Downloads\PS_AIO_02_100_009 (5).exe
2016-03-07 16:28 - 2016-03-07 16:28 - 07385640 _____ C:\Users\Melinda Yakich\Downloads\HPPSdr (3).exe
2016-03-07 16:23 - 2016-03-07 16:23 - 07384608 _____ C:\Users\Melinda Yakich\Downloads\HPPSdr (2).exe
2016-03-07 13:05 - 2016-03-07 16:45 - 00001755 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-03-07 12:48 - 2016-03-07 12:48 - 07385640 _____ C:\Users\Melinda Yakich\Downloads\HPPSdr (1).exe
2016-03-07 09:52 - 2016-03-07 09:55 - 117542680 _____ (Apple Inc.) C:\Users\Melinda Yakich\Downloads\iTunesSetup.exe
2016-03-06 12:41 - 2016-03-06 12:42 - 13631488 _____ C:\Users\Melinda Yakich\Downloads\msert.exe
2016-03-06 12:20 - 2016-03-06 12:20 - 07486008 _____ (McAfee, Inc.) C:\Users\Melinda Yakich\Downloads\MCPR.exe
2016-03-06 11:38 - 2016-03-06 11:38 - 00894960 _____ C:\Users\Melinda Yakich\Downloads\Norton_Removal_Tool (2).exe
2016-03-05 18:12 - 2016-03-05 18:12 - 00236739 _____ C:\Users\Melinda Yakich\Downloads\NewEmployeeBenefitsGuide.pdf
2016-03-04 12:47 - 2016-03-04 12:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\MicrosoftFixit.wu.MATSKB.Run (9).exe
2016-03-04 09:49 - 2016-03-04 09:50 - 50449456 _____ (Microsoft Corporation) C:\Users\Melinda Yakich\Downloads\dotNetFx40_Full_x86_x64.exe
2016-03-03 16:00 - 2016-03-03 16:00 - 00039482 _____ C:\Users\Melinda Yakich\Downloads\2016_CHART.pdf
2016-03-03 14:50 - 2016-03-03 14:50 - 00609330 _____ C:\Users\Melinda Yakich\Downloads\PDL_2016-02-09.pdf
2016-03-03 13:43 - 2016-03-03 13:43 - 00356887 _____ C:\Users\Melinda Yakich\Downloads\spring_15.pdf
2016-03-03 11:16 - 2016-03-03 11:16 - 00066071 _____ C:\Users\Melinda Yakich\Downloads\cleaning_grand_plan_calendar_2016_1.pdf
2016-03-03 09:35 - 2016-03-03 09:36 - 00758640 _____ C:\Users\Melinda Yakich\Downloads\020615_SAL_HealthyPlate_images_8.5x11.pdf
2016-03-03 09:14 - 2016-03-03 09:14 - 00000821 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-03 09:14 - 2016-03-03 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-03 09:10 - 2016-03-03 09:12 - 30510920 _____ C:\Users\Melinda Yakich\Downloads\vlc-2.2.2-win32.exe
2016-03-02 15:10 - 2016-03-02 15:10 - 00001945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-02 15:10 - 2016-03-02 15:10 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-02 14:58 - 2016-03-02 14:58 - 00448512 _____ (OldTimer Tools) C:\Users\Melinda Yakich\Downloads\TFC.exe
2016-03-02 14:43 - 2016-03-02 14:58 - 00000000 ___DC C:\e31016e963c6275c9bb1d124
2016-03-02 10:39 - 2016-03-02 10:39 - 00987728 _____ (Google Inc.) C:\Users\Melinda Yakich\Downloads\ChromeSetup(7).exe
2016-03-02 10:37 - 2016-03-02 10:37 - 00987728 _____ (Google Inc.) C:\Users\Melinda Yakich\Downloads\ChromeSetup(6).exe
2016-03-02 10:24 - 2016-03-02 10:25 - 45905824 _____ (Google Inc.) C:\Users\Melinda Yakich\Downloads\ChromeStandaloneSetup.exe
2016-03-01 17:40 - 2016-03-01 17:40 - 00987728 _____ (Google Inc.) C:\Users\Melinda Yakich\Downloads\ChromeSetup(5).exe
2016-03-01 17:30 - 2016-03-01 17:30 - 00650240 _____ C:\Users\Melinda Yakich\Downloads\MicrosoftFixit50203.msi
2016-03-01 17:21 - 2016-03-01 17:21 - 00987728 _____ (Google Inc.) C:\Users\Melinda Yakich\Downloads\ChromeSetup(4).exe
2016-03-01 16:23 - 2016-03-01 16:23 - 00066537 _____ C:\Users\Melinda Yakich\FRST.txt
2016-03-01 16:22 - 2016-03-01 16:23 - 00040378 _____ C:\Users\Melinda Yakich\Downloads\Addition.txt
2016-03-01 16:21 - 2016-03-28 18:11 - 00020148 _____ C:\Users\Melinda Yakich\Downloads\FRST.txt
2016-03-01 16:19 - 2016-03-01 16:20 - 01722368 _____ (Farbar) C:\Users\Melinda Yakich\Downloads\FRST.exe
2016-03-01 10:06 - 2016-03-01 10:06 - 00987728 _____ (Google Inc.) C:\Users\Melinda Yakich\Downloads\ChromeSetup(3).exe
2016-03-01 08:43 - 2016-03-09 11:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-01 08:43 - 2016-03-01 08:43 - 00000820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-01 08:43 - 2016-03-01 08:43 - 00000808 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-01 08:43 - 2016-03-01 08:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-27 20:20 - 2016-02-27 20:20 - 00240489 _____ C:\Users\Melinda Yakich\Documents\emeals-healthy-lunch-plan-627.pdf
2016-02-27 20:19 - 2016-02-27 20:19 - 00207539 _____ C:\Users\Melinda Yakich\Documents\emeals-occasion-plans-627.pdf
2016-02-27 20:18 - 2016-02-27 20:18 - 00170078 _____ C:\Users\Melinda Yakich\Documents\emeals-dessert-plan-627.pdf
2016-02-27 20:17 - 2016-02-27 20:17 - 00271530 _____ C:\Users\Melinda Yakich\Documents\emeals-aldi-classic-family-plan-627.pdf
2016-02-27 20:17 - 2016-02-27 20:17 - 00218064 _____ C:\Users\Melinda Yakich\Documents\emeals-healthy-breakfast-plan-627.pdf
2016-02-27 20:15 - 2016-02-27 20:15 - 00285171 _____ C:\Users\Melinda Yakich\Documents\emeals-walmart-classic-family-plan-627.pdf
2016-02-27 20:14 - 2016-02-27 20:14 - 00276645 _____ C:\Users\Melinda Yakich\Documents\emeals-budget-friendly-family-plan-627.pdf
2016-02-27 20:14 - 2016-02-27 20:14 - 00274567 _____ C:\Users\Melinda Yakich\Documents\emeals-budget-friendly-family-plan-626.pdf
2016-02-27 20:13 - 2016-02-27 20:13 - 00271587 _____ C:\Users\Melinda Yakich\Documents\emeals-kid-friendly-family-plan-627.pdf
2016-02-27 20:12 - 2016-02-27 20:12 - 00269712 _____ C:\Users\Melinda Yakich\Documents\emeals-30-minute-meals-family-plan-627.pdf
2016-02-27 20:11 - 2016-02-27 20:11 - 00287185 _____ C:\Users\Melinda Yakich\Documents\emeals-slow-cooker-classic-family-plan-627.pdf
2016-02-27 20:10 - 2016-02-27 20:10 - 00304891 _____ C:\Users\Melinda Yakich\Documents\emeals-publix-classic-family-plan-627.pdf
2016-02-27 20:05 - 2016-02-27 20:05 - 00260371 _____ C:\Users\Melinda Yakich\Documents\emeals-target-classic-family-plan-627.pdf
2016-02-27 19:32 - 2016-02-27 19:32 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Roaming\Search The Web
2016-02-27 19:28 - 2016-03-19 10:22 - 00119568 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-02-27 19:16 - 2016-03-23 18:53 - 00423920 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-27 16:06 - 2016-02-27 16:06 - 00000000 ___DC C:\MATS
2016-02-27 12:20 - 2016-02-27 12:20 - 00000000 ____D C:\Users\Melinda Yakich\Documents\ProcAlyzer Dumps
2016-02-27 11:04 - 2016-02-27 11:04 - 00014560 _____ C:\Users\Melinda Yakich\Documents\cc_20160227_100455.reg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-28 18:11 - 2015-11-02 20:52 - 00000000 ___DC C:\FRST
2016-03-28 16:37 - 2006-11-02 08:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-28 16:37 - 2006-11-02 08:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-28 10:42 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-03-28 10:42 - 2006-11-02 06:33 - 00772746 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-28 10:39 - 2016-02-11 08:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-28 10:37 - 2008-12-12 17:13 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-03-28 10:37 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-28 10:37 - 2006-11-02 08:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-28 10:36 - 2010-05-12 09:20 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Roaming\HpUpdate
2016-03-28 10:36 - 2006-11-02 09:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-23 19:18 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-03-23 18:50 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-03-23 18:50 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-03-23 18:50 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2016-03-23 18:50 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-23 18:50 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-23 18:50 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-03-23 18:50 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Calendar
2016-03-23 18:50 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Movie Maker
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\SLUI
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\setup
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\oobe
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\migwiz
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\manifeststore
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\lv-LV
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\lt-LT
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\inetsrv
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\et-EE
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\servicing
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\IME
2016-03-23 18:50 - 2006-11-02 07:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-23 18:47 - 2007-11-16 16:21 - 00000000 ____D C:\Windows\system32\RTCOM
2016-03-23 15:42 - 2011-08-07 18:25 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Local\Deployment
2016-03-22 18:05 - 2016-02-11 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-22 18:05 - 2011-01-24 20:32 - 00000000 ____D C:\Program Files\Java
2016-03-21 17:45 - 2015-11-15 11:51 - 00001905 _____ C:\Windows\diagwrn.xml
2016-03-21 17:45 - 2015-11-15 11:51 - 00001905 _____ C:\Windows\diagerr.xml
2016-03-19 10:20 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2016-03-18 16:21 - 2015-11-21 17:36 - 00000000 ____D C:\Users\Melinda Yakich\Documents\My Filehippo Downloads
2016-03-18 13:42 - 2013-01-17 11:15 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Roaming\IObit
2016-03-18 12:22 - 2011-10-20 15:26 - 00000000 ____D C:\ProgramData\iolo
2016-03-18 12:09 - 2015-06-03 16:25 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Roaming\PCDr
2016-03-17 19:53 - 2016-02-23 23:20 - 00028215 _____ C:\Users\Melinda Yakich\Desktop\sfcdetails.txt
2016-03-17 14:11 - 2016-02-05 00:13 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2016-03-16 18:47 - 2007-11-22 15:53 - 00224768 _____ C:\Users\Melinda Yakich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-16 11:13 - 2015-11-11 22:18 - 00000000 ____D C:\Users\Melinda Yakich\Downloads\Autoruns (1)
2016-03-13 17:59 - 2011-08-07 18:25 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Local\Apps\2.0
2016-03-13 17:30 - 2015-11-11 12:08 - 00000000 ___DC C:\Qoobox
2016-03-13 17:25 - 2006-11-02 06:23 - 00000215 ____C C:\Windows\system.ini
2016-03-13 12:39 - 2013-02-08 18:07 - 00000000 ____D C:\Windows\pss
2016-03-12 19:18 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2016-03-12 16:03 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Branding
2016-03-12 11:18 - 2014-02-24 09:54 - 00001945 _____ C:\Windows\epplauncher.mif
2016-03-12 09:46 - 2011-02-27 15:08 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-11 00:34 - 2015-11-21 17:28 - 00000000 ____D C:\Program Files\Secunia
2016-03-10 17:34 - 2012-07-02 23:47 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Local\CrashDumps
2016-03-09 11:36 - 2010-08-22 12:34 - 00000000 ____D C:\Program Files\QuickTime
2016-03-09 11:36 - 2009-10-04 17:13 - 00000000 ____D C:\ProgramData\Apple Computer
2016-03-08 22:46 - 2013-08-02 20:19 - 00000000 ____D C:\Windows\system32\MRT
2016-03-08 22:34 - 2006-11-02 06:24 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-03-06 15:43 - 2008-01-10 20:41 - 00000000 ___SD C:\Users\Melinda Yakich\AppData\LocalLow\Temp
2016-03-06 12:22 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\config\Journal
2016-03-03 09:16 - 2011-11-26 10:08 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Roaming\vlc
2016-03-03 09:14 - 2016-02-05 14:27 - 00000000 ____D C:\Program Files\VideoLAN
2016-03-01 16:23 - 2007-11-22 15:46 - 00000000 ____D C:\Users\Melinda Yakich
2016-03-01 10:08 - 2007-11-16 16:58 - 00000000 ____D C:\Program Files\Google
2016-02-29 10:51 - 2015-10-20 17:28 - 00000000 ____D C:\Program Files\Panda Security
2016-02-29 10:31 - 2015-10-20 17:25 - 00000000 ____D C:\ProgramData\Panda Security
2016-02-29 10:30 - 2015-10-20 17:29 - 00000000 ____D C:\Users\Melinda Yakich\AppData\Roaming\Panda Security
2016-02-27 19:19 - 2016-01-26 19:37 - 00000000 ____D C:\Program Files\360
2016-02-27 13:03 - 2016-01-26 19:38 - 00000000 ____D C:\ProgramData\360Quarant
2016-02-27 13:03 - 2006-11-02 07:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-02-27 12:26 - 2015-10-03 00:03 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-02-27 12:26 - 2014-04-04 22:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
 
==================== Files in the root of some directories =======
 
2010-07-08 10:37 - 2010-07-08 10:37 - 0101544 _____ () C:\Program Files\Common Files\LinkInstaller.exe
2011-01-23 08:07 - 2011-01-23 08:07 - 0000025 _____ () C:\Users\Melinda Yakich\AppData\Roaming\bdfvconp.ini
2014-06-19 06:37 - 2014-06-19 06:37 - 0000024 _____ () C:\Users\Melinda Yakich\AppData\Roaming\temp.ini
2010-05-02 16:18 - 2010-05-02 16:18 - 0031007 _____ () C:\Users\Melinda Yakich\AppData\Roaming\UserTile.png
2015-05-25 22:26 - 2015-05-25 22:26 - 0893239 _____ () C:\Users\Melinda Yakich\AppData\Local\a.zip
2015-05-25 22:26 - 2015-05-25 22:26 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Melinda Yakich\AppData\Local\BcsKtYcHW.dll
2011-10-23 20:31 - 2011-10-23 20:31 - 0000552 _____ () C:\Users\Melinda Yakich\AppData\Local\d3d8caps.dat
2010-05-06 13:28 - 2016-02-16 14:56 - 0002032 _____ () C:\Users\Melinda Yakich\AppData\Local\d3d9caps.dat
2007-11-22 15:53 - 2016-03-16 18:47 - 0224768 _____ () C:\Users\Melinda Yakich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-26 01:10 - 2011-12-14 20:21 - 0106401 _____ () C:\ProgramData\bdinstall.bin
2015-10-03 12:35 - 2016-02-03 13:06 - 0006216 _____ () C:\ProgramData\hpzinstall.log
2011-08-04 20:08 - 2011-08-04 20:08 - 0000816 _____ () C:\ProgramData\search_result.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-28 10:45
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 29 March 2016 - 07:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
cmd: netsh winsock reset catalog

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]   <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:47574
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Handler: linkscanner - No CLSID Value -
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin: @Motive.com/NpMotive,version=1.1 -> C:\Program Files\ATT\8.5.0.48\ma\bin\npMotive.dll [No File]
FF SearchPlugin: C:\Users\Melinda Yakich\AppData\Roaming\Mozilla\Firefox\Profiles\6tkynhla.default\searchplugins\yahoo-avast.xml [2016-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
S3 avchv; system32\DRIVERS\avchv.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\MELIND~1\AppData\Local\Temp\catchme.sys [X]
S3 DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; no ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; no ImagePath
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 yeddef; System32\Drivers\yeddef.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
==

Please post the Fixlog.txt and the cleaning log from running the AdwCleaner tool.

I also need to see the Addition.txt file that was created by the Farbar tool.
Please post it also for my review.

p.s.
In the internet working a little better now?

Wait for further instructions.

Please let me know what problem persists with this computer.

#3 guiyak1

guiyak1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 29 March 2016 - 08:54 AM

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Melinda Yakich (2016-03-29 09:21:38) Run:1
Running from c:\Users\Melinda Yakich\Downloads
Loaded Profiles: Melinda Yakich (Available Profiles: Melinda Yakich)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
cmd: netsh winsock reset catalog
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]   <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:47574
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3767507623-1024998872-888413707-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Handler: linkscanner - No CLSID Value -
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin: @Motive.com/NpMotive,version=1.1 -> C:\Program Files\ATT\8.5.0.48\ma\bin\npMotive.dll [No File]
FF SearchPlugin: C:\Users\Melinda Yakich\AppData\Roaming\Mozilla\Firefox\Profiles\6tkynhla.default\searchplugins\yahoo-avast.xml [2016-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
S3 avchv; system32\DRIVERS\avchv.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\MELIND~1\AppData\Local\Temp\catchme.sys [X]
S3 DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; no ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; no ImagePath
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 yeddef; System32\Drivers\yeddef.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3767507623-1024998872-888413707-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{381FFDE8-2394-4F90-B10D-FC6124A40F8C} => value removed successfully.
HKCR\CLSID\{381FFDE8-2394-4F90-B10D-FC6124A40F8C} => key not found. 
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value removed successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found. 
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully.
"HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully.
Firefox DefaultSearchEngine removed successfully.
Firefox DefaultSearchEngine.US removed successfully.
Firefox SearchEngineOrder.1 removed successfully.
"HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0" => key removed successfully.
"HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.1" => key removed successfully.
C:\Users\Melinda Yakich\AppData\Roaming\Mozilla\Firefox\Profiles\6tkynhla.default\searchplugins\yahoo-avast.xml => moved successfully
C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully.
avchv => service removed successfully.
blbdrive => service removed successfully.
BTCFilterService => service removed successfully.
catchme => service removed successfully.
DSproct => service removed successfully.
IpInIp => service removed successfully.
motccgp => service removed successfully.
motccgpfl => service removed successfully.
MotDev => service removed successfully.
motmodem => service removed successfully.
MotoSwitchService => service removed successfully.
Motousbnet => service removed successfully.
motport => service removed successfully.
motusbdevice => service removed successfully.
MREMP50 => service removed successfully.
MREMP50a64 => service removed successfully.
MREMPR5 => service removed successfully.
MRENDIS5 => service removed successfully.
MRESP50 => service removed successfully.
MRESP50a64 => service removed successfully.
nvlddmkm => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
yeddef => service removed successfully.
EmptyTemp: => 452.3 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:23:28 ====


#4 guiyak1

guiyak1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 29 March 2016 - 08:56 AM

# AdwCleaner v5.015 - Logfile created 01/11/2015 at 11:27:15
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (x86)
# Username : Melinda Yakich - YAKICH
# Running from : C:\Users\Melinda Yakich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8MX8D2W\adwcleaner_5.015.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\SecTaskMan
[-] Folder Deleted : C:\Users\Melinda Yakich\AppData\Roaming\SuperEasy Software
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : SuperEasyDriverUpdater_UPDATES
[-] Task Deleted : SuperEasyDriverUpdaterRunAtStartup
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\SuperEasy Software
[-] Key Deleted : HKLM\SOFTWARE\SuperEasy Software
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1087 bytes] ##########
# AdwCleaner v5.107 - Logfile created 29/03/2016 at 09:42:53
# Updated 28/03/2016 by Xplode
# Database : 2016-03-28.2 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (x86)
# Username : Melinda Yakich - YAKICH
# Running from : C:\Users\Melinda Yakich\Desktop\adwcleaner_5.107 (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2141 bytes] - [01/11/2015 12:27:15]
C:\AdwCleaner\AdwCleaner[C2].txt - [3156 bytes] - [03/11/2015 09:33:05]
C:\AdwCleaner\AdwCleaner[C3].txt - [779 bytes] - [07/11/2015 21:15:26]
C:\AdwCleaner\AdwCleaner[C4].txt - [831 bytes] - [11/11/2015 11:52:22]
C:\AdwCleaner\AdwCleaner[C5].txt - [963 bytes] - [20/11/2015 22:06:20]
C:\AdwCleaner\AdwCleaner[C6].txt - [973 bytes] - [24/11/2015 09:57:36]
C:\AdwCleaner\AdwCleaner[C7].txt - [1222 bytes] - [22/01/2016 13:55:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [3096 bytes] - [01/11/2015 12:25:39]
C:\AdwCleaner\AdwCleaner[S2].txt - [4983 bytes] - [03/11/2015 09:30:59]
C:\AdwCleaner\AdwCleaner[S3].txt - [687 bytes] - [07/11/2015 21:13:44]
C:\AdwCleaner\AdwCleaner[S4].txt - [733 bytes] - [11/11/2015 11:50:23]
C:\AdwCleaner\AdwCleaner[S5].txt - [693 bytes] - [11/11/2015 21:48:22]
C:\AdwCleaner\AdwCleaner[S6].txt - [853 bytes] - [20/11/2015 22:05:02]
C:\AdwCleaner\AdwCleaner[S7].txt - [869 bytes] - [24/11/2015 09:56:06]
C:\AdwCleaner\AdwCleaner[S8].txt - [1094 bytes] - [22/01/2016 13:51:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3227 bytes] ##########


#5 guiyak1

guiyak1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 29 March 2016 - 08:59 AM

I didn't receive an Addition.txt file when I ran Farbar tool.  Is it because I had run the tool before and there was already a file on my computer?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 29 March 2016 - 01:57 PM

To create the file or a new version run the Farbar tool and make sure the the box to create an Addition.txt file is marked.

Post it for my review.

How is the computer running now?

#7 guiyak1

guiyak1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 29 March 2016 - 02:17 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Melinda Yakich (2016-03-29 15:13:47)
Running from C:\Users\Melinda Yakich\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) (2007-11-16 20:24:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3767507623-1024998872-888413707-500 - Administrator - Disabled)
Guest (S-1-5-21-3767507623-1024998872-888413707-501 - Limited - Disabled)
Melinda Yakich (S-1-5-21-3767507623-1024998872-888413707-1000 - Administrator - Enabled) => C:\Users\Melinda Yakich
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Reader X (10.1.16) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
AIO_Scan (Version: 100.0.206.000 - Hewlett-Packard) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
c7200_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell System Detect (HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
DELL Webcam Center (HKLM\...\DELL Webcam Center) (Version:  - )
DELL Webcam Manager (HKLM\...\DELL Webcam Manager) (Version:  - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel Driver Update Utility (HKLM\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel)
Intel® PRO Network Connections (HKLM\...\PROSetDX) (Version:  - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)
Java 8 Update 74 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3007.1 - Creative)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher 2007 Trial (HKLM\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.020 - Dell)
Mozilla Firefox 45.0 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
P@H-Protocol (HKLM\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
PC Tutor™ Learn Windows Vista™ & Office™ Deluxe (HKLM\...\{5BDCCFA2-43E0-45CD-ABE4-B05FA9FF9F2B}) (Version: 1.0.0.7 - Nova Development)
PS_AIO_02_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.5.122 - iolo technologies, LLC)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3767507623-1024998872-888413707-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Melinda Yakich\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AC9B0D6-AD0E-4957-A19E-9AC2BC8BC52E} - \MotoHelper Initial Update -> No File <==== ATTENTION
Task: {0D561F06-51B0-4927-BE94-AC369CD049C2} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {10E1D4DE-B546-47B5-B1E9-45CD8EBD6AF6} - \MotoHelper MUM -> No File <==== ATTENTION
Task: {1577C70C-AE5F-4365-A014-333F02138A60} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2550F96C-17D0-4321-82C4-354513043AC3} - \RealUpgradeScheduledTaskS-1-5-21-3767507623-1024998872-888413707-1000 -> No File <==== ATTENTION
Task: {258F2FBE-E3AA-44F5-A35D-F71C344AB6FF} - \MotoHelper Routing -> No File <==== ATTENTION
Task: {2DEFDEF1-096B-4CD8-87FD-B0F0D690D6FB} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2006-11-02] (Microsoft Corporation)
Task: {457E82E2-FFD1-4D04-BDBA-12F8380FDCD8} - \RealUpgradeLogonTaskS-1-5-21-3767507623-1024998872-888413707-1000 -> No File <==== ATTENTION
Task: {4AC1C4DF-6CED-479A-82CC-72B5B0703A87} - \User_Feed_Synchronization-{EBC216A1-20A5-4A89-9647-CB9380E2F7DE} -> No File <==== ATTENTION
Task: {5186F018-8E41-4B64-9B8C-8650D7C0BBCA} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {537A241B-CDAF-4AB9-ACE5-89E0850931F8} - \MotoHelper Update -> No File <==== ATTENTION
Task: {56882172-9650-4F3C-A977-4B2B9AC60F50} - \{FE1832DB-7F38-4AF6-9158-F31FB9499353} -> No File <==== ATTENTION
Task: {582968A6-7670-4DEE-AB71-676FCC66D984} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {58DEB9E4-4021-4643-B192-245F4215D846} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {5A337B47-1392-4661-86F7-AF28DFB1A50B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.)
Task: {5FB8BA75-00A8-4B20-A7E0-B87531ED732D} - \{22A9065F-A5F1-4808-984F-A5BA1C96DE8E} -> No File <==== ATTENTION
Task: {61F08941-D3EB-4561-9224-8DF4476671C8} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {6B7F5861-80D9-475E-B84B-6B457C0A55D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-25] (Adobe Systems Incorporated)
Task: {6C8AF363-4F38-43E4-AA3C-EF0D3DA6B2CA} - \{7756B2DE-107F-4135-B2C0-AAF7A7EECF4F} -> No File <==== ATTENTION
Task: {7B41F365-589B-4033-A01A-6B2A45202144} - \{C9A0EB22-5EA7-4DB4-A534-1F4447F88AAC} -> No File <==== ATTENTION
Task: {7C60E0A4-7974-4B2B-9BCC-E18CB71D16D2} - \{C70DA3D0-4128-439D-883A-E7B59358BF39} -> No File <==== ATTENTION
Task: {95DF0693-87CB-45CA-BE67-3D7098F549FD} - \{A83D1A09-2AD1-428E-8380-04A5ECB1C658} -> No File <==== ATTENTION
Task: {972C6516-C19B-45AB-946D-CA372ED49AD7} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {9EEAE235-954F-4A42-B678-83C7619A4DE3} - \iolo System Checkup -> No File <==== ATTENTION
Task: {A04DAD83-4204-417E-8A24-FD639663B469} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.)
Task: {A0FDF4A7-CF89-4A9C-909D-5C48B72FB969} - \HP online update program -> No File <==== ATTENTION
Task: {A2DF618D-EC70-40DA-9A7D-816315F9765B} - \Dell SupportAssistAgent AutoUpdate -> No File <==== ATTENTION
Task: {A3D2A37B-E6B7-42BF-A22A-9C2C602AA3EE} - \{34FA75F7-6577-496B-A9C2-05CCBCF651E0} -> No File <==== ATTENTION
Task: {ADE2295C-E829-439D-BD56-BF3BF873C50A} - \{1DB33587-8C23-4391-8034-ABC6D8CE4006} -> No File <==== ATTENTION
Task: {B61B791B-B803-4D9F-A333-2AE7D4B65CDA} - \{470CAF14-3A4E-422E-A3FA-15C055794316} -> No File <==== ATTENTION
Task: {B9093AC9-4232-4924-8BF0-BC3AE43FB5FB} - \Driver Booster SkipUAC (Melinda Yakich) -> No File <==== ATTENTION
Task: {C2772E26-7513-4754-A0CA-7A091916531F} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {CA042091-C252-47F5-A2CE-4E849D6F7D90} - \Java Update Scheduler -> No File <==== ATTENTION
Task: {D3D769D6-7C20-40FC-8090-0A2226864F17} - \tmpEED3 -> No File <==== ATTENTION
Task: {D8FB32C9-CAF0-43E8-B4F0-19F33852AD13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {DB7EB03F-B6F9-4034-A64F-64407FB21F16} - \{B00174A3-6718-4524-85A7-80497C2C04CB} -> No File <==== ATTENTION
Task: {E6E415F0-B9F0-48D4-B982-D047F94962B8} - \{93F188D1-0F3D-4811-8FF4-8607E2ED65E4} -> No File <==== ATTENTION
Task: {E8211F0E-8120-4481-B06D-EF080D2BE486} - \SystemToolsDailyTest_once -> No File <==== ATTENTION
Task: {F315E21F-A45D-4F6F-A153-581C26EC6D4F} - \{4D7BB092-A103-4B25-A503-C78DA09165DE} -> No File <==== ATTENTION
Task: {F83FCD8D-4459-4E32-920C-F114C5C0AB3A} - System32\Tasks\Microsoft\Windows\RestartManager\{39DC505B-5240-4464-AEB5-EA96449FB064} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {FF95411F-1F95-4E7A-855A-C96B7EE67363} - \{F7312E58-4710-4886-9BBF-2DFCF6D5DBF0} -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-03 21:20 - 2006-10-26 17:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2007-11-16 16:37 - 2006-11-13 11:07 - 00066560 _____ () C:\Windows\system32\CmdRtr.dll
2007-11-16 16:37 - 2006-11-20 14:29 - 00101376 _____ () C:\Windows\system32\APOMngr.dll
2015-11-10 16:21 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-11-10 16:21 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-03-24 09:04 - 2016-03-21 16:17 - 17541312 _____ () C:\Users\Melinda Yakich\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.197\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\3rd Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002DE10318} => ""="Sound, video and game controllers"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\secunia.com -> hxxps://secunia.com
IE trusted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3767507623-1024998872-888413707-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4789 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2016-03-19 10:07 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3767507623-1024998872-888413707-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Melinda Yakich\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ATT MAHostService => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DSBrokerService => 2
MSCONFIG\Services: QHActiveDefense => 
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Melinda Yakich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_109FB7528EE47E2F1B3F0CF25FBA19F0 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{21F9F9CD-EA74-4C89-A8DC-29652C7FA5AB}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{56F6B04E-5C1F-4979-9591-D39545EC0CA2}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{597C4CEF-DC3A-4D5A-81FE-61C362864B10}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{0A940D53-2CED-460F-BC9B-85F387784782}] => (Allow) LPort=443
FirewallRules: [{71A9B4B8-E118-4A6E-A037-75B73ECE78EE}] => (Allow) LPort=443
FirewallRules: [{A7A1B691-B051-449F-A7BB-8E6F776B191B}] => (Allow) LPort=37674
FirewallRules: [{22DCE167-2910-41F4-BD95-B8073A2109DE}] => (Allow) LPort=37674
FirewallRules: [{9F9F3E6D-9210-4C64-8338-5230F0E78BD4}] => (Allow) LPort=37675
FirewallRules: [{BA486E1D-B8B8-491C-B81A-EFE7F3FC5D5A}] => (Allow) LPort=80
FirewallRules: [{FC067F12-56DD-4FFE-B9FD-00E6845C7CCC}] => (Allow) LPort=80
FirewallRules: [{E5718B38-8996-4428-9E61-0F88C1785D04}] => (Allow) LPort=80
FirewallRules: [{BAA1E614-C173-4D6F-8042-D5D59C254407}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4BFDB8A3-A3B3-4268-B019-B79BE64951ED}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{A34F5109-5F96-4C7B-8E27-7A37BDF80CE2}C:\windows\system32\dplaysvr.exe] => (Block) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{5CA12AF6-39B1-487F-9E4C-A378051C09CD}C:\windows\system32\dplaysvr.exe] => (Block) C:\windows\system32\dplaysvr.exe
FirewallRules: [{0632A38D-9FBF-417C-9338-AE3C52EA70DB}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{5C3A586C-5E2F-4BEE-AEC1-76C7B5EED55F}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{E6579E19-73DB-40C7-A00D-DE800AE3977D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C5E68A3B-D9CF-4BB6-A53C-DC98422FC5F8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B8E9DB01-EE1A-4264-B04C-B5ED1CF012BE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{E33AB00B-C3E6-4AFC-AD98-8AA9D42F8FB9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{031A6967-E4F2-4923-B23D-2EADD5C0F0B7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{49791421-93E1-4B72-9B5C-8B9AEFFDF2B1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C96CA58B-3CD0-4B40-B6F5-63318AA6C6B4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B2BA2582-D471-4784-9293-1661D56D9CF3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{4D3E83FF-5D84-46D2-B221-E78C9A2A0FEC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{67AED310-D535-4F3D-8A4C-79D83C1F76F7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CF108998-4BD4-42B7-A73E-1FD3BA0BA0A0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{05C1569D-BC99-47DC-854F-DC3FDF563AA8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D3F7CD3A-A722-4B34-9003-01AD7C200165}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{29E08FDE-D35F-4EC8-A418-05536080F984}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{1B0874E2-E4FD-4875-A0C1-B2EA55F83125}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{647AF977-099D-4663-B686-7DFEA7BBB72F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{90D693AA-6ECF-4A37-95C9-5FFE7823D09F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1AC09D9D-9D04-4077-9877-81B17337D174}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3CD607A-25D7-4E07-BE83-949B5E722D5F}] => (Allow) C:\Users\Melinda Yakich\AppData\Local\temp\7zSEFCD.tmp\SymNRT.exe
FirewallRules: [{67AC8CB0-49A5-441F-994C-EF5F80D0D8AF}] => (Allow) C:\Users\Melinda Yakich\AppData\Local\temp\7zSEFCD.tmp\SymNRT.exe
FirewallRules: [{655495AE-27AB-4102-AB22-405B0D11FA9C}] => (Allow) C:\Users\Melinda Yakich\AppData\Local\temp\7zS7167\HPDiagnosticCoreUI.exe
FirewallRules: [{7D380A07-7F75-4405-8A16-1C5B54439BA3}] => (Allow) C:\Users\Melinda Yakich\AppData\Local\temp\7zS7167\HPDiagnosticCoreUI.exe
FirewallRules: [{B002EA20-03F7-4607-ACC9-FFD87E66BBF6}] => (Allow) C:\Users\Melinda Yakich\AppData\Local\temp\7zS15A3\HPDiagnosticCoreUI.exe
FirewallRules: [{5886E535-180F-4E2D-9ACE-57DC797CF2D6}] => (Allow) C:\Users\Melinda Yakich\AppData\Local\temp\7zS15A3\HPDiagnosticCoreUI.exe
 
==================== Restore Points =========================
 
27-03-2016 09:33:21 Installed Windows 7 Upgrade Advisor
27-03-2016 22:16:24 Windows Update
29-03-2016 09:21:39 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/29/2016 02:44:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/29/2016 09:25:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6001.18511, time stamp 0x4c6a8f6f, faulting module lexlmpm.dll_unloaded, version 0.0.0.0, time stamp 0x40408ad7, exception code 0xc0000005, fault offset 0x100012ca,
process id 0x75c, application start time 0xspoolsv.exe0.
 
Error: (03/27/2016 04:13:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/27/2016 04:13:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/27/2016 04:13:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/27/2016 04:13:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/26/2016 03:23:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1728
Start Time: 01d18793dccccb39
Termination Time: 0
 
Error: (03/26/2016 03:03:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/26/2016 03:03:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/26/2016 03:03:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/29/2016 09:44:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: qutmipc
 
Error: (03/29/2016 09:44:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing Service%%1058
 
Error: (03/29/2016 09:44:50 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Net.Msmq Listener Adaptermsmq
 
Error: (03/29/2016 09:44:12 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (03/29/2016 09:44:12 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (03/29/2016 09:42:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler2600001Restart the service
 
Error: (03/29/2016 09:42:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Google Update Service (gupdate)1
 
Error: (03/29/2016 09:42:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player Network Sharing Service1300001Restart the service
 
Error: (03/29/2016 09:42:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1
 
Error: (03/29/2016 09:42:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
 
CodeIntegrity:
===================================
  Date: 2016-03-29 15:12:19.778
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:19.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:19.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:19.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:18.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:18.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:18.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:18.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:02.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-29 15:12:02.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 43%
Total physical RAM: 3069.45 MB
Available physical RAM: 1731.63 MB
Total Virtual: 6373.1 MB
Available Virtual: 5152.52 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:189.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:1.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 58000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
When I restarted the computer, there was a notice that the Printer SubSpooler stopped working.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 30 March 2016 - 07:32 AM



When I restarted the computer, there was a notice that the Printer SubSpooler stopped working.

Error: (03/29/2016 09:25:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6001.18511, time stamp 0x4c6a8f6f, faulting module lexlmpm.dll_unloaded, version 0.0.0.0, time stamp 0x40408ad7, exception code 0xc0000005, fault offset 0x100012ca,
process id 0x75c, application start time 0xspoolsv.exe0.


The cause if faulting module lexlmpm.dll Re installl the prnter it may help solve this issue.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {0AC9B0D6-AD0E-4957-A19E-9AC2BC8BC52E} - \MotoHelper Initial Update -> No File <==== ATTENTION
Task: {0D561F06-51B0-4927-BE94-AC369CD049C2} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {10E1D4DE-B546-47B5-B1E9-45CD8EBD6AF6} - \MotoHelper MUM -> No File <==== ATTENTION
Task: {2550F96C-17D0-4321-82C4-354513043AC3} - \RealUpgradeScheduledTaskS-1-5-21-3767507623-1024998872-888413707-1000 -> No File <==== ATTENTION
Task: {258F2FBE-E3AA-44F5-A35D-F71C344AB6FF} - \MotoHelper Routing -> No File <==== ATTENTION
Task: {457E82E2-FFD1-4D04-BDBA-12F8380FDCD8} - \RealUpgradeLogonTaskS-1-5-21-3767507623-1024998872-888413707-1000 -> No File <==== ATTENTION
Task: {4AC1C4DF-6CED-479A-82CC-72B5B0703A87} - \User_Feed_Synchronization-{EBC216A1-20A5-4A89-9647-CB9380E2F7DE} -> No File <==== ATTENTION
Task: {5186F018-8E41-4B64-9B8C-8650D7C0BBCA} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {537A241B-CDAF-4AB9-ACE5-89E0850931F8} - \MotoHelper Update -> No File <==== ATTENTION
Task: {56882172-9650-4F3C-A977-4B2B9AC60F50} - \{FE1832DB-7F38-4AF6-9158-F31FB9499353} -> No File <==== ATTENTION
Task: {5FB8BA75-00A8-4B20-A7E0-B87531ED732D} - \{22A9065F-A5F1-4808-984F-A5BA1C96DE8E} -> No File <==== ATTENTION
Task: {61F08941-D3EB-4561-9224-8DF4476671C8} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {6C8AF363-4F38-43E4-AA3C-EF0D3DA6B2CA} - \{7756B2DE-107F-4135-B2C0-AAF7A7EECF4F} -> No File <==== ATTENTION
Task: {7B41F365-589B-4033-A01A-6B2A45202144} - \{C9A0EB22-5EA7-4DB4-A534-1F4447F88AAC} -> No File <==== ATTENTION
Task: {7C60E0A4-7974-4B2B-9BCC-E18CB71D16D2} - \{C70DA3D0-4128-439D-883A-E7B59358BF39} -> No File <==== ATTENTION
Task: {95DF0693-87CB-45CA-BE67-3D7098F549FD} - \{A83D1A09-2AD1-428E-8380-04A5ECB1C658} -> No File <==== ATTENTION
Task: {972C6516-C19B-45AB-946D-CA372ED49AD7} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {9EEAE235-954F-4A42-B678-83C7619A4DE3} - \iolo System Checkup -> No File <==== ATTENTION
Task: {A0FDF4A7-CF89-4A9C-909D-5C48B72FB969} - \HP online update program -> No File <==== ATTENTION
Task: {A2DF618D-EC70-40DA-9A7D-816315F9765B} - \Dell SupportAssistAgent AutoUpdate -> No File <==== ATTENTION
Task: {A3D2A37B-E6B7-42BF-A22A-9C2C602AA3EE} - \{34FA75F7-6577-496B-A9C2-05CCBCF651E0} -> No File <==== ATTENTION
Task: {ADE2295C-E829-439D-BD56-BF3BF873C50A} - \{1DB33587-8C23-4391-8034-ABC6D8CE4006} -> No File <==== ATTENTION
Task: {B61B791B-B803-4D9F-A333-2AE7D4B65CDA} - \{470CAF14-3A4E-422E-A3FA-15C055794316} -> No File <==== ATTENTION
Task: {B9093AC9-4232-4924-8BF0-BC3AE43FB5FB} - \Driver Booster SkipUAC (Melinda Yakich) -> No File <==== ATTENTION
Task: {C2772E26-7513-4754-A0CA-7A091916531F} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {CA042091-C252-47F5-A2CE-4E849D6F7D90} - \Java Update Scheduler -> No File <==== ATTENTION
Task: {D3D769D6-7C20-40FC-8090-0A2226864F17} - \tmpEED3 -> No File <==== ATTENTION
Task: {DB7EB03F-B6F9-4034-A64F-64407FB21F16} - \{B00174A3-6718-4524-85A7-80497C2C04CB} -> No File <==== ATTENTION
Task: {E6E415F0-B9F0-48D4-B982-D047F94962B8} - \{93F188D1-0F3D-4811-8FF4-8607E2ED65E4} -> No File <==== ATTENTION
Task: {E8211F0E-8120-4481-B06D-EF080D2BE486} - \SystemToolsDailyTest_once -> No File <==== ATTENTION
Task: {F315E21F-A45D-4F6F-A153-581C26EC6D4F} - \{4D7BB092-A103-4B25-A503-C78DA09165DE} -> No File <==== ATTENTION
Task: {FF95411F-1F95-4E7A-855A-C96B7EE67363} - \{F7312E58-4710-4886-9BBF-2DFCF6D5DBF0} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#9 guiyak1

guiyak1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 30 March 2016 - 08:07 AM

I didn't reinstall the printer; because when I rebooted another time, I didn't receive a print spooler error message.  If I receive the message again, I'll reinstall it.
 
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Melinda Yakich (2016-03-30 08:49:12) Run:2
Running from C:\Users\Melinda Yakich\Downloads
Loaded Profiles: Melinda Yakich (Available Profiles: Melinda Yakich)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {0AC9B0D6-AD0E-4957-A19E-9AC2BC8BC52E} - \MotoHelper Initial Update -> No File <==== ATTENTION
Task: {0D561F06-51B0-4927-BE94-AC369CD049C2} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {10E1D4DE-B546-47B5-B1E9-45CD8EBD6AF6} - \MotoHelper MUM -> No File <==== ATTENTION
Task: {2550F96C-17D0-4321-82C4-354513043AC3} - \RealUpgradeScheduledTaskS-1-5-21-3767507623-1024998872-888413707-1000 -> No File <==== ATTENTION
Task: {258F2FBE-E3AA-44F5-A35D-F71C344AB6FF} - \MotoHelper Routing -> No File <==== ATTENTION
Task: {457E82E2-FFD1-4D04-BDBA-12F8380FDCD8} - \RealUpgradeLogonTaskS-1-5-21-3767507623-1024998872-888413707-1000 -> No File <==== ATTENTION
Task: {4AC1C4DF-6CED-479A-82CC-72B5B0703A87} - \User_Feed_Synchronization-{EBC216A1-20A5-4A89-9647-CB9380E2F7DE} -> No File <==== ATTENTION
Task: {5186F018-8E41-4B64-9B8C-8650D7C0BBCA} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {537A241B-CDAF-4AB9-ACE5-89E0850931F8} - \MotoHelper Update -> No File <==== ATTENTION
Task: {56882172-9650-4F3C-A977-4B2B9AC60F50} - \{FE1832DB-7F38-4AF6-9158-F31FB9499353} -> No File <==== ATTENTION
Task: {5FB8BA75-00A8-4B20-A7E0-B87531ED732D} - \{22A9065F-A5F1-4808-984F-A5BA1C96DE8E} -> No File <==== ATTENTION
Task: {61F08941-D3EB-4561-9224-8DF4476671C8} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {6C8AF363-4F38-43E4-AA3C-EF0D3DA6B2CA} - \{7756B2DE-107F-4135-B2C0-AAF7A7EECF4F} -> No File <==== ATTENTION
Task: {7B41F365-589B-4033-A01A-6B2A45202144} - \{C9A0EB22-5EA7-4DB4-A534-1F4447F88AAC} -> No File <==== ATTENTION
Task: {7C60E0A4-7974-4B2B-9BCC-E18CB71D16D2} - \{C70DA3D0-4128-439D-883A-E7B59358BF39} -> No File <==== ATTENTION
Task: {95DF0693-87CB-45CA-BE67-3D7098F549FD} - \{A83D1A09-2AD1-428E-8380-04A5ECB1C658} -> No File <==== ATTENTION
Task: {972C6516-C19B-45AB-946D-CA372ED49AD7} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {9EEAE235-954F-4A42-B678-83C7619A4DE3} - \iolo System Checkup -> No File <==== ATTENTION
Task: {A0FDF4A7-CF89-4A9C-909D-5C48B72FB969} - \HP online update program -> No File <==== ATTENTION
Task: {A2DF618D-EC70-40DA-9A7D-816315F9765B} - \Dell SupportAssistAgent AutoUpdate -> No File <==== ATTENTION
Task: {A3D2A37B-E6B7-42BF-A22A-9C2C602AA3EE} - \{34FA75F7-6577-496B-A9C2-05CCBCF651E0} -> No File <==== ATTENTION
Task: {ADE2295C-E829-439D-BD56-BF3BF873C50A} - \{1DB33587-8C23-4391-8034-ABC6D8CE4006} -> No File <==== ATTENTION
Task: {B61B791B-B803-4D9F-A333-2AE7D4B65CDA} - \{470CAF14-3A4E-422E-A3FA-15C055794316} -> No File <==== ATTENTION
Task: {B9093AC9-4232-4924-8BF0-BC3AE43FB5FB} - \Driver Booster SkipUAC (Melinda Yakich) -> No File <==== ATTENTION
Task: {C2772E26-7513-4754-A0CA-7A091916531F} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {CA042091-C252-47F5-A2CE-4E849D6F7D90} - \Java Update Scheduler -> No File <==== ATTENTION
Task: {D3D769D6-7C20-40FC-8090-0A2226864F17} - \tmpEED3 -> No File <==== ATTENTION
Task: {DB7EB03F-B6F9-4034-A64F-64407FB21F16} - \{B00174A3-6718-4524-85A7-80497C2C04CB} -> No File <==== ATTENTION
Task: {E6E415F0-B9F0-48D4-B982-D047F94962B8} - \{93F188D1-0F3D-4811-8FF4-8607E2ED65E4} -> No File <==== ATTENTION
Task: {E8211F0E-8120-4481-B06D-EF080D2BE486} - \SystemToolsDailyTest_once -> No File <==== ATTENTION
Task: {F315E21F-A45D-4F6F-A153-581C26EC6D4F} - \{4D7BB092-A103-4B25-A503-C78DA09165DE} -> No File <==== ATTENTION
Task: {FF95411F-1F95-4E7A-855A-C96B7EE67363} - \{F7312E58-4710-4886-9BBF-2DFCF6D5DBF0} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AC9B0D6-AD0E-4957-A19E-9AC2BC8BC52E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AC9B0D6-AD0E-4957-A19E-9AC2BC8BC52E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MotoHelper Initial Update" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D561F06-51B0-4927-BE94-AC369CD049C2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D561F06-51B0-4927-BE94-AC369CD049C2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10E1D4DE-B546-47B5-B1E9-45CD8EBD6AF6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10E1D4DE-B546-47B5-B1E9-45CD8EBD6AF6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MotoHelper MUM" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2550F96C-17D0-4321-82C4-354513043AC3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2550F96C-17D0-4321-82C4-354513043AC3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-3767507623-1024998872-888413707-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{258F2FBE-E3AA-44F5-A35D-F71C344AB6FF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{258F2FBE-E3AA-44F5-A35D-F71C344AB6FF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MotoHelper Routing" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{457E82E2-FFD1-4D04-BDBA-12F8380FDCD8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{457E82E2-FFD1-4D04-BDBA-12F8380FDCD8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-3767507623-1024998872-888413707-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AC1C4DF-6CED-479A-82CC-72B5B0703A87}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AC1C4DF-6CED-479A-82CC-72B5B0703A87}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{EBC216A1-20A5-4A89-9647-CB9380E2F7DE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5186F018-8E41-4B64-9B8C-8650D7C0BBCA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5186F018-8E41-4B64-9B8C-8650D7C0BBCA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{537A241B-CDAF-4AB9-ACE5-89E0850931F8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{537A241B-CDAF-4AB9-ACE5-89E0850931F8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MotoHelper Update" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56882172-9650-4F3C-A977-4B2B9AC60F50}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56882172-9650-4F3C-A977-4B2B9AC60F50}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE1832DB-7F38-4AF6-9158-F31FB9499353}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FB8BA75-00A8-4B20-A7E0-B87531ED732D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FB8BA75-00A8-4B20-A7E0-B87531ED732D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{22A9065F-A5F1-4808-984F-A5BA1C96DE8E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61F08941-D3EB-4561-9224-8DF4476671C8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F08941-D3EB-4561-9224-8DF4476671C8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C8AF363-4F38-43E4-AA3C-EF0D3DA6B2CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C8AF363-4F38-43E4-AA3C-EF0D3DA6B2CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7756B2DE-107F-4135-B2C0-AAF7A7EECF4F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B41F365-589B-4033-A01A-6B2A45202144}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B41F365-589B-4033-A01A-6B2A45202144}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9A0EB22-5EA7-4DB4-A534-1F4447F88AAC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C60E0A4-7974-4B2B-9BCC-E18CB71D16D2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C60E0A4-7974-4B2B-9BCC-E18CB71D16D2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C70DA3D0-4128-439D-883A-E7B59358BF39}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95DF0693-87CB-45CA-BE67-3D7098F549FD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95DF0693-87CB-45CA-BE67-3D7098F549FD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A83D1A09-2AD1-428E-8380-04A5ECB1C658}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{972C6516-C19B-45AB-946D-CA372ED49AD7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{972C6516-C19B-45AB-946D-CA372ED49AD7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDDataUploadTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EEAE235-954F-4A42-B678-83C7619A4DE3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EEAE235-954F-4A42-B678-83C7619A4DE3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo System Checkup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0FDF4A7-CF89-4A9C-909D-5C48B72FB969}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0FDF4A7-CF89-4A9C-909D-5C48B72FB969}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP online update program" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2DF618D-EC70-40DA-9A7D-816315F9765B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2DF618D-EC70-40DA-9A7D-816315F9765B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3D2A37B-E6B7-42BF-A22A-9C2C602AA3EE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3D2A37B-E6B7-42BF-A22A-9C2C602AA3EE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{34FA75F7-6577-496B-A9C2-05CCBCF651E0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADE2295C-E829-439D-BD56-BF3BF873C50A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADE2295C-E829-439D-BD56-BF3BF873C50A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1DB33587-8C23-4391-8034-ABC6D8CE4006}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B61B791B-B803-4D9F-A333-2AE7D4B65CDA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B61B791B-B803-4D9F-A333-2AE7D4B65CDA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{470CAF14-3A4E-422E-A3FA-15C055794316}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9093AC9-4232-4924-8BF0-BC3AE43FB5FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9093AC9-4232-4924-8BF0-BC3AE43FB5FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Melinda Yakich)" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2772E26-7513-4754-A0CA-7A091916531F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2772E26-7513-4754-A0CA-7A091916531F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA042091-C252-47F5-A2CE-4E849D6F7D90}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA042091-C252-47F5-A2CE-4E849D6F7D90}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java Update Scheduler" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3D769D6-7C20-40FC-8090-0A2226864F17}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3D769D6-7C20-40FC-8090-0A2226864F17}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tmpEED3" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB7EB03F-B6F9-4034-A64F-64407FB21F16}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB7EB03F-B6F9-4034-A64F-64407FB21F16}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B00174A3-6718-4524-85A7-80497C2C04CB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6E415F0-B9F0-48D4-B982-D047F94962B8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6E415F0-B9F0-48D4-B982-D047F94962B8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93F188D1-0F3D-4811-8FF4-8607E2ED65E4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8211F0E-8120-4481-B06D-EF080D2BE486}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8211F0E-8120-4481-B06D-EF080D2BE486}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest_once" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F315E21F-A45D-4F6F-A153-581C26EC6D4F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F315E21F-A45D-4F6F-A153-581C26EC6D4F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4D7BB092-A103-4B25-A503-C78DA09165DE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF95411F-1F95-4E7A-855A-C96B7EE67363}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF95411F-1F95-4E7A-855A-C96B7EE67363}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F7312E58-4710-4886-9BBF-2DFCF6D5DBF0}" => key removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully..
EmptyTemp: => 411.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 08:50:05 ====


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 30 March 2016 - 08:16 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#11 guiyak1

guiyak1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 30 March 2016 - 08:17 AM

Can we please do some other scans on the computer since it has had so much use?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 30 March 2016 - 12:49 PM


Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

#13 guiyak1

guiyak1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 30 March 2016 - 03:36 PM

Scan Results:

 

C:\Users\Melinda Yakich\Downloads\ccsetup516.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 31 March 2016 - 08:26 AM

Delete the file in bold.
C:\Users\Melinda Yakich\Downloads\ccsetup516.exe

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#15 guiyak1

guiyak1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:14 AM

Posted 31 March 2016 - 01:03 PM

Done.  What scan can I do next?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users