Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ALL browsers being redirected and or "infection" pop ups


  • This topic is locked This topic is locked
7 replies to this topic

#1 resa83

resa83

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:31 PM

Posted 08 April 2016 - 02:13 PM

IE9, google chrome, firefox are all being redirected. I'm surprised this page is still here as i'm typing.

I havent used my laptop in several weeks due to charger being replaced. I had no problems what so ever until I got my new bluetooth adapter in the mail today and tried installing my new kinivo bluetooth usb adapter software. I wasnt having any problems until I put the cd in the cd drive which wouldnt work. I then went to downloads.kinivo.com to download the software and as soon as I click the download link I"m being redirected as well as pop ups coming on the screen with an 800 number telling me I have malware and to call that number. I cant close the pop up which takes over the tab. Therefore I have to close the entire tab "browser" .... I uninstalled google then uninstalled firefox and reinstalled and its doing the same thing. I'm currently using IE9....

 

LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Theresa (administrator) on THERESA-PC (08-04-2016 13:57:18)
Running from C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33K71B8H
Loaded Profiles: Theresa (Available Profiles: Theresa)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\stacsv64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe
(Agere Systems) C:\WINDOWS\System32\agr64svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
() C:\WINDOWS\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files (x86)\DNS Unlocker\dnswalters.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL4KTG0Q\adblockplusie-1.0.exe
() C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL4KTG0Q\adblockplusie-1.0.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-04-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [GoogleChromeAutoLaunch_C07AAB46D0873620680B91F0BF6C3496] => C:\Users\Theresa\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\MountPoints2: {278daf24-9554-11e5-87d5-001e68f2e2e3} - G:\.\Driver\DriverInstaller.exe -iso
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [334336 2008-01-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\SysWOW64\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Winsock: Catalog9-x64 19 C:\Windows\system32\wpclsp.dll [102912 2006-11-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{0ED92ABE-083B-405C-A6F4-4E7D4BA127B8}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{0ED92ABE-083B-405C-A6F4-4E7D4BA127B8}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{21AB3510-47DC-47D8-8BAA-220F56AECD51}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{21AB3510-47DC-47D8-8BAA-220F56AECD51}: [DhcpNameServer] 82.163.143.171

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCtDtDyD0E0FyCyBtC0B0EyD0FtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0C0CzztCyBtDtGtCtCtCtDtGtA0E0FyEtGtA0EtC0CtGtCzytC0DyCzzyC0B0BtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytA0BzzyB0FtDtG0F0C0ByBtGyE0B0DzztG0AtCzytCtG0D0DyEyC0F0CtByEtA0Bzy0A2QtN0A0LzuyE%26cr%3D394512264%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCtDtDyD0E0FyCyBtC0B0EyD0FtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0C0CzztCyBtDtGtCtCtCtDtGtA0E0FyEtGtA0EtC0CtGtCzytC0DyCzzyC0B0BtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytA0BzzyB0FtDtG0F0C0ByBtGyE0B0DzztG0AtCzytCtG0D0DyEyC0F0CtByEtA0Bzy0A2QtN0A0LzuyE%26cr%3D394512264%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BHome%2BPremium
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
SearchScopes: HKLM -> DefaultScope {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCtDtDyD0E0FyCyBtC0B0EyD0FtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0C0CzztCyBtDtGtCtCtCtDtGtA0E0FyEtGtA0EtC0CtGtCzytC0DyCzzyC0B0BtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytA0BzzyB0FtDtG0F0C0ByBtGyE0B0DzztG0AtCzytCtG0D0DyEyC0F0CtByEtA0Bzy0A2QtN0A0LzuyE%26cr%3D394512264%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCtDtDyD0E0FyCyBtC0B0EyD0FtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0C0CzztCyBtDtGtCtCtCtDtGtA0E0FyEtGtA0EtC0CtGtCzytC0DyCzzyC0B0BtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytA0BzzyB0FtDtG0F0C0ByBtGyE0B0DzztG0AtCzytCtG0D0DyEyC0F0CtByEtA0Bzy0A2QtN0A0LzuyE%26cr%3D394512264%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM-x32 -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM-x32 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> DefaultScope {CF5B6997-C513-4978-B3D4-848F215E7352} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL =
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL =
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {CF5B6997-C513-4978-B3D4-848F215E7352} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {E7733ED3-CC1D-4620-8A52-C30D779F3132} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-07] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14] (Hewlett-Packard Co.)

FireFox:
========
FF ProfilePath: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default
FF NewTab: hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_7ef9e0fb_1201_1401_20160407_US_ff_nt_
FF DefaultSearchEngine: Ask Web Search
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_7ef9e0fb_1201_1401_20160407_US_ff_sp_
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9871D8AB-B80F-458E-A887-71E0D04012E8&n=782a2ec3&ind=2016030403&p2=^BYC^xdm003^YYA^us&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2007-04-16] ()
FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\searchplugins\ask-web-search.xml [2016-03-04]
FF Extension: Amazon Assistant for Firefox - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\Extensions\abb@amazon.com.xpi [2016-04-07]
FF Extension: AdBlock Ultimate - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-03-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-07-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-01-08] [not signed]

Chrome:
=======
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR DefaultSearchURL: Default -> hxxps://www.amazon.com/websearch/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR Profile: C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-08]
CHR Extension: (Google Docs) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-08]
CHR Extension: (Google Drive) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-08]
CHR Extension: (YouTube) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-08]
CHR Extension: (Google Sheets) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-08]
CHR Extension: (Google Docs Offline) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Amazon Smart Search) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebgdicanjhnamfmdlmlbcnkgehkkmf [2016-04-08]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-08]
CHR Extension: (Gmail) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-08]
CHR HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [86016 2008-02-12] (Andrea Electronics Corporation)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-24] ()
R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-24] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [243712 2014-08-08] (QUALCOMM Incorporated)
S1 360FsFlt; system32\DRIVERS\360FsFlt.sys [X]
U1 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 13:56 - 2016-04-08 13:57 - 00000000 ____D C:\FRST
2016-04-08 13:38 - 2016-04-08 13:38 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-08 13:38 - 2016-04-08 13:38 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-08 13:37 - 2016-04-08 13:42 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-08 13:37 - 2016-04-08 13:42 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-08 13:37 - 2016-04-08 13:37 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-08 13:37 - 2016-04-08 13:37 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-07 18:34 - 2016-04-08 13:18 - 00004322 _____ C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly
2016-04-07 18:34 - 2016-04-07 18:34 - 00004198 _____ C:\Windows\System32\Tasks\DistromaticUpdater-periodic
2016-04-07 18:34 - 2016-04-07 18:34 - 00003800 _____ C:\Windows\System32\Tasks\DistromaticSearchProtect-logon
2016-04-07 18:34 - 2016-04-07 18:34 - 00003674 _____ C:\Windows\System32\Tasks\DistromaticUpdater-logon
2016-04-07 18:34 - 2016-04-07 18:34 - 00000000 ____D C:\Users\Theresa\AppData\Local\Amazon Browser Settings
2016-04-07 18:34 - 2016-04-07 18:34 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Settings
2016-04-07 18:22 - 2016-04-07 18:22 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Sun
2016-04-07 18:22 - 2016-04-07 18:22 - 00000000 ____D C:\Users\Theresa\.oracle_jre_usage
2016-04-07 18:20 - 2016-04-07 18:20 - 00121864 _____ C:\Users\Theresa\Desktop\april 4 mmm.pdf
2016-04-07 18:19 - 2016-04-07 18:19 - 19924672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-04-07 16:46 - 2016-04-07 16:46 - 00000000 ____D C:\Users\Theresa\AppData\LocalLow\Oracle
2016-04-07 16:38 - 2016-04-07 16:38 - 00022168 _____ C:\Windows\System32\Tasks\DNSWALTERS
2016-04-07 16:37 - 2016-04-07 16:51 - 00000000 ____D C:\ProgramData\cc733e60
2016-04-07 16:37 - 2016-04-07 16:38 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-04-07 16:37 - 2016-04-07 16:37 - 00003732 _____ C:\Windows\System32\Tasks\{882E5B42-3FF5-AED9-CABE-89C6B86BC055}
2016-04-07 16:37 - 2016-04-07 16:37 - 00000000 ____D C:\ProgramData\c689becb-0b51-0
2016-04-07 16:37 - 2016-04-07 16:37 - 00000000 ____D C:\ProgramData\{18ef8e49-012c-0}
2016-04-07 16:37 - 2016-04-07 16:37 - 00000000 ____D C:\ProgramData\{0466d9ec-012c-1}
2016-03-15 15:24 - 2016-03-22 19:58 - 00000000 ____D C:\Users\Theresa\Desktop\pet city
2016-03-13 15:46 - 2016-03-13 15:46 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-13 15:46 - 2016-03-13 15:46 - 00000770 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-13 15:46 - 2016-03-13 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-13 15:46 - 2016-03-13 15:46 - 00000000 ____D C:\Program Files\CCleaner
2016-03-13 15:45 - 2016-03-13 15:45 - 06837784 _____ (Piriform Ltd) C:\Users\Theresa\Downloads\ccsetup515.exe
2016-03-13 10:39 - 2016-03-13 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-13 10:39 - 2016-03-13 10:39 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-03-13 09:53 - 2016-03-13 09:53 - 00000000 ____D C:\Users\Theresa\AppData\Local\Macromedia
2016-03-13 09:53 - 2016-03-13 09:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-13 09:52 - 2016-03-13 09:52 - 00000000 ____D C:\ProgramData\McAfee
2016-03-12 19:03 - 2016-03-14 11:23 - 00000000 ____D C:\Users\Theresa\Documents\Bandicam
2016-03-12 19:03 - 2016-03-12 19:03 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\BANDISOFT
2016-03-12 18:13 - 2016-03-12 18:13 - 00000827 _____ C:\Users\Public\Desktop\Bandicam.lnk
2016-03-12 18:13 - 2016-03-12 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2016-03-12 18:13 - 2016-03-12 18:13 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2016-03-12 18:13 - 2016-03-12 18:13 - 00000000 ____D C:\Program Files (x86)\Bandicam
2016-03-12 18:12 - 2016-03-12 18:12 - 15822328 _____ (Bandisoft) C:\Users\Theresa\Downloads\bdcamsetup.exe
2016-03-12 14:48 - 2016-03-12 14:48 - 00987728 _____ (Google Inc.) C:\Users\Theresa\Downloads\ChromeSetup.exe
2016-03-12 14:27 - 2016-03-12 14:27 - 00000000 ____D C:\Users\Theresa\Documents\Add-in Express
2016-03-12 13:14 - 2016-03-12 13:14 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-12 13:13 - 2016-03-12 13:13 - 00000000 ____D C:\Users\Theresa\AppData\Local\Nico Mak Computing
2016-03-12 13:12 - 2016-03-12 14:27 - 00000000 ____D C:\ProgramData\WinZip
2016-03-12 13:12 - 2016-03-12 14:27 - 00000000 ____D C:\Program Files\WinZip
2016-03-12 12:14 - 2016-04-08 13:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-12 12:14 - 2016-04-07 18:20 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-12 12:14 - 2016-04-07 18:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-12 12:14 - 2016-04-07 18:20 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-12 12:14 - 2016-03-12 12:14 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 20:09 - 2016-03-11 20:09 - 00000000 ____D C:\ProgramData\WindowsSearch
2016-03-11 15:13 - 2016-03-11 15:13 - 00000000 ____D C:\Users\Theresa\My Downloads
2016-03-11 15:11 - 2016-03-11 15:11 - 00000000 ____D C:\ProgramData\APN
2016-03-11 14:01 - 2016-03-11 14:01 - 00000046 _____ C:\Users\Theresa\AppData\Roaming\WB.CFG
2016-03-11 13:13 - 2016-03-11 13:13 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-03-11 13:13 - 2016-03-11 13:13 - 00000000 ____D C:\ProgramData\360Quarant
2016-03-11 13:06 - 2016-03-12 13:54 - 00000000 ____D C:\Program Files (x86)\360
2016-03-11 13:05 - 2016-04-07 16:38 - 00000000 ____D C:\ProgramData\72dc971b-4a75-0
2016-03-11 13:03 - 2016-03-11 13:03 - 00000000 ____D C:\Users\Theresa\Game Downloader
2016-03-11 13:03 - 2016-03-11 13:03 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2016-03-11 13:02 - 2016-03-11 13:03 - 00000000 ____D C:\Users\Theresa\AppData\Local\Chromium
2016-03-11 13:01 - 2016-03-12 14:10 - 00000000 ____D C:\Program Files (x86)\NowUSeeItPlayer
2016-03-11 13:01 - 2016-03-11 13:01 - 00000000 ____D C:\Users\Theresa\AppData\Local\CEF
2016-03-11 13:00 - 2016-03-12 14:18 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Nico Mak Computing
2016-03-11 13:00 - 2016-03-11 15:19 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-03-11 13:00 - 2016-03-11 13:00 - 00000000 ____D C:\ProgramData\72dc971b-5853-1
2016-03-11 10:20 - 2016-03-11 12:46 - 00000632 __RSH C:\Users\Theresa\ntuser.pol
2016-03-11 04:12 - 2016-02-05 21:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-11 04:12 - 2016-02-04 10:37 - 02799616 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-11 04:11 - 2016-02-03 12:06 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-11 04:11 - 2016-02-03 12:05 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-11 04:11 - 2016-02-03 11:42 - 00848384 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-11 04:11 - 2016-02-03 11:41 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-11 04:10 - 2016-02-05 21:11 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-11 04:10 - 2016-02-05 20:59 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-11 04:10 - 2016-02-05 19:51 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-11 04:10 - 2016-02-05 19:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-11 04:10 - 2016-02-02 10:44 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-11 04:02 - 2016-02-19 16:38 - 01589376 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-11 04:02 - 2016-02-19 16:38 - 01171696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-11 04:02 - 2016-02-05 21:12 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-11 04:02 - 2016-02-05 21:12 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-11 04:02 - 2016-02-05 21:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-11 04:02 - 2016-02-05 21:11 - 00802304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-11 04:02 - 2016-02-05 21:06 - 04693952 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-11 04:02 - 2016-02-05 21:02 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-11 04:02 - 2016-02-05 21:02 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-11 04:02 - 2016-02-05 21:02 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-11 04:02 - 2016-02-05 21:01 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-11 04:02 - 2016-02-05 21:01 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-11 04:02 - 2016-02-05 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-11 04:02 - 2016-02-05 20:59 - 01067008 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-11 04:02 - 2016-02-05 19:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-11 04:02 - 2016-02-05 19:32 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-11 04:02 - 2016-02-05 19:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-11 04:02 - 2016-02-05 19:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 16:48 - 2016-03-09 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack 64bit
2016-03-09 16:48 - 2016-03-09 16:48 - 00000000 ____D C:\Program Files\Combined Community Codec Pack 64bit
2016-03-09 14:37 - 2016-02-08 20:49 - 17896448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 14:37 - 2016-02-08 20:46 - 02351104 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 14:37 - 2016-02-08 20:42 - 10938880 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 14:37 - 2016-02-08 20:41 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 14:37 - 2016-02-08 20:41 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 14:37 - 2016-02-08 20:40 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 14:37 - 2016-02-08 20:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 14:37 - 2016-02-08 20:40 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 14:37 - 2016-02-08 20:39 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 14:37 - 2016-02-08 20:39 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 14:37 - 2016-02-08 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-03-09 14:37 - 2016-02-08 20:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-03-09 14:37 - 2016-02-08 20:39 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-03-09 14:37 - 2016-02-08 19:17 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 14:37 - 2016-02-08 19:15 - 12392960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 14:37 - 2016-02-08 19:13 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 14:37 - 2016-02-08 19:12 - 09753600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 14:37 - 2016-02-08 19:12 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 14:37 - 2016-02-08 19:11 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 14:37 - 2016-02-08 19:10 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 14:37 - 2016-02-08 19:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 14:37 - 2016-02-08 19:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 14:37 - 2016-02-08 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 14:37 - 2016-02-08 19:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-03-09 14:37 - 2016-02-08 19:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 14:37 - 2016-02-08 19:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 14:37 - 2016-02-08 19:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 14:37 - 2016-02-08 19:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 14:37 - 2016-02-08 19:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 14:37 - 2016-02-08 19:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 14:37 - 2016-02-08 19:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 14:37 - 2016-02-08 19:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 14:37 - 2016-02-08 19:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-03-09 14:37 - 2016-02-08 19:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-03-09 14:37 - 2016-02-08 19:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 13:38 - 2015-11-23 23:58 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-08 13:38 - 2015-11-23 23:57 - 00000000 ____D C:\Users\Theresa\AppData\Local\Google
2016-04-08 13:37 - 2015-11-23 23:57 - 00000000 ____D C:\Users\Theresa\AppData\Local\Deployment
2016-04-08 13:20 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf
2016-04-08 13:20 - 2006-11-02 07:46 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-08 13:17 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-08 13:17 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-08 13:16 - 2015-11-24 00:26 - 00000290 _____ C:\Users\Public\Documents\hpqp.ini
2016-04-08 13:15 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-08 13:06 - 2016-02-23 14:59 - 00000000 ____D C:\Windows\Minidump
2016-04-08 13:06 - 2008-07-01 00:51 - 00000000 ____D C:\Windows\panther
2016-04-08 12:46 - 2008-07-01 04:15 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
2016-04-07 18:23 - 2016-01-07 20:28 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-07 18:22 - 2016-01-07 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-07 18:22 - 2015-11-23 23:35 - 00000000 ____D C:\Users\Theresa
2016-04-07 18:21 - 2016-01-07 20:30 - 00000000 ____D C:\ProgramData\Oracle
2016-04-07 18:21 - 2016-01-07 20:29 - 00268352 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-04-07 18:21 - 2016-01-07 20:28 - 00191552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2016-04-07 18:21 - 2016-01-07 20:28 - 00191040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2016-04-07 18:21 - 2016-01-07 20:28 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-07 16:38 - 2016-01-07 20:25 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\HpUpdate
2016-03-14 11:26 - 2016-03-06 09:38 - 00005632 _____ C:\Users\Theresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-13 15:33 - 2006-11-02 08:34 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-03-13 09:53 - 2016-03-05 20:33 - 00000000 ____D C:\Users\Theresa\AppData\Local\Adobe
2016-03-12 14:46 - 2015-11-23 23:52 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Adobe
2016-03-12 14:03 - 2006-11-02 10:42 - 00023766 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-12 14:02 - 2015-11-27 14:32 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-03-12 10:44 - 2006-11-02 10:21 - 00408856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 13:13 - 2015-11-23 23:43 - 00003668 _____ C:\Windows\System32\Tasks\ServicePlan
2016-03-11 13:00 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-11 10:20 - 2006-11-02 08:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-11 04:58 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2016-03-11 04:35 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-03-11 04:35 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-11 04:10 - 2015-11-27 15:21 - 00000000 ____D C:\Windows\system32\MRT
2016-03-11 04:04 - 2006-11-02 07:35 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-03-09 21:59 - 2016-03-05 20:14 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2015-11-27 17:12 - 2015-11-27 17:13 - 0026311 _____ () C:\Users\Theresa\AppData\Roaming\UserTile.png
2016-03-11 14:01 - 2016-03-11 14:01 - 0000046 _____ () C:\Users\Theresa\AppData\Roaming\WB.CFG
2015-11-23 23:43 - 2015-11-23 23:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\AtStart.txt
2016-03-06 09:38 - 2016-03-14 11:26 - 0005632 _____ () C:\Users\Theresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-23 23:43 - 2015-11-23 23:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\DSwitch.txt
2015-11-23 23:43 - 2015-11-23 23:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\QSwitch.txt
2016-01-16 14:13 - 2016-01-16 14:13 - 0000000 _____ () C:\Users\Theresa\AppData\Local\{667476DB-10DA-487D-AC0F-181553BD1790}
2008-07-01 03:50 - 2008-07-01 03:51 - 0000372 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-08 13:23

==================== End of FRST.txt ============================

 

 

LOG:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Theresa (2016-04-08 13:58:49)
Running from C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33K71B8H
Windows Vista ™ Home Premium Service Pack 2 (X64) (2015-11-24 05:07:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-779955071-2386261043-3181224681-500 - Administrator - Disabled)
Guest (S-1-5-21-779955071-2386261043-3181224681-501 - Limited - Disabled)
Theresa (S-1-5-21-779955071-2386261043-3181224681-1000 - Administrator - Enabled) => C:\Users\Theresa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Amazon Assistant (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.3.1025 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CyberLink DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{28C3E5E6-5ACA-408D-9A46-089C5334EC97}) (Version: 2.0.7.0 - Hewlett-Packard)
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Quick Launch Buttons 6.40 D1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D1 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP QuickTouch 1.00 D2 (HKLM\...\{1AD2F8FE-A357-4728-BDF8-B92D794CE793}) (Version: 1.0.9 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 109.9.19158 - Hewlett-Packard)
HP Total Care Advisor (HKLM-x32\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.1.3359.2635 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0102 (HKLM-x32\...\{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5893.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software  1.12.33.2 (HKLM-x32\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM-x32\...\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (x32 Version: 6.5.2719 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickPlay SlingPlayer 0.4.6 (HKLM-x32\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Serif WebPlus 10 (HKLM-x32\...\{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}) (Version: 10.1.1.036 - Serif (Europe) Ltd)
Serif WebPlus 10 Resources (HKLM-x32\...\{A869A1DA-9571-4287-B170-4A7246994C84}) (Version: 10.1.0.007 - Serif (Europe) Ltd)
Slingbox Flash Tour (HKLM-x32\...\{38EAC694-0D90-445F-8C17-8B50ADFE3162}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-779955071-2386261043-3181224681-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Theresa\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D7785D8-E7A8-4037-87EE-0FC37C9C16E7} - System32\Tasks\{882E5B42-3FF5-AED9-CABE-89C6B86BC055} => C:\Windows\system32\regsvr32.exe [2006-11-02] (Microsoft Corporation)
Task: {325EF058-9B32-46B2-B5BE-F35C856B134A} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-07] (Distromatic)
Task: {32948D50-4A3A-4DEC-83B8-45B2B7564DFB} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-07] (Distromatic)
Task: {34AC8299-16B9-4D7D-B739-E05D2D1EBB31} - System32\Tasks\DNSWALTERS => dnswalters.exe <==== ATTENTION
Task: {37A84C15-D4AB-4E62-8356-27D08F48E404} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-08] (Google Inc.)
Task: {6BC874D9-3350-40C6-ADB8-D7D550E7F36A} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-07] (Distromatic)
Task: {756F184F-2931-49B8-8B45-30786E5D67A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {86B5D03A-6CD0-470F-BA34-CC36D148DAA6} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {8EE0AFF1-9E4A-419E-866A-FAB0E681FC87} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-07] (Distromatic)
Task: {BCA54BE0-A32C-42C3-A8AE-3A4FB670E6A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {C7CEC490-8081-4AB9-A149-AFBEAE04FCF6} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {D3FD2491-65DC-4EED-9576-072ED97EAF54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-08] (Google Inc.)
Task: {E49D2F22-3F6D-443F-880C-0746B439F990} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2008-07-01 02:42 - 2008-04-24 01:51 - 00292232 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2008-07-01 02:42 - 2008-04-24 01:52 - 00112008 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
2008-07-01 04:09 - 2008-03-26 17:26 - 00341328 _____ () C:\Windows\SMINST\BLService.exe
2008-07-01 04:02 - 2007-01-09 04:25 - 00272024 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2008-07-01 02:41 - 2008-04-24 01:51 - 00074536 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\Common\MCEMediaStatus64.dll
2008-07-01 02:54 - 2007-05-16 12:43 - 00677432 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
2016-04-07 16:37 - 2016-02-28 11:46 - 00678912 _____ () C:\Program Files (x86)\DNS Unlocker\dnswalters.exe
2016-04-08 13:44 - 2016-04-08 13:44 - 04728048 _____ () C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL4KTG0Q\adblockplusie-1.0.exe
2008-07-01 02:42 - 2008-04-24 01:51 - 00259472 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-07-01 02:42 - 2008-04-24 01:51 - 00038184 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2008-07-01 02:42 - 2008-04-24 01:51 - 00120200 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2008-07-01 02:42 - 2008-04-24 01:51 - 00345384 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-07-01 04:09 - 2006-09-13 15:54 - 00081920 _____ () C:\Windows\SMINST\STString.dll
2008-07-01 04:09 - 2007-11-14 17:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2007-01-13 05:01 - 2007-01-13 05:01 - 00397312 ____R () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 05:01 - 2007-01-13 05:01 - 00475136 ____R () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\ccme_base.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2016-03-13 10:39 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-779955071-2386261043-3181224681-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
DNS Servers: 82.163.143.171 - 82.163.142.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{EE1B3FFE-129C-4CD4-9629-D1F107C6DCF8}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{161509FD-18BF-4FEA-86F9-F9DC6F7991EB}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{70C38BEE-48D0-4B9B-9144-1D356F9DB29F}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{61EC146F-F558-49BE-845B-5A8B2A0070D8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{33AEBF93-0420-49DF-9523-04D2CE3F27D5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{71FA237D-F281-4DE3-997A-380F252380AC}] => (Allow) LPort=80
FirewallRules: [{1BAD9667-7EB7-4297-B3FF-0A54777BD760}] => (Allow) LPort=80
FirewallRules: [{E384D318-9EF3-4E3D-84A3-71CA1D285DB6}] => (Allow) LPort=80
FirewallRules: [{2768E6BE-5BD2-43F8-A315-6569F054C406}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{57DB9A97-85F4-49A2-B4EB-0458BFEAE305}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{5BFE58BA-06E0-43D6-8058-E194420AE019}] => (Allow) C:\Users\Theresa\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{9A83850D-9F51-471E-8B3A-0307344DB97F}C:\program files (x86)\free torrent opener\free torrent opener.exe] => (Allow) C:\program files (x86)\free torrent opener\free torrent opener.exe
FirewallRules: [UDP Query User{6D219276-5D31-4F30-A47A-3F2AE7B57273}C:\program files (x86)\free torrent opener\free torrent opener.exe] => (Allow) C:\program files (x86)\free torrent opener\free torrent opener.exe
FirewallRules: [{FE68045A-9A2E-4D18-9C7E-BC1F19177C14}] => (Allow) C:\Users\zachary\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{CB657ECE-2F2A-4145-B51D-5D032B343A8B}] => (Allow) C:\Users\zachary\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{74161284-F602-4832-B9E8-E50D5DBC99EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DAF535A-B8A1-4CD1-8E1F-10A40A815A6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-02-2016 16:01:24 Scheduled Checkpoint
28-02-2016 14:06:52 Scheduled Checkpoint
04-03-2016 17:25:16 Windows Update
05-03-2016 04:00:26 Windows Update
05-03-2016 20:06:49 Windows Update
08-03-2016 04:00:10 Windows Update
11-03-2016 04:01:41 Windows Update
12-03-2016 13:59:21 Removed WinZip 20.0
12-03-2016 14:01:06 Removed Compatibility Pack for the 2007 Office system
12-03-2016 14:02:29 删除了 MSXML 4.0 SP3 Parser (KB2758694)
12-03-2016 14:02:59 Removed NowUSeeIt Player
12-03-2016 14:16:02 Removed Teoma Search App
12-03-2016 14:26:44 Removed WinZip 20.0
14-03-2016 11:28:21 Windows Update
17-03-2016 12:43:27 Windows Update
21-03-2016 16:53:44 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2016 01:20:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\THERESA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FSFYE80I.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (04/08/2016 01:20:15 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\THERESA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FSFYE80I.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (04/08/2016 01:20:15 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\THERESA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FSFYE80I.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (04/08/2016 01:20:15 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\THERESA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FSFYE80I.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (04/08/2016 01:19:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\THERESA\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL EXTENSION SETTINGS\PAFKBGGDMJLPGKDKCBJMHMFCDPNCADGH> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (04/08/2016 01:19:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\THERESA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FSFYE80I.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (04/08/2016 01:16:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2016 06:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 49.0.2623.87, time stamp 0x56de2043, faulting module thumbcache.dll_unloaded, version 0.0.0.0, time stamp 0x4791a787, exception code 0xc0000005, fault offset 0x74b1ada1,
process id 0xc4c, application start time 0xchrome.exe0.

Error: (04/07/2016 06:20:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 49.0.2623.87, time stamp 0x56de2043, faulting module thumbcache.dll_unloaded, version 0.0.0.0, time stamp 0x4791a787, exception code 0xc0000005, fault offset 0x74b20d9a,
process id 0xc4c, application start time 0xchrome.exe0.

Error: (04/07/2016 04:46:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 43.0.1.5828, time stamp 0x56723a12, faulting module mozglue.dll, version 43.0.1.5828, time stamp 0x56722c0b, exception code 0x80000003, fault offset 0x0000ed63,
process id 0x144c, application start time 0xplugin-container.exe0.

System errors:
=============
Error: (04/08/2016 01:18:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: QuickPlay Task Scheduler (QTS)

Error: (04/08/2016 01:15:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:09:47 PM on 4/8/2016 was unexpected.

Error: (04/08/2016 12:46:38 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%834

 Error Code: 0x80004005

 Error description: Unspecified error

 Reason: %%838

Error: (04/07/2016 06:45:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (04/07/2016 04:34:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: QuickPlay Task Scheduler (QTS)

Error: (04/07/2016 04:32:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:27:11 PM on 3/23/2016 was unexpected.

Error: (03/23/2016 07:59:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000AudioEndpointBuilder

Error: (03/22/2016 07:23:46 PM) (Source: VDS Dynamic Provider) (EventID: 10) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (03/21/2016 04:43:49 PM) (Source: VDS Dynamic Provider) (EventID: 10) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (03/20/2016 12:17:00 PM) (Source: VDS Dynamic Provider) (EventID: 10) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

CodeIntegrity:
===================================
  Date: 2016-03-12 11:01:43.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\360fsflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 11:01:43.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\360fsflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 11:01:43.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\360fsflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 11:01:43.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\360fsflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 11:01:43.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\360\Total Security\deepscan\360FsFlt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 11:01:42.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\360\Total Security\deepscan\360FsFlt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 11:01:42.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\360\Total Security\deepscan\360FsFlt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 11:01:42.464
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\360\Total Security\deepscan\360FsFlt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 12:13:48.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\360\Total Security\deepscan\360FsFlt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 12:13:48.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\360\Total Security\deepscan\360FsFlt.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 3998.27 MB
Available physical RAM: 2030.27 MB
Total Virtual: 8231.8 MB
Available Virtual: 6204.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.74 GB) (Free:136.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.14 GB) (Free:1.84 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2E3E2E3E)
Partition 1: (Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 08 April 2016 - 03:04 PM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Download attached fixlist.txt file and save it to the Desktop.    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system    Run FRST/FRST64 and press the Fix button just once and wait.  If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.  When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:31 PM

Posted 08 April 2016 - 03:46 PM

Once laptop restarted the adwcleaner file did pop up so I"m glad I went ahead and copied text, good thing I did bc it didnt save the file to the desktop... therefore I'mm posting that file first....

 

 

# AdwCleaner v5.109 - Logfile created 08/04/2016 at 15:36:57
# Updated 04/04/2016 by Xplode
# Database : 2016-04-07.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Theresa - THERESA-PC
# Running from : C:\Users\Theresa\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : Viewpoint Manager Service

***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files (x86)\Viewpoint
[#] Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\Viewpoint
[#] Folder Deleted : C:\ProgramData\Application Data\apn
[#] Folder Deleted : C:\ProgramData\Application Data\Viewpoint
[#] Folder Deleted : C:\Users\Theresa\AppData\Local\Amazon Browser Settings
[#] Folder Deleted : C:\Users\Theresa\AppData\LocalLow\HPAppData
[#] Folder Deleted : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\PConverter_dz

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [HealerCheckout.exe]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cc733e60}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\distromatic
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\MetaStream
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SmartPCFixer
[-] Key Deleted : HKLM\SOFTWARE\Viewpoint
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1

***** [ Web browsers ] *****

[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Ask Web Search,Yahoo,Bing,DuckDuckGo,Twitter");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._dzMembers_.lastActivePing", "1457812365192");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "pconverter@mindspark.com");
[-] [C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "pconverter@mindspark.com");
[-] [C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.tb.ask.com
[-] [C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6593 bytes] - [08/04/2016 15:36:57]
C:\AdwCleaner\AdwCleaner[S1].txt - [6973 bytes] - [08/04/2016 15:33:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6739 bytes] ##########

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Theresa (2016-04-08 15:22:28) Run:1
Running from C:\Users\Theresa\Desktop
Loaded Profiles: Theresa (Available Profiles: Theresa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Task: {8EE0AFF1-9E4A-419E-866A-FAB0E681FC87} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-07] (Distromatic)
Task: {6BC874D9-3350-40C6-ADB8-D7D550E7F36A} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-07] (Distromatic)
Task: {34AC8299-16B9-4D7D-B739-E05D2D1EBB31} - System32\Tasks\DNSWALTERS => dnswalters.exe <==== ATTENTION
Task: {325EF058-9B32-46B2-B5BE-F35C856B134A} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-07] (Distromatic)
Task: {32948D50-4A3A-4DEC-83B8-45B2B7564DFB} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-07] (Distromatic)
CustomCLSID: HKU\S-1-5-21-779955071-2386261043-3181224681-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Theresa\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
C:\Users\Theresa\AppData\Local\Chromium
C:\Program Files (x86)\Amazon Browser Settings
S1 360FsFlt; system32\DRIVERS\360FsFlt.sys [X]
U1 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CHR HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Amazon Smart Search) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebgdicanjhnamfmdlmlbcnkgehkkmf [2016-04-08]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-08]
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR DefaultSearchURL: Default -> hxxps://www.amazon.com/websearch/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
FF SearchPlugin: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\searchplugins\ask-web-search.xml [2016-03-04]
FF Extension: Amazon Assistant for Firefox - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\Extensions\abb@amazon.com.xpi [2016-04-07]
FF NewTab: hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_7ef9e0fb_1201_1401_20160407_US_ff_nt_
FF DefaultSearchEngine: Ask Web Search
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_7ef9e0fb_1201_1401_20160407_US_ff_sp_
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9871D8AB-B80F-458E-A887-71E0D04012E8&n=782a2ec3&ind=2016030403&p2=^BYC^xdm003^YYA^us&searchfor=
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL =
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL =
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {CF5B6997-C513-4978-B3D4-848F215E7352} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCtDtDyD0E0FyCyBtC0B0EyD0FtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0C0CzztCyBtDtGtCtCtCtDtGtA0E0FyEtGtA0EtC0CtGtCzytC0DyCzzyC0B0BtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytA0BzzyB0FtDtG0F0C0ByBtGyE0B0DzztG0AtCzytCtG0D0DyEyC0F0CtByEtA0Bzy0A2QtN0A0LzuyE%26cr%3D394512264%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCtDtDyD0E0FyCyBtC0B0EyD0FtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0C0CzztCyBtDtGtCtCtCtDtGtA0E0FyEtGtA0EtC0CtGtCzytC0DyCzzyC0B0BtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytA0BzzyB0FtDtG0F0C0ByBtGyE0B0DzztG0AtCzytCtG0D0DyEyC0F0CtByEtA0Bzy0A2QtN0A0LzuyE%26cr%3D394512264%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BHome%2BPremium
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
SearchScopes: HKLM -> DefaultScope {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCtDtDyD0E0FyCyBtC0B0EyD0FtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0C0CzztCyBtDtGtCtCtCtDtGtA0E0FyEtGtA0EtC0CtGtCzytC0DyCzzyC0B0BtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytA0BzzyB0FtDtG0F0C0ByBtGyE0B0DzztG0AtCzytCtG0D0DyEyC0F0CtByEtA0Bzy0A2QtN0A0LzuyE%26cr%3D394512264%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCtDtDyD0E0FyCyBtC0B0EyD0FtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0C0CzztCyBtDtGtCtCtCtDtGtA0E0FyEtGtA0EtC0CtGtCzytC0DyCzzyC0B0BtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytA0BzzyB0FtDtG0F0C0ByBtGyE0B0DzztG0AtCzytCtG0D0DyEyC0F0CtByEtA0Bzy0A2QtN0A0LzuyE%26cr%3D394512264%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM-x32 -> {64BFF609-2405-48DC-B7D6-BB5CBC7AA845} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKLM-x32 -> {8FF0415C-F933-4B77-B940-30B24B44A479} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> DefaultScope {CF5B6997-C513-4978-B3D4-848F215E7352} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{0ED92ABE-083B-405C-A6F4-4E7D4BA127B8}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{21AB3510-47DC-47D8-8BAA-220F56AECD51}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{21AB3510-47DC-47D8-8BAA-220F56AECD51}: [DhcpNameServer] 82.163.143.171
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [GoogleChromeAutoLaunch_C07AAB46D0873620680B91F0BF6C3496] => C:\Users\Theresa\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
C:\Program Files (x86)\NowUSeeItPlayer
C:\Program Files (x86)\DNS Unlocker
2016-04-07 16:37 - 2016-04-07 16:51 - 00000000 ____D C:\ProgramData\cc733e60
2016-04-07 16:37 - 2016-04-07 16:37 - 00000000 ____D C:\ProgramData\c689becb-0b51-0
2016-04-07 16:37 - 2016-04-07 16:37 - 00000000 ____D C:\ProgramData\{18ef8e49-012c-0}
2016-04-07 16:37 - 2016-04-07 16:37 - 00000000 ____D C:\ProgramData\{0466d9ec-012c-1}
2016-03-11 13:13 - 2016-03-11 13:13 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-03-11 13:13 - 2016-03-11 13:13 - 00000000 ____D C:\ProgramData\360Quarant
2016-03-11 13:06 - 2016-03-12 13:54 - 00000000 ____D C:\Program Files (x86)\360
2016-03-11 13:05 - 2016-04-07 16:38 - 00000000 ____D C:\ProgramData\72dc971b-4a75-0
2016-03-11 13:02 - 2016-03-11 13:03 - 00000000 ____D C:\Users\Theresa\AppData\Local\Chromium
2016-03-11 13:03 - 2016-03-11 13:03 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2016-03-11 13:00 - 2016-03-11 13:00 - 00000000 ____D C:\ProgramData\72dc971b-5853-1
FirewallRules: [{5BFE58BA-06E0-43D6-8058-E194420AE019}] => (Allow) C:\Users\Theresa\AppData\Local\Chromium\Application\chrome.exe

2016-04-07 16:38 - 2016-04-07 16:38 - 00022168 _____ C:\Windows\System32\Tasks\DNSWALTERS
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8EE0AFF1-9E4A-419E-866A-FAB0E681FC87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EE0AFF1-9E4A-419E-866A-FAB0E681FC87}" => key removed successfully
C:\Windows\System32\Tasks\DistromaticSearchProtect-logon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BC874D9-3350-40C6-ADB8-D7D550E7F36A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BC874D9-3350-40C6-ADB8-D7D550E7F36A}" => key removed successfully
C:\Windows\System32\Tasks\DistromaticUpdater-periodic => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{34AC8299-16B9-4D7D-B739-E05D2D1EBB31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34AC8299-16B9-4D7D-B739-E05D2D1EBB31}" => key removed successfully
C:\Windows\System32\Tasks\DNSWALTERS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSWALTERS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{325EF058-9B32-46B2-B5BE-F35C856B134A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{325EF058-9B32-46B2-B5BE-F35C856B134A}" => key removed successfully
C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32948D50-4A3A-4DEC-83B8-45B2B7564DFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32948D50-4A3A-4DEC-83B8-45B2B7564DFB}" => key removed successfully
C:\Windows\System32\Tasks\DistromaticUpdater-logon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon" => key removed successfully
"HKU\S-1-5-21-779955071-2386261043-3181224681-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}" => key removed successfully
C:\Users\Theresa\AppData\Local\Chromium => moved successfully
C:\Program Files (x86)\Amazon Browser Settings => moved successfully
360FsFlt => service removed successfully
eabfiltr => service removed successfully
IpInIp => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
"HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam" => key removed successfully
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebgdicanjhnamfmdlmlbcnkgehkkmf => moved successfully
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam => moved successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\searchplugins\ask-web-search.xml => moved successfully
C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\fsfye80i.default\Extensions\abb@amazon.com.xpi => moved successfully
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64BFF609-2405-48DC-B7D6-BB5CBC7AA845}" => key removed successfully
HKCR\CLSID\{64BFF609-2405-48DC-B7D6-BB5CBC7AA845} => key not found.
"HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FF0415C-F933-4B77-B940-30B24B44A479}" => key removed successfully
HKCR\CLSID\{8FF0415C-F933-4B77-B940-30B24B44A479} => key not found.
"HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF5B6997-C513-4978-B3D4-848F215E7352}" => key removed successfully
HKCR\CLSID\{CF5B6997-C513-4978-B3D4-848F215E7352} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64BFF609-2405-48DC-B7D6-BB5CBC7AA845}" => key removed successfully
HKCR\CLSID\{64BFF609-2405-48DC-B7D6-BB5CBC7AA845} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FF0415C-F933-4B77-B940-30B24B44A479}" => key removed successfully
HKCR\CLSID\{8FF0415C-F933-4B77-B940-30B24B44A479} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{64BFF609-2405-48DC-B7D6-BB5CBC7AA845}" => key removed successfully
HKCR\Wow6432Node\CLSID\{64BFF609-2405-48DC-B7D6-BB5CBC7AA845} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8FF0415C-F933-4B77-B940-30B24B44A479}" => key removed successfully
HKCR\Wow6432Node\CLSID\{8FF0415C-F933-4B77-B940-30B24B44A479} => key not found.
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0ED92ABE-083B-405C-A6F4-4E7D4BA127B8}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AB3510-47DC-47D8-8BAA-220F56AECD51}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21AB3510-47DC-47D8-8BAA-220F56AECD51}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_C07AAB46D0873620680B91F0BF6C3496 => value removed successfully
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NowUSeeIt Player => value removed successfully
C:\Program Files (x86)\NowUSeeItPlayer => moved successfully
C:\Program Files (x86)\DNS Unlocker => moved successfully
C:\ProgramData\cc733e60 => moved successfully
C:\ProgramData\c689becb-0b51-0 => moved successfully
C:\ProgramData\{18ef8e49-012c-0} => moved successfully
C:\ProgramData\{0466d9ec-012c-1} => moved successfully
C:\Windows\Tasks\360Disabled => moved successfully
C:\ProgramData\360Quarant => moved successfully
C:\Program Files (x86)\360 => moved successfully
C:\ProgramData\72dc971b-4a75-0 => moved successfully
"C:\Users\Theresa\AppData\Local\Chromium" => not found.
C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium => moved successfully
C:\ProgramData\72dc971b-5853-1 => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BFE58BA-06E0-43D6-8058-E194420AE019} => value removed successfully
"C:\Windows\System32\Tasks\DNSWALTERS" => not found.
EmptyTemp: => 130.6 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:24:08 ====



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 08 April 2016 - 03:53 PM

Download 51a46ae42d560-malwarebytes_anti_malware. MalwareBytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.


  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.


  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.


Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:04:31 PM

Posted 08 April 2016 - 04:28 PM

attached file hopefully i did that right

Attached Files



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 11 April 2016 - 07:08 AM

Things are looking great. lets do one more check for any malware leftover.

 

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 12 April 2016 - 11:13 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:31 PM

Posted 18 April 2016 - 01:45 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users