Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help


  • Please log in to reply
16 replies to this topic

#1 weinrockl

weinrockl

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 16 April 2016 - 07:27 PM

I am helping my mother.  Her computer said it was infected and she received a pop up that directed her to a tech that was supposed to help.  She gave her credit card info and paid a few hundred dollars but the problem remains.  She has cancelled the credit card account and has given the computer to me to get cleaned properly.

 

Here are my FRST scan logs....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
Ran by janet (administrator) on JANET-PC (16-04-2016 19:15:06)
Running from C:\Users\janet\Desktop
Loaded Profiles: janet (Available Profiles: janet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_213_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-10-31] (Sun Microsystems, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] ()
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PCFixSpeed] => C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe [1299816 2014-09-16] (Crawler.com)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6497592 2012-01-04] (Yahoo! Inc.)
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [22465104 2012-02-07] (ooVoo LLC)
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncExcl] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncGreen] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncRed] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncYellow] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-08-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2014-01-13]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2014-01-13]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\Users\janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A81ADF45-373A-4314-B318-3BCA7B218324}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E3437027-43D3-402B-BE59-BC10D40B7CB5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL =
SearchScopes: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-16] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-01-13] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2014-10-25] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-31] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll => No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Related Searches -> {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -> C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll [2013-12-13] (Search Results)
BHO-x32: Search Toolbar -> {9D425283-D487-4337-BAB6-AB8354A81457} -> C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [2010-04-08] ()
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-01-13] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2014-10-25] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: ooVoo toolbar, powered by Ask.com -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03] (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-31] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-01-13] (Webroot)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [2010-04-08] ()
Toolbar: HKLM-x32 - ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03] (Ask)
Toolbar: HKLM-x32 - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll [2013-12-13] (Search Results)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-01-13] (Webroot)
Toolbar: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09] (Skype Technologies S.A.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-03-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2010-07-17] (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-01-04] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3325874579-294966629-2450865543-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\npHDPlg.dll [2009-07-20] (Hulu LLC)
FF Plugin HKU\S-1-5-21-3325874579-294966629-2450865543-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\janet\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-19] (Yahoo! Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-10-31] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-01-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)
S2 DefaultTabUpdate; "C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-03] (CyberLink Corp.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-16 19:15 - 2016-04-16 19:15 - 00035931 _____ C:\Users\janet\Desktop\FRST.txt
2016-04-16 19:14 - 2016-04-16 19:15 - 00000000 ____D C:\FRST
2016-04-16 19:14 - 2016-04-16 19:14 - 02375168 _____ (Farbar) C:\Users\janet\Desktop\FRST64.exe
2016-04-15 12:27 - 2016-04-15 12:27 - 00000206 _____ C:\Users\janet\Desktop\COMPUTER HELP.txt
2016-04-09 10:48 - 2016-04-09 14:12 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForjanet.job
2016-04-09 10:48 - 2016-04-09 10:48 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForjanet

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-16 19:14 - 2014-01-13 11:18 - 00000000 ____D C:\ProgramData\WRData
2016-04-16 19:12 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-16 19:12 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-16 19:08 - 2012-01-11 22:05 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2E946499-1C00-49AC-B6C9-37D93DD4A224}
2016-04-16 19:00 - 2014-01-17 08:55 - 00000188 _____ C:\ProgramData\HPWALog.txt
2016-04-16 18:58 - 2014-01-13 11:20 - 00000747 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2016-04-16 18:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-15 12:22 - 2013-07-14 10:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-15 11:22 - 2010-08-13 16:00 - 00000000 ____D C:\Users\janet\AppData\LocalLow\HPAppData
2016-04-15 10:53 - 2012-01-29 19:31 - 00000000 ____D C:\Users\janet\AppData\Roaming\Skype
2016-04-08 10:22 - 2013-07-14 10:53 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 10:22 - 2013-07-14 10:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 10:22 - 2012-01-30 03:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-06 08:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-02 12:11 - 2015-04-04 15:10 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-02 12:11 - 2015-04-04 15:10 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-26 10:17 - 2011-07-13 14:20 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-26 10:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-03-26 10:16 - 2009-07-14 00:13 - 00775124 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-26 09:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2012-03-23 15:41 - 2012-03-23 15:41 - 0000000 _____ () C:\Users\janet\AppData\Roaming\wklnhst.dat
2010-08-13 15:56 - 2010-08-13 15:56 - 0000000 _____ () C:\Users\janet\AppData\Local\AtStart.txt
2010-08-13 15:56 - 2010-08-13 15:56 - 0000000 _____ () C:\Users\janet\AppData\Local\DSwitch.txt
2010-08-13 15:56 - 2010-08-13 15:56 - 0000000 _____ () C:\Users\janet\AppData\Local\QSwitch.txt
2014-01-17 08:55 - 2016-04-16 19:00 - 0000188 _____ () C:\ProgramData\HPWALog.txt
2010-08-19 19:56 - 2015-01-31 16:11 - 0001653 _____ () C:\ProgramData\hpzinstall.log
2010-02-11 22:10 - 2010-02-11 22:10 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-10-31 06:05 - 2009-10-31 06:05 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-02-11 22:09 - 2010-02-11 22:09 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-10-31 05:59 - 2009-10-31 06:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-02-11 22:09 - 2010-02-11 22:09 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-02-11 22:09 - 2010-02-11 22:09 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-10-31 05:59 - 2009-10-31 05:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-10-31 06:01 - 2009-10-31 06:04 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-02-11 22:10 - 2010-02-11 22:10 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-10 13:51

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016
Ran by janet (2016-04-16 19:17:23)
Running from C:\Users\janet\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-08-13 20:55:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3325874579-294966629-2450865543-500 - Administrator - Disabled)
Guest (S-1-5-21-3325874579-294966629-2450865543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3325874579-294966629-2450865543-1002 - Limited - Enabled)
janet (S-1-5-21-3325874579-294966629-2450865543-1000 - Administrator - Enabled) => C:\Users\janet

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

24x7 Help (HKLM-x32\...\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1) (Version: 2.1.0.33 - Crawler, LLC) <==== ATTENTION
4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 9.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cash Back Assistant (HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\{644CF48B-61FE-43E4-8B2E-7EAE916B49C4}_is1) (Version: 2013.3.18.4 - BeFrugal.com)
ccc-core-static (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Casino (HKLM-x32\...\{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}) (Version: 1.0.0 - Encore)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3402 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{1747DF05-6890-440B-B094-2146F5DC50E0}) (Version: 3.0.1.64 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{3CD3B705-467B-408D-A09D-5BF61A59F088}) (Version: 1.0.1.0 - Hewlett-Packard)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\HuluDesktop) (Version: 0.9.7 - Hulu LLC)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java™ 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java™ 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.210 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Login Faster (HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\{7a42b093-e7d0-42a7-8634-26fc0400213a}) (Version: 1.0 - Login Faster)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Masque IGT Slots Little Green Men (HKLM-x32\...\{A54F806B-A2E1-4794-A7FE-365167EC67CB}) (Version: 1.0.3 - Masque Publishing)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.0.7040 - ooVoo LLC.)
ooVoo toolbar, powered by Ask.com Updater (HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
PC Fix Speed 1.2.0.25 (HKLM-x32\...\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1) (Version: 1.2.0.25 - Crawler, LLC.) <==== ATTENTION
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6622 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VisualTour Studio (HKLM-x32\...\VisualTour Studio) (Version: 5 - TRF Systems, Inc.)
VT Remote Support (HKLM-x32\...\VT Remote Support) (Version:  - TRF Systems, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.72 - Webroot)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-3325874579-294966629-2450865543-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E3369AD-A676-4CB1-9469-6711C8AF8C57} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-06] (CyberLink)
Task: {0E46328F-6F77-4169-9F7E-AFF5A276A205} - System32\Tasks\{414E82EB-286D-4549-8320-61DBDDFDC870} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {1885C240-CD3F-4BA3-81E2-F89DBF014C55} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-07] (CL)
Task: {193A701B-039E-4946-83E7-51F0A6688D60} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {24447E0E-84A5-4791-9BB0-CCBE75F35E82} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-16] (Microsoft Corporation)
Task: {565CD01B-CADF-422E-A07B-4317065486C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {58A9DA27-2ACC-42E0-AD8F-4A7C37FDFE14} - System32\Tasks\HPCeeScheduleForjanet => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {5AEB593B-F070-4421-B00B-6A75943B9AFA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {5B021276-BD8A-4B58-9F63-C86DB505C756} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {649258AD-C750-4721-AE64-4DF99AEEA9C9} - System32\Tasks\DTReg => C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {690D4B4D-CD0B-4408-ABD3-F96C9E7C3253} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-07] (CL)
Task: {6A4313D3-3381-46B4-AAC1-3063F0013FBF} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-07] (CL)
Task: {70252D01-CCB8-4E3F-9BC1-776785BDB01F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {7B4F2621-A498-43B9-9107-F4981CFCADE6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {84144070-6880-4F1C-B8E3-C05D6A2A32EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9012A958-5E47-4242-BADF-FC482A2E50E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {939C7193-6F46-4F9D-8F00-F2B3B6F9F27B} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-07] (CyberLink Corp.)
Task: {A3FFD791-68AE-41B0-A522-CF0DFEF09AFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A56BA8BC-E101-4A2E-A926-CFA88B70FB1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-03-24] (HP Inc.)
Task: {AF445ABC-49FD-450B-9F5C-DEC97A6DB898} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {BD8E10B5-B1CD-4E84-9BFC-901A0C76F5CB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {DBE80660-DE1F-4BE1-86DA-A7529CDBDB0B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {E7ECBB8E-F913-4977-BFC3-31BCFC8DDE20} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] () <==== ATTENTION
Task: {F4F84137-DDE9-4679-BF5C-9C0DA0E4E640} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Users\janet\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.18.4\BFHP.exeFC:\Users\janet\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.18.4BeFrugal.com
Task: C:\Windows\Tasks\HPCeeScheduleForjanet.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-05-24 11:49 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-28 09:56 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-10-31 06:04 - 2009-07-06 14:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-08-25 12:48 - 2009-08-25 12:48 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-08-25 21:34 - 2009-08-25 21:34 - 00015544 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2009-10-02 18:46 - 2009-10-02 18:46 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-11 21:45 - 2010-02-11 21:45 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-10-06 02:08 - 2009-10-06 02:08 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-08-20 15:35 - 2009-08-20 15:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 15:35 - 2009-08-20 15:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 15:35 - 2009-08-20 15:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-29 17:25 - 2009-09-29 17:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 17:25 - 2009-09-29 17:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 17:25 - 2009-09-29 17:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 17:25 - 2009-09-29 17:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 17:25 - 2009-09-29 17:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 17:25 - 2009-09-29 17:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 17:25 - 2009-09-29 17:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-09-29 17:25 - 2009-09-29 17:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2012-01-30 03:42 - 2012-01-04 03:47 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-01-30 03:42 - 2012-01-04 03:47 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2015-10-28 09:56 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-02-20 13:10 - 2016-02-20 13:10 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\janet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B90269A7-D67F-45C6-B14D-8F4CC0CA71CC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{D569A7F3-6736-44E8-87B2-266158797152}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{393D9951-C0CD-46BB-B3E7-3E8CF4FAF0A6}] => (Allow) svchost.exe
FirewallRules: [{147B7E7A-52F7-4843-8620-D1E0955175D9}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{BAA15C15-8990-4C55-8909-E998F52F4E50}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{60E172F0-2485-4E19-A817-1761AA7985CF}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{F6A54A58-840B-445C-9770-4D070679B939}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{DEE10502-699A-4F07-80FF-2E3F7DD272EE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9C40A8F6-D5AE-4720-BB1E-953E7021768E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{6873E2E8-F762-4397-BDE1-25395BA1A23B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{17967853-8C9C-4D32-A6D7-AC1346EDA19A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{4860C13D-7D17-4EC6-A1BF-E1846F6C672C}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{5571E014-82EA-497E-AA2E-30983390B7DB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{8572057A-38A2-4507-9320-C5C846271925}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{CABBAC16-1F2F-4B1C-ADA7-8BCAE4E4AAD0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{84C5E235-999F-43C3-9CC7-E5607B8B977D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{821495BA-C25C-4C29-B8A9-74ADA701CDF4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QP.exe
FirewallRules: [{C318D6C6-7253-4F09-BF94-B7C8A0F30A45}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\QPService.exe
FirewallRules: [{3AEF48CD-2B2D-4A1B-8F28-9A3C5F684334}] => (Allow) F:\setup\hpznui40.exe
FirewallRules: [{1849D6CE-2C08-451D-849F-77E5F608E6D7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{EED65F77-6222-42F8-A667-F3F31C70626D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{146E1BEA-0D6B-423C-99A9-27F8A59D8E4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{4DD21C6A-0B75-48AC-A5F1-FE1D396DA524}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{95938C93-4C33-4232-8889-68633C963AF8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C93BB816-AABE-4805-B682-022EB2A67D99}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B1122A31-7C36-4B0A-94AD-0F749C2619B6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{F1926EEF-EE20-49C6-919C-2D34D46CE719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{8C90099A-ADD1-41E2-AD7C-DC7F164D9C2C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BFE85330-5272-4165-AA2C-B5900BEEEFD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F3FAC727-3E7E-4F0E-A2E3-C7194A55DC4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{1A058B98-B7BC-4753-AA4E-916690F043BB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{714682C6-3A0D-4AF1-8207-2F3CB2468792}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{2DC8E71C-F67A-4365-A942-CCBBAA43A11A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{3021B324-EEE9-4067-BA50-75021D5D0D87}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{1101B00F-F4F9-4990-9A61-FBC4C8C96605}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{0F99A8C0-E9E7-492D-8A1E-910B0CCA579A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{07AAA200-AD4A-4C26-BFA5-A57BF3943236}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{53197DCA-C7C4-43E2-9B2F-55A94A21CC2C}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{DE4D6056-E59C-4D3E-9F26-B3C8C209B52B}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{1A0CF1CF-51F0-4F59-8A0C-CD59BFB973EC}] => (Allow) LPort=26675
FirewallRules: [{DF0DC6D1-5BBC-4ED2-90D7-B2FDD850195A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6D6BC89A-7D23-4B3A-9F62-D87D6F8AC4E5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0460762D-451C-456C-89B8-F14D2BF01627}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{067DEE19-5ADF-4CE3-889C-EEFA337D7CFF}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{33E457D0-BF98-4948-B18A-5B7E0AF28654}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{FFD0B8B3-60E6-4D16-ACDC-E3AACBDA8306}] => (Allow) LPort=443
FirewallRules: [{441407F1-8993-41B6-8456-EC9D10C75BBA}] => (Allow) LPort=443
FirewallRules: [{C1B19C13-61A6-42F2-9BFB-40496683305F}] => (Allow) LPort=37674
FirewallRules: [{47678EC6-EDD6-4B47-81BF-644D015012AF}] => (Allow) LPort=37674
FirewallRules: [{ABF8DF19-ECF6-41C2-BE7F-65ACCD244F71}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{B12CD17F-2FC5-4A46-9986-D758F7FA6CC7}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{F3E06DF8-432F-4E83-B346-24E60C18D88E}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{BD48BE00-2B40-400A-9527-0022B0D40818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{731481D5-B435-4300-9A24-A5FEC73F25EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{505BD326-D4B0-42A6-9C2D-C279FE111055}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1D06B533-3764-4DB8-AC58-C6F868BA75F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6FEB72F1-85C2-4C2E-83AD-59C435D99DD8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{67A994FB-EA3C-4E9D-8766-32A2A5B8A703}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{1C3F963D-0EE2-47DE-9E75-1E2F82E6AE72}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{62DE04C7-6931-422C-B15C-A638945AE0DB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4FBB3E76-172C-445D-8AC2-926F90BE9A81}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D567EF4B-5796-46C7-81B9-E85D948D24BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EA96427D-B70D-438B-A612-918EE70D0D91}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Restore Points =========================

14-03-2016 10:55:47 Windows Update
17-03-2016 11:25:47 Windows Update
26-03-2016 08:54:30 Windows Update
26-03-2016 10:09:59 Windows Update
02-04-2016 10:32:47 Windows Update
02-04-2016 12:11:08 Windows Update
06-04-2016 08:10:14 Windows Update
09-04-2016 10:45:57 Windows Update
15-04-2016 12:34:23 cubesolution
16-04-2016 19:03:23 Windows Update

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2016 07:10:48 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (04/15/2016 10:54:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (04/11/2016 10:59:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 64819195

Error: (04/11/2016 10:59:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 64819195

Error: (04/11/2016 10:59:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2016 10:59:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 64814281

Error: (04/11/2016 10:59:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 64814281

Error: (04/11/2016 10:59:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2016 10:59:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 64810756

Error: (04/11/2016 10:59:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 64810756

System errors:
=============
Error: (04/16/2016 06:59:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DefaultTabUpdate service failed to start due to the following error:
%%2

Error: (04/16/2016 06:58:53 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/16/2016 06:58:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:49:14 PM on ‎4/‎15/‎2016 was unexpected.

Error: (04/15/2016 01:30:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DefaultTabUpdate service failed to start due to the following error:
%%2

Error: (04/15/2016 01:29:32 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/15/2016 12:49:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.217.1039.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.9.0218.00

 Source Path: 4.9.0218.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (04/15/2016 12:49:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.217.1039.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.9.0218.00

 Source Path: 4.9.0218.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (04/10/2016 01:08:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DefaultTabUpdate service failed to start due to the following error:
%%2

Error: (04/10/2016 01:07:19 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/09/2016 02:27:00 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

==================== Memory info ===========================

Processor: AMD Turion™ II Dual-Core Mobile M520
Percentage of memory in use: 58%
Total physical RAM: 3836.2 MB
Available physical RAM: 1578.8 MB
Total Virtual: 7670.6 MB
Available Virtual: 4775.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.08 GB) (Free:368.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.38 GB) (Free:2.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 85DF090F)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=101 MB) - (Type=0C)

==================== End of Addition.txt ============================

 

Thanks



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 16 April 2016 - 07:30 PM

Hello and welcome to BC.

I will assist you. Please give me a chance to analyze these logs and then I will guide you.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 16 April 2016 - 10:46 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

Please try to complete the steps and reply at least every 24 hours. If you find that your delayed just post a quick reply here and let me know!! After 5 days if your topic is not replied I will assume it has been abandoned and I will close it.

I would also like to inform you that most of the analyst here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

<<<<<<<<<<

Based on your report and the log file analysis of the computer I have other recommendations.
 
In addition to changing the credit card you should advise your mother to beware of the heightened likelihood of identity theft which is far more concerning.
 
This breech has allowed access and control of her computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Since the computer is typically used for online banking, paying bills, and has credit card information & other sensitive data on it, all passwords should be changed to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
 
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.

<<<<<<<<<<<

Now having taken that into consideration lets clean and secure this computer.

I do NOT recommend that you have more than one anti virus product installed on your computer at a time.

Webroot Security and Microsoft Security Essentials

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

I assume your mother paid for Webroot so let's disable Microsoft Security Essentials.

  • Type Microsoft Security Essentials in the search bar
  • Open the application
  • Click the "Settings" tab and click "Real-Time Protection"
  • Uncheck "Turn On Real-Time Protection (Recommended)"
  • Click "Save Changes"

<<<<<<<<<<
 
Next....

We need to remove programs using "Programs and Features"

Click the Start orb on the taskbar, and then click Control Panel.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

  • 24x7 Help
  • Ask Toolbar
  • ooVoo
  • ooVoo toolbar
  • PC Fix Speed
  • Search Toolbar
  • Yahoo! BrowserPlus
  • Yahoo! Messenger
  • Yahoo! Toolbar

<<<<<<<<<<

Next...

FRST fix:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below into notepad:
start
CloseProcesses:
Task: {0E46328F-6F77-4169-9F7E-AFF5A276A205} - System32\Tasks\{414E82EB-286D-4549-8320-61DBDDFDC870} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {649258AD-C750-4721-AE64-4DF99AEEA9C9} - System32\Tasks\DTReg => C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {E7ECBB8E-F913-4977-BFC3-31BCFC8DDE20} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] () <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
SearchScopes: HKLM -> DefaultScope {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL =
SearchScopes: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL =
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-01-13] (Webroot)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [2010-04-08] ()
Toolbar: HKLM-x32 - ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03] (Ask)
Toolbar: HKLM-x32 - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll [2013-12-13] (Search Results)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-01-13] (Webroot)
Toolbar: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
EmptyTemp:
CMD: type C:\Users\janet\Desktop\COMPUTER HELP.txt
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CreateRestorePoint:
end
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.

Please copy and paste the log in your next reply.

Additional instructions can be found here if needed.

<<<<<<<<<<
 
We will begin with ComboFix.exe.
 
Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
Instructions here.

Please be patient as it will take some time for this tool to complete.
 
Please include the C:\ComboFix.txt in your next reply for further review.

A word of warning for all others reading this thread: This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum expert


<<<<<<<<<<

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and your internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart

Copy and paste the contents in your reply

<<<<<<<<<<

Next please re-boot the computer.
 
Tell me how the computer is running now. Faster boot?
 
Now open a browser. Are you able to surf to where you desire without redirection to other sites? Are you able to open numerous tabs?
 
Please inform me if you notice any concerns. I will guide you as to your next step.

Kind regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 weinrockl

weinrockl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 17 April 2016 - 05:22 PM

# AdwCleaner v5.112 - Logfile created 17/04/2016 at 14:27:55
# Updated 17/04/2016 by Xplode
# Database : 2016-04-17.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : janet - JANET-PC
# Running from : C:\Users\janet\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Users\janet\AppData\Local\Programs\BeFrugal.com
[-] Folder Deleted : C:\Users\janet\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\janet\AppData\Roaming\defaulttab
[-] Folder Deleted : C:\Users\janet\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : BeFrugal.com Toolbar

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
[-] Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F8534A9F-4F29-4FDC-9CD9-023ACF0EF9B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKCU\Software\Classes\TypeLib\{2A05A54D-0614-4EA3-B955-8814E45DCD83}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}
[-] Key Deleted : HKCU\Software\24x7help
[-] Key Deleted : HKCU\Software\BEFRUGAL
[-] Key Deleted : HKCU\Software\Default Tab
[-] Key Deleted : HKCU\Software\DefaultTab
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\24x7help
[-] Key Deleted : HKLM\SOFTWARE\Default Tab
[-] Key Deleted : HKLM\SOFTWARE\PCFixSpeed
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
[-] Key Deleted : HKU\.DEFAULT\Software\DefaultTab
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6366 bytes] - [17/04/2016 14:27:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [7157 bytes] - [17/04/2016 14:26:15]
C:\AdwCleaner\AdwCleaner[S2].txt - [7158 bytes] - [17/04/2016 14:26:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6585 bytes] ##########

 

 

ComboFix 16-04-13.01 - janet 04/17/2016  13:20:50.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2242 [GMT -5:00]
Running from: c:\users\janet\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Webroot SecureAnywhere *Disabled/Updated* {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Webroot SecureAnywhere *Disabled/Updated* {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\janet\AppData\Roaming\24x7 Help
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7_UploaderDark01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7bubble_Left.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7bubble_Right.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7bubble_X00.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7bubble_X01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7bubble_X02.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_Back00.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_PhoneIcon.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsActive.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsBack.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsHover.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7logoNew_dark01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\24x7man_dark01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\ArrowSmall.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\ArrowSmallHot.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\bubble.xml
c:\users\janet\AppData\Roaming\24x7 Help\skin\Hardware_Icon.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\HotInactiveTabLeft.bmp
c:\users\janet\AppData\Roaming\24x7 Help\skin\HotInactiveTabRight.bmp
c:\users\janet\AppData\Roaming\24x7 Help\skin\MainImg_SettingsDark01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon00_Dark01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon01_Dark01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon00_Dark01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon01_Dark01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\OK_IconGreen01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\PeriodicSystemCheckBubble.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\Phones_Icon.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\PushedInactiveTabLeft.bmp
c:\users\janet\AppData\Roaming\24x7 Help\skin\PushedInactiveTabRight.bmp
c:\users\janet\AppData\Roaming\24x7 Help\skin\Security_Icon.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\skin.xml
c:\users\janet\AppData\Roaming\24x7 Help\skin\Software_Icon.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow00.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\Warning_Icon01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\Warning_IconOrange01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\Warning_IconRed01.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\WhiteTabLeft.png
c:\users\janet\AppData\Roaming\24x7 Help\skin\WhiteTabRight.png
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\blocklist.json
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\search_ie.ico
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-17 to 2016-04-17  )))))))))))))))))))))))))))))))
.
.
2016-04-17 18:28 . 2016-04-17 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-17 04:50 . 2015-07-01 15:27 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B126C573-63AC-4D7C-AEC3-C778826AF583}\gapaengine.dll
2016-04-17 04:48 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{921763D5-B5FC-40D8-97CE-86AB5AC7A682}\mpengine.dll
2016-04-17 00:14 . 2016-04-17 17:45 -------- d-----w- C:\FRST
2016-04-15 18:48 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-04-15 18:48 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-04-15 18:48 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-04-15 18:48 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-15 18:47 . 2016-04-04 18:14 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-15 18:47 . 2016-04-04 18:02 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-15 18:47 . 2016-04-02 13:08 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-04-15 18:47 . 2016-03-23 14:02 215040 ----a-w- c:\windows\system32\aepic.dll
2016-04-15 18:47 . 2016-03-17 18:04 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-04-15 18:47 . 2016-03-17 18:04 499200 ----a-w- c:\windows\system32\devinv.dll
2016-04-15 18:47 . 2016-03-17 18:04 279040 ----a-w- c:\windows\system32\invagent.dll
2016-04-15 18:47 . 2016-03-17 18:04 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-04-15 18:45 . 2016-03-17 23:04 706280 ----a-w- c:\windows\system32\winload.efi
2016-04-15 18:44 . 2016-03-06 18:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-04-15 18:44 . 2016-03-06 18:53 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-04-15 18:44 . 2016-03-06 18:38 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-04-15 18:44 . 2016-03-06 18:38 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-04-15 18:35 . 2016-03-31 00:28 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-04-15 18:34 . 2016-03-11 18:57 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-15 18:34 . 2016-03-11 18:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-04-10 18:23 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-04-08 15:28 . 2016-04-08 15:28 26168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{8CFFA862-C909-D937-739B-54F0192BE048}-lpJSONSurveyLogic[1].js
2016-04-06 13:03 . 2016-04-06 13:03 26168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{8B4470C2-657A-E11B-4267-384EF8BF71D2}-lpJSONSurveyLogic[1].js
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-17 00:16 . 2010-10-07 01:41 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-08 15:22 . 2013-07-14 15:53 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 15:22 . 2012-01-30 08:42 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-17 22:24 . 2016-04-15 18:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-16 15:49 . 2014-05-24 17:08 642328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-02-27 17:31 . 2014-01-13 16:20 181688 ----a-w- c:\windows\SysWow64\WRusr.dll
2016-02-27 17:31 . 2014-01-13 16:20 117304 ----a-w- c:\windows\system32\WRusr.dll
2016-02-12 18:52 . 2016-03-09 17:05 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 17:05 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 17:05 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 17:05 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 17:05 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 17:05 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 17:05 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 17:05 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 17:05 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 17:05 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 17:05 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 17:05 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 17:05 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 17:05 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 17:05 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 17:05 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 17:03 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 17:03 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 17:03 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 17:03 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 17:03 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 17:03 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 17:03 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 17:03 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 17:03 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 17:03 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:54 . 2016-03-09 17:03 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 17:03 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 17:03 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 17:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 17:03 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 17:03 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 17:03 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 17:03 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 17:03 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 17:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 01:19 . 2016-03-09 17:03 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 17:03 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 17:05 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 17:05 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 17:05 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 17:05 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 17:05 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2016-01-22 06:19 . 2016-02-15 16:57 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:18 . 2016-02-15 16:59 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:18 . 2016-02-15 16:59 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:15 . 2016-02-15 16:57 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-22 06:12 . 2016-02-15 16:57 1940992 ----a-w- c:\windows\system32\authui.dll
2016-01-22 06:04 . 2016-02-15 16:59 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-01-22 06:04 . 2016-02-15 16:59 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-01-22 06:00 . 2016-02-15 16:57 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-01-22 05:59 . 2016-02-15 16:57 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-01-22 05:19 . 2016-02-15 16:57 3231232 ----a-w- c:\windows\explorer.exe
2016-01-22 05:12 . 2016-02-15 16:57 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-16 15:51 1741096 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-16 15:51 1741096 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-16 15:51 1741096 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-08-26 15544]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2016-02-27 873072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\onenotem.exe /tsr [2016-1-23 195248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/11 18:53];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14 15:22]
.
2015-04-24 c:\windows\Tasks\BeFrugal.com Toolbar.job
- c:\users\janet\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.18.4\BFHP.exe [2015-04-24 20:33]
.
2016-04-17 c:\windows\Tasks\HPCeeScheduleForjanet.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ ]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
2016-02-27 17:31 117304 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  ]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
2016-02-27 17:31 117304 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   ]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
2016-02-27 17:31 117304 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    ]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
2016-02-27 17:31 117304 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-16 15:51 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-16 15:51 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-16 15:51 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    ]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
2016-02-27 17:31 117304 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   ]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
2016-02-27 17:31 117304 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ ]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
2016-02-27 17:31 117304 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  ]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
2016-02-27 17:31 117304 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-31 171520]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-30 1340192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\janet\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-{96A25A24-2E87-4374-8A50-CC6F943FCE4D} - (no file)
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Wow6432Node-HKCU-Run-ooVoo.exe - c:\program files (x86)\ooVoo\oovoo.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3325874579-294966629-2450865543-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:52,7d,47,a8,68,7e,28,f8,c8,de,90,57,c7,c7,ce,90,40,12,75,38,4b,f4,cc,
   cd,8d,24,f7,ea,af,72,ab,49,59,ea,be,4a,86,0f,a2,e5,66,c8,cf,58,4f,26,60,c7,\
"??"=hex:6d,20,b2,2d,9a,66,ba,ca,e4,6b,43,a2,42,d8,a7,b5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2016-04-17  13:43:43 - machine was rebooted
ComboFix-quarantined-files.txt  2016-04-17 18:43
.
Pre-Run: 395,545,415,680 bytes free
Post-Run: 394,471,804,928 bytes free
.
- - End Of File - - 341B0B1B7FB0B09E07482C889D5DA47D
F74BD347B01E0EDF07DF7A13FF77C9B8
 



#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 17 April 2016 - 05:32 PM

Hello,

 

Could you please also post (copy/paste) the fixlog.txt?  It will be located at C:\FRST\Logs.

 

And please answer this.....

 

Tell me how the computer is running now. Faster boot?
 
Now open a browser. Are you able to surf to where you desire without redirection to other sites? Are you able to open numerous tabs?
 
Please inform me if you notice any concerns. I will guide you as to your next step.

 

 

Thanks


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 weinrockl

weinrockl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 18 April 2016 - 12:47 PM




Everything is running smooth and faster. we are able to open multi pages and it is still faster.




Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016
Ran by janet (2016-04-17 12:22:57) Run:1
Running from C:\Users\janet\Desktop
Loaded Profiles: janet (Available Profiles: janet)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
Task: {0E46328F-6F77-4169-9F7E-AFF5A276A205} - System32\Tasks\{414E82EB-286D-4549-8320-61DBDDFDC870} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {649258AD-C750-4721-AE64-4DF99AEEA9C9} - System32\Tasks\DTReg => C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {E7ECBB8E-F913-4977-BFC3-31BCFC8DDE20} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] () <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
SearchScopes: HKLM -> DefaultScope {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> {DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} URL =
SearchScopes: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> {FCFB7397-9DC6-4BFE-A6DF-742305250C55} URL =
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-01-13] (Webroot)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [2010-04-08] ()
Toolbar: HKLM-x32 - ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03] (Ask)
Toolbar: HKLM-x32 - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\janet\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll [2013-12-13] (Search Results)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-01-13] (Webroot)
Toolbar: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3325874579-294966629-2450865543-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
EmptyTemp:
CMD: type C:\Users\janet\Desktop\COMPUTER HELP.txt
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CreateRestorePoint:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E46328F-6F77-4169-9F7E-AFF5A276A205}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E46328F-6F77-4169-9F7E-AFF5A276A205}" => key removed successfully
C:\Windows\System32\Tasks\{414E82EB-286D-4549-8320-61DBDDFDC870} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{414E82EB-286D-4549-8320-61DBDDFDC870}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{649258AD-C750-4721-AE64-4DF99AEEA9C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{649258AD-C750-4721-AE64-4DF99AEEA9C9}" => key removed successfully
C:\Windows\System32\Tasks\DTReg => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7ECBB8E-F913-4977-BFC3-31BCFC8DDE20} => key not found.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => key not found.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found.
"HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Classes\exefile => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B}" => key removed successfully
HKCR\CLSID\{DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCFB7397-9DC6-4BFE-A6DF-742305250C55}" => key removed successfully
HKCR\CLSID\{FCFB7397-9DC6-4BFE-A6DF-742305250C55} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B}" => key removed successfully
HKCR\Wow6432Node\CLSID\{DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FCFB7397-9DC6-4BFE-A6DF-742305250C55}" => key removed successfully
HKCR\Wow6432Node\CLSID\{FCFB7397-9DC6-4BFE-A6DF-742305250C55} => key not found.
"HKU\S-1-5-21-3325874579-294966629-2450865543-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B}" => key removed successfully
HKCR\CLSID\{DA23F49F-0A92-4950-ADE2-8F1F1CA2DF6B} => key not found.
"HKU\S-1-5-21-3325874579-294966629-2450865543-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCFB7397-9DC6-4BFE-A6DF-742305250C55}" => key removed successfully
HKCR\CLSID\{FCFB7397-9DC6-4BFE-A6DF-742305250C55} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
"HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} => value removed successfully
"HKCR\Wow6432Node\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value not found.
HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} => value removed successfully
HKCR\Wow6432Node\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} => value removed successfully
"HKCR\Wow6432Node\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
"HKCR\Wow6432Node\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => key removed successfully
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-3325874579-294966629-2450865543-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.

=========  type C:\Users\janet\Desktop\COMPUTER HELP.txt =========

The system cannot find the file specified.
Error occurred while processing: C:\Users\janet\Desktop\COMPUTER.
The system cannot find the file specified.
Error occurred while processing: HELP.txt.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2602:306:352f:a7a0:10c5:b591:1956:7dcd
   Temporary IPv6 Address. . . . . . : 2602:306:352f:a7a0:dd5c:9b61:cf9:4a5d
   Link-local IPv6 Address . . . . . : fe80::10c5:b591:1956:7dcd%11
   Default Gateway . . . . . . . . . : fe80::9a2c:beff:fe28:69d9%11

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.pace.com

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : attlocal.net
   IPv6 Address. . . . . . . . . . . : 2602:306:352f:a7a0:10c5:b591:1956:7dcd
   Temporary IPv6 Address. . . . . . : 2602:306:352f:a7a0:dd5c:9b61:cf9:4a5d
   Link-local IPv6 Address . . . . . : fe80::10c5:b591:1956:7dcd%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.65
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::9a2c:beff:fe28:69d9%11
                                       192.168.1.254

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.pace.com

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {434D02BD-6E6E-4A50-BB0B-C78826F4D41D}.
Unable to cancel {C16B0FBF-1D40-4E9E-AF38-4E97285F1EBB}.
0 out of 2 jobs canceled.

========= End of CMD: =========

Restore point was successfully created.
EmptyTemp: => 435.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:29:00 ====


Edited by thcbytes, 18 April 2016 - 07:56 PM.


#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 18 April 2016 - 01:31 PM

Fantastic. Good work. :)

Let's continue.

Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.

  • Copy and paste the script below into the notepad document:
start
CloseProcesses:
CreateRestorePoint:
CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
CMD: chkdsk /f /r C:
CMD: Dism /Online /Cleanup-Image /RestoreHealth
end
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST64.exe and press the Fix button just once and wait
  • The system might reboot several times. Please be certain your computer is plugged in. Do NOT interuppt the progress. If you encounter ANY troubles please just let me know back here in this topic.
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.

Please copy and paste the log in your next reply.
 
<<<<<<<<<<

 

Next.........
 
Re-run FRST, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.

 

With your next post I will need...

 

  1. Fixlog.txt
  2. FRST.txt
  3. Addition.txt

 
Computer still running well?

 

Thanks,

thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 weinrockl

weinrockl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 19 April 2016 - 04:27 PM

I have run this all last night and today and I do not believe it is doing anything," It says fixing in progress please wait" Please advise. I have stopped in this morning rebooted, threw away the fix log and restarted but it did the exact same thing.



#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 20 April 2016 - 07:09 AM

That's okay.  Try it like this and tell me how it goes please.
 
Delete the old fixlist.txt you created if it still exists.
 
Press the windows key Windows_Logo_key.gif + r  on your keyboard at the same time. Type in notepad and press Enter.

  • Copy and paste the script below in the notepad document:
start
CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
end
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.

Please copy and paste the log in your next reply.
 
<<<<<<<<<<
 
Re-run FRST, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.
 
With your next post I will need...


  • Fixlog.txt
  • FRST.txt
  • Addition.txt

Computer still running well?
 
Thanks,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 weinrockl

weinrockl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 20 April 2016 - 02:54 PM

Everything seems to be working

thank you

Attached Files



#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 20 April 2016 - 05:22 PM

Looking good.   Your welcome.  My pleasure.

 

Just a little more to do.  Should have things wrapped up in the next couple of days.
 
This next please. :)


Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.

  • Copy and paste the script below into the notepad document:
start
CMD: chkdsk /f /r C:
end
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST64.exe and press the Fix button just once and wait
  • The system might reboot several times. Please be certain your computer is plugged in. Do NOT interuppt the progress. If you encounter ANY troubles please just let me know back here in this topic.
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.

Please copy and paste the log in your next reply.
 
<<<<<<<<<<
 
Next.........

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
  • Click on Update Now to download the current database definitions, then click the Scan Now >> but
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


<<<<<<<<<<
 
Lastly...

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • UNCHECK: Remove found threats (I don't want you to remove anything yet!!)
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Copy and paste the logfile in your reply for my review.
 
Thanks,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 weinrockl

weinrockl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 21 April 2016 - 07:17 PM

Malwarebytes anti-malware scan log text file attached

Attached Files



#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 21 April 2016 - 07:19 PM

Thanks,

 

Next...

 

ESET log after it has finished.

 

:)


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 weinrockl

weinrockl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 22 April 2016 - 08:56 AM

The small script at the top did not run finished everything else

thank youAttached File  esetlist.txt   1.63KB   2 downloads



#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 22 April 2016 - 04:59 PM

Well done.  :)

 

This next please......

  • Please download SystemLook from one of the links below and save it to your Desktop.

HERE

  • Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*setup.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

<<<<<<<<<<<

 

Next let's confirm your not hacked anymore.

Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.  Copy/paste the contents of the textbox into notepad.
 

@ echo off
echo. >> C:\Users\janet\Desktop\amihacked.txt
netstat -b -o >> C:\Users\janet\Desktop\amihacked.txt
start C:\Users\janet\Desktop\amihacked.txt

Save the file as hackcheck.bat, making sure save as type is set to " All Files ".

Save it to your desktop.

Next...

Next right click & run as admin hackcheck.bat from the desktop. Please be patient. When it has completed (1-2 mins) a text file will pop up.

Attach it in your next reply

 

Thanks,

thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users