Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safe Mode works, Normal Mode freezes


  • Please log in to reply
51 replies to this topic

#1 eabear

eabear

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 15 May 2016 - 12:52 AM

All seems fine in Safe Mode.

 

Buttons freeze when I'm in Normal Mode. I left the computer on yesterday while i was out and it worked in Normal mode when I got home but not completely and I can't duplicate it.

 

So many things are wrong. Restore points were removed. Printer is off the network (Device manager shows yellow warning sign.)

Superfetch isn't running.

Mouse cursor bounces around when typing. I read I need to fix tapping but printer needs to be on network but I can't get it back on the network. Printer spool won't start.

 

Before coming here, I've run startup repair, scf /scannow, Combofix (not that I learned anything or that it fixed anything.) Malwarebytes, Norton scan, Trendmicro scan

 

I've tried msconfig no services but Microsoft, no startup items.

 

Not making any progress.

 

I was having a hard time using your link to FRST64. I kept being redirected to the home page.

 

Thanks so much for helping. Hope I did everything properly

 

.Attached File  Addition_14-05-2016_22-02-04.txt   39.96KB   3 downloads

 

Attached File  FRST_14-05-2016_22-02-04.txt   40.81KB   3 downloads



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 15 May 2016 - 01:00 AM

Hello eabear and Welcome to the BleepingComputer. :welcome:  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
    
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 15 May 2016 - 02:10 AM

Thanks  for your quick reply. I am in Safe Mode. One of the problems I had was that Norton Suite was connected and I couldn't disable it. I had tried to use Combofix and it kept saying Norton was running. I uninstalled it but I still see Norton Power Eraser in my task bar. I will uninstall Norton completely. It is scary, however. I want to install something else. Avast?

 

I did have an USB thumbdrive in the laptop the other day. I will insert it when I do a scan you say to do.

 

.



#4 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 15 May 2016 - 02:20 AM

I uninstalled Norton Suite but I still see Norton Eraser in my task bar. I installed Avast because I just was not comfortable going without antivirus. Hopefully, I won't have trouble disabling it. I do NOT see the icon in my Safe mode task bar.

 

How will I disable it? and Norton Eraser, too?

 

Thanks.

 

Do you need me to run FRST64 again?


Edited by eabear, 15 May 2016 - 02:23 AM.


#5 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 15 May 2016 - 02:33 AM

UPdate. I see the avast icon in the toolbar.



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 15 May 2016 - 02:46 AM

Don't install or uninstall software during the cleanup unless you are told to do so.

 

Trend Micro's before , which you use the software ?
Please uninstall:
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105809.aspx

 

Please Uninstall:

Avast+ Trend Micro+ Norton Eraser+Norton İnternet security+ ......... all

 

And PC restart.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 15 May 2016 - 05:06 PM

I did the online trend micro. I uninstalled all the antivirus you mentioned. I uninstalled malwarebytes, too.

 

What next?

 

Thanks.



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 15 May 2016 - 05:54 PM

Hi there,

 

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   10.24KB   12 downloads   and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 15 May 2016 - 08:22 PM

I must admit that I woke up hours ago and tried to follow your instructions in another thread. I still had problems so I'm starting from your instructions today.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016
Ran by Ellen (administrator) on ELLENPC7 (15-05-2016 18:00:40)
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen (Available Profiles: Ellen & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [186368 2009-07-13] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1966097858-2923701501-1519854093-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_Plugin.exe -update plugin
HKU\S-1-5-21-1966097858-2923701501-1519854093-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [7212 2016-05-15] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-09-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{050930CA-AF58-4114-BF3F-D7433459A5B9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2A8BD1B6-3866-4067-99B9-B74905B557EC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1966097858-2923701501-1519854093-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1966097858-2923701501-1519854093-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.usertesting.com/users/sign_in
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-05-10] (LastPass)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-05-10] (LastPass)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-05-10] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-05-10] (LastPass)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default
FF DefaultSearchEngine.US: Google
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-27] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-27] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-03-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-03-16] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\extensions\support@lastpass.com [2016-04-27]
FF Extension: ColorZilla - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2016-04-27]
FF Extension: BetterPrivacy - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-05-05]
FF Extension: PrivacySuite - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\Extensions\abine@abine.com [2016-04-27]
FF Extension: AdBlocker Ultimate - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-04-27]
FF Extension: Default Theme Engine - Personas Interactive - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\Extensions\btpersonas@brandthunder.com [2016-04-27]
FF Extension: Firebug - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\Extensions\firebug@software.joehewitt.com.xpi [2016-03-30]
FF Extension: Send to Kindle for Mozilla Firefox - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\Extensions\sendtokindle@amazon.com.xpi [2016-04-27]
FF Extension: WOT - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-27]
FF Extension: Adblock Plus - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Adblock Edge - C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-09-27] [not signed]
FF HKU\S-1-5-21-1966097858-2923701501-1519854093-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-28]
CHR Extension: (Google Docs) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-28]
CHR Extension: (Google Drive) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (YouTube) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Cast) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-26]
CHR Extension: (Google Search) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Google Sheets) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-28]
CHR Extension: (Send Link by Email or Gmail) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcgkgghkdfgfhiidfjkhmainebgmklf [2015-11-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-27] (Dropbox, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-16] (RealNetworks, Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [177696 2009-07-23] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2009-07-22] (REDC)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [17536 2007-08-03] (Sony Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-15 17:52 - 2016-05-15 17:53 - 00024357 _____ C:\Users\Ellen\Desktop\Fixlog.txt
2016-05-15 17:24 - 2016-05-15 17:25 - 00028927 _____ C:\Users\Ellen\Desktop\Addition.txt
2016-05-15 17:23 - 2016-05-15 18:00 - 00006602 _____ C:\Users\Ellen\Desktop\FRST.txt
2016-05-15 16:37 - 2016-05-15 16:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-15 16:37 - 2016-05-15 16:37 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-15 16:37 - 2016-05-15 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-15 16:37 - 2016-05-15 16:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-15 16:37 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-15 16:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-15 16:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-15 16:34 - 2016-05-15 16:34 - 22851472 _____ (Malwarebytes ) C:\Users\Ellen\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-15 16:31 - 2016-05-15 16:31 - 00001415 _____ C:\Users\Ellen\Desktop\ZHPCleanerreport2.txt
2016-05-15 16:19 - 2016-05-15 16:19 - 00002842 _____ C:\Users\Ellen\Desktop\ZHPCleaner.txt
2016-05-15 16:09 - 2016-05-15 16:09 - 00000792 _____ C:\Users\Ellen\Desktop\ZHPCleaner.lnk
2016-05-15 15:57 - 2016-05-15 16:27 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\ZHP
2016-05-15 15:56 - 2016-05-15 15:56 - 02258944 _____ C:\Users\Ellen\Desktop\ZHPCleaner.exe
2016-05-15 15:52 - 2016-05-15 15:52 - 00027466 _____ C:\Users\Ellen\Desktop\JRT.txt
2016-05-15 15:44 - 2016-05-15 15:44 - 01610816 _____ (Malwarebytes) C:\Users\Ellen\Desktop\JRT.exe
2016-05-15 15:36 - 2016-05-15 15:47 - 00000000 ____D C:\AdwCleaner
2016-05-15 15:35 - 2016-05-15 15:35 - 03651136 _____ C:\Users\Ellen\Desktop\adwcleaner_5.117.exe
2016-05-15 00:12 - 2016-05-15 14:59 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-15 00:12 - 2016-05-15 00:12 - 00307200 _____ (Secure By Design Inc.) C:\Users\Ellen\Downloads\Ninite Avast Installer.exe
2016-05-14 22:01 - 2016-05-14 22:02 - 00040914 _____ C:\Users\Ellen\Downloads\Addition.txt
2016-05-14 22:00 - 2016-05-15 18:00 - 00000000 ____D C:\FRST
2016-05-14 22:00 - 2016-05-14 22:02 - 00041790 _____ C:\Users\Ellen\Downloads\FRST.txt
2016-05-14 21:55 - 2016-05-14 21:55 - 02379776 _____ (Farbar) C:\Users\Ellen\Desktop\FRST64.exe
2016-05-14 19:45 - 2016-05-14 19:45 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-14 19:40 - 2016-05-14 19:40 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-14 19:40 - 2016-05-14 19:40 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-14 15:06 - 2016-05-14 15:06 - 00000000 _____ C:\Users\Ellen\AppData\Local\{698A76B2-76AF-42CF-96A1-6432C2348276}
2016-05-14 02:20 - 2016-05-14 02:20 - 00000000 _____ C:\Users\Ellen\AppData\Local\{5A50D6E7-0B5E-4A39-AB83-C283847FE521}
2016-05-14 01:32 - 2016-05-14 01:32 - 00544339 _____ C:\Users\Ellen\AppData\Local\census.cache
2016-05-14 01:31 - 2016-05-14 01:31 - 00161543 _____ C:\Users\Ellen\AppData\Local\ars.cache
2016-05-14 01:26 - 2016-05-14 01:26 - 00000010 _____ C:\Users\Ellen\AppData\Local\sponge.last.runtime.cache
2016-05-14 00:46 - 2016-05-14 00:46 - 00000000 ____D C:\found.003
2016-05-13 22:50 - 2016-05-15 18:00 - 03121862 _____ C:\Windows\ntbtlog.txt
2016-05-13 20:43 - 2016-05-13 20:43 - 00000000 _____ C:\Users\Ellen\AppData\Local\{3EA34FC5-B00C-44AA-8DF5-A14B83F94B10}
2016-05-13 20:35 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-13 20:35 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-13 20:35 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-13 20:35 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-13 20:35 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-13 20:35 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-13 20:35 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-13 20:35 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-13 19:41 - 2016-05-14 15:35 - 00000000 ____D C:\Qoobox
2016-05-13 19:41 - 2016-05-14 02:44 - 00000000 ____D C:\Windows\erdnt
2016-05-13 15:31 - 2016-05-13 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-13 01:36 - 2016-05-13 01:36 - 00704672 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ellen\Downloads\autoruns.exe
2016-05-13 01:03 - 2016-05-13 01:12 - 00220056 ____N C:\Windows\hpoins35.dat.temp
2016-05-13 01:03 - 2010-01-30 06:51 - 00000778 ____N C:\Windows\hpomdl35.dat.temp
2016-05-13 00:57 - 2016-05-13 00:58 - 247072992 _____ C:\Users\Ellen\Downloads\PS_AIO_05_C309a_Net_Full_Win_WW_140_047-4.exe
2016-05-12 23:17 - 2016-05-12 23:17 - 02072840 _____ C:\Users\Ellen\Documents\systinfo5-12.txt
2016-05-12 17:59 - 2016-05-12 17:59 - 00000000 _____ C:\Users\Ellen\AppData\Local\{9C2FA71D-8723-4B37-A661-D2B79B4B073B}
2016-05-12 15:47 - 2016-05-12 15:47 - 00000000 _____ C:\Users\Ellen\AppData\Local\{87A5F4B7-1487-4451-AE49-D678261B05A6}
2016-05-12 02:59 - 2016-05-12 02:59 - 00000000 _____ C:\Users\Ellen\AppData\Local\{41627DFB-4EB5-446E-B786-70E227E06AF9}
2016-05-12 02:52 - 2016-05-12 02:52 - 00262144 _____ C:\Windows\Minidump\051216-71058-01.dmp
2016-05-12 02:50 - 2016-05-12 02:50 - 00000000 ____D C:\found.002
2016-05-12 02:28 - 2016-05-12 02:28 - 00000000 ____D C:\found.001
2016-05-12 00:46 - 2016-05-12 00:46 - 00000000 _____ C:\Users\Ellen\AppData\Local\{79511514-CD4F-4B40-A473-4252B1B1722F}
2016-05-11 20:56 - 2016-05-11 20:56 - 07563568 _____ C:\Users\Ellen\Downloads\SOAOTH-70192851-US.EXE
2016-05-11 20:39 - 2016-05-11 20:39 - 00667536 _____ (PC Drivers HeadQuarters LP) C:\Users\Ellen\Downloads\DriverSupport.exe
2016-05-11 19:34 - 2016-05-11 19:34 - 00347816 _____ (Microsoft Corporation) C:\Users\Ellen\Downloads\MicrosoftFixit.Devices.RNP.Run(1).exe
2016-05-11 19:33 - 2016-05-11 19:33 - 00347816 _____ (Microsoft Corporation) C:\Users\Ellen\Downloads\MicrosoftFixit.Devices.RNP.Run.exe
2016-05-10 23:57 - 2016-05-10 23:57 - 04596296 _____ (UltimateOutsider) C:\Users\Ellen\Downloads\GWX_control_panel.exe
2016-05-10 23:42 - 2016-05-15 15:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-10 23:42 - 2016-05-10 23:42 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-10 23:42 - 2016-05-10 23:42 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-10 22:18 - 2016-05-10 22:18 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\LastPass
2016-05-10 02:04 - 2016-05-10 02:04 - 00016648 ____N C:\bootsqm.dat
2016-05-09 23:24 - 2016-05-12 02:51 - 405363438 _____ C:\Windows\MEMORY.DMP
2016-05-09 23:24 - 2016-05-09 23:24 - 00262144 _____ C:\Windows\Minidump\050916-27112-01.dmp
2016-05-08 15:37 - 2016-05-08 15:37 - 00354451 _____ C:\Users\Ellen\Downloads\Albany
2016-04-28 22:52 - 2016-04-28 22:53 - 06882192 _____ (Piriform Ltd) C:\Users\Ellen\Downloads\ccsetup517.exe
2016-04-28 22:13 - 2016-04-28 22:13 - 00242160 _____ C:\Users\Ellen\Downloads\Firefox Setup Stub 46.0.exe
2016-04-28 17:48 - 2016-04-28 17:49 - 00640424 _____ (Comcast Corporation) C:\Users\Ellen\Downloads\xfinitymasterinstaller_constantguard.exe
2016-04-28 16:28 - 2016-05-01 00:47 - 00003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1966097858-2923701501-1519854093-1000
2016-04-27 20:48 - 2016-04-27 20:48 - 97236827 _____ C:\Users\Ellen\Documents\Firefox 43.0.1 (x86 en-US) - 2016-04-27.pcv
2016-04-26 02:37 - 2016-04-26 02:50 - 00018944 _____ C:\Users\Ellen\Documents\AARP Drug price 4-2016.xls
2016-04-22 01:15 - 2016-04-22 01:15 - 00022518 _____ C:\Users\Ellen\Documents\aarp rx fo May 2016 Mike.pdf
2016-04-22 01:05 - 2016-04-22 01:05 - 00022436 _____ C:\Users\Ellen\Documents\AARP RX for May 2016.pdf
2016-04-18 22:26 - 2016-04-18 22:26 - 00118342 _____ C:\Users\Ellen\Documents\Recipe - Oatmeal Cake.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-15 17:55 - 2015-09-27 14:56 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-15 17:55 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-15 17:52 - 2015-10-12 17:26 - 00000000 ____D C:\Users\Ellen\AppData\LocalLow\Temp
2016-05-15 17:46 - 2015-09-27 15:00 - 00000000 ____D C:\Users\Ellen\AppData\LocalLow\LastPass
2016-05-15 17:22 - 2014-11-09 17:48 - 00000000 ____D C:\Users\Ellen
2016-05-15 16:51 - 2015-12-12 17:39 - 00000000 ____D C:\Users\Ellen\AppData\Local\CrashDumps
2016-05-15 00:14 - 2015-12-06 00:17 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-14 20:44 - 2015-12-25 23:00 - 00000000 ____D C:\Users\Ellen\AppData\Local\ElevatedDiagnostics
2016-05-14 20:32 - 2015-09-27 19:57 - 00220141 _____ C:\Windows\hpoins35.dat
2016-05-14 20:02 - 2015-09-27 14:56 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-14 19:45 - 2014-11-10 00:37 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-14 19:45 - 2014-11-10 00:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-14 19:45 - 2014-11-10 00:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-14 19:01 - 2015-09-20 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-05-14 15:33 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-05-14 01:53 - 2009-07-13 22:08 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-14 01:35 - 2015-10-12 17:22 - 00000000 ___RD C:\Users\Ellen\Dropbox
2016-05-14 00:25 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-14 00:23 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-13 20:22 - 2015-12-06 00:17 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-05-13 20:10 - 2009-07-13 19:34 - 00000438 _____ C:\Windows\win.ini
2016-05-13 19:24 - 2014-11-09 17:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 18:43 - 2016-02-02 22:13 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-13 16:45 - 2016-04-04 16:12 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEllen
2016-05-13 16:45 - 2016-04-04 16:12 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForEllen.job
2016-05-13 15:31 - 2015-09-27 14:56 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-13 14:56 - 2015-12-26 01:16 - 00000000 ____D C:\Windows\pss
2016-05-13 01:17 - 2014-10-25 03:40 - 00000000 ___RD C:\Users\Ellen\Documents\Dropbox
2016-05-13 01:00 - 2014-10-25 03:14 - 00024290 _____ C:\Users\Ellen\Documents\Computer Journal.odt
2016-05-12 16:39 - 2016-02-29 01:48 - 00000000 ____D C:\Users\Administrator
2016-05-12 16:25 - 2014-11-09 17:14 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 16:25 - 2014-11-09 17:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 16:19 - 2014-11-09 17:13 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-12 16:19 - 2014-11-09 17:13 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-12 16:19 - 2014-11-09 17:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-12 02:52 - 2015-10-08 18:52 - 00000000 ____D C:\Windows\Minidump
2016-05-11 21:08 - 2015-10-10 23:25 - 00000000 ____D C:\Program Files (x86)\Sony
2016-05-11 21:08 - 2014-11-09 23:54 - 00000021 _____ C:\Windows\Model.txt
2016-05-11 01:01 - 2015-09-28 19:28 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\vlc
2016-05-11 00:56 - 2009-07-13 22:13 - 00006178 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-10 22:45 - 2015-09-27 14:59 - 00000000 ____D C:\Program Files (x86)\LastPass
2016-05-10 02:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-05-09 15:42 - 2015-09-28 00:07 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\stickies
2016-05-08 17:03 - 2015-09-28 17:02 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\CoreFTP
2016-05-06 22:42 - 2015-09-27 23:51 - 00000000 ____D C:\ProgramData\Oracle
2016-05-06 22:34 - 2015-09-28 00:00 - 00000000 ____D C:\Users\Ellen\.oracle_jre_usage
2016-05-06 17:34 - 2014-11-10 00:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-06 17:34 - 2014-11-10 00:29 - 00000000 ____D C:\Users\Ellen\AppData\Local\Adobe
2016-05-02 03:19 - 2015-09-28 00:17 - 00000000 ____D C:\Users\Ellen\Documents\UserTesting
2016-05-02 02:19 - 2015-09-27 15:43 - 00000000 ____D C:\Users\Ellen\AppData\Local\UserTestingPlugin
2016-05-01 00:47 - 2016-03-30 21:27 - 00003384 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1966097858-2923701501-1519854093-1000
2016-05-01 00:47 - 2016-03-16 14:43 - 00003426 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2016-05-01 00:47 - 2016-03-16 14:42 - 00003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1966097858-2923701501-1519854093-1000
2016-05-01 00:47 - 2016-03-16 14:42 - 00003230 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1966097858-2923701501-1519854093-1000
2016-05-01 00:47 - 2016-03-13 04:13 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1966097858-2923701501-1519854093-1000
2016-04-28 22:55 - 2015-11-26 00:58 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-27 16:19 - 2015-09-29 00:49 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\IrfanView
2016-04-27 16:19 - 2015-09-27 20:43 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\TeraCopy
2016-04-27 16:19 - 2015-09-27 19:42 - 00000000 ____D C:\Users\Ellen\AppData\Local\Hewlett-Packard
2016-04-27 16:19 - 2015-09-27 19:27 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-04-27 16:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-04-27 02:50 - 2016-03-13 04:12 - 00000000 ____D C:\ProgramData\Real
2016-04-27 02:50 - 2014-11-09 17:12 - 00000000 ____D C:\Users\Ellen\AppData\Local\Google
2016-04-27 02:50 - 2011-04-12 01:28 - 00000000 ___RD C:\Users\Public\Recorded TV

==================== Files in the root of some directories =======

2015-09-27 15:00 - 2015-09-27 15:01 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-09-27 17:13 - 1997-08-19 00:00 - 0000002 _____ () C:\Users\Ellen\AppData\Roaming\Microsoft\ArtGalry.cag
2016-05-14 01:31 - 2016-05-14 01:31 - 0161543 _____ () C:\Users\Ellen\AppData\Local\ars.cache
2016-05-14 01:32 - 2016-05-14 01:32 - 0544339 _____ () C:\Users\Ellen\AppData\Local\census.cache
2016-05-14 01:26 - 2016-05-14 01:26 - 0000010 _____ () C:\Users\Ellen\AppData\Local\sponge.last.runtime.cache
2016-05-13 20:43 - 2016-05-13 20:43 - 0000000 _____ () C:\Users\Ellen\AppData\Local\{3EA34FC5-B00C-44AA-8DF5-A14B83F94B10}
2016-05-12 02:59 - 2016-05-12 02:59 - 0000000 _____ () C:\Users\Ellen\AppData\Local\{41627DFB-4EB5-446E-B786-70E227E06AF9}
2016-05-14 02:20 - 2016-05-14 02:20 - 0000000 _____ () C:\Users\Ellen\AppData\Local\{5A50D6E7-0B5E-4A39-AB83-C283847FE521}
2016-05-14 15:06 - 2016-05-14 15:06 - 0000000 _____ () C:\Users\Ellen\AppData\Local\{698A76B2-76AF-42CF-96A1-6432C2348276}
2016-05-12 00:46 - 2016-05-12 00:46 - 0000000 _____ () C:\Users\Ellen\AppData\Local\{79511514-CD4F-4B40-A473-4252B1B1722F}
2016-05-12 15:47 - 2016-05-12 15:47 - 0000000 _____ () C:\Users\Ellen\AppData\Local\{87A5F4B7-1487-4451-AE49-D678261B05A6}
2016-05-12 17:59 - 2016-05-12 17:59 - 0000000 _____ () C:\Users\Ellen\AppData\Local\{9C2FA71D-8723-4B37-A661-D2B79B4B073B}
2015-09-27 19:57 - 2016-05-14 20:32 - 0002882 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Ellen\SyncToy_b1c0b5bd-7b76-4f2e-a4d3-3e5445ea0d03.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-09 18:40

==================== End of FRST.txt ============================

 

I ran the scan but didn't click Fix but here's the log.


Edited by eabear, 15 May 2016 - 09:18 PM.


#10 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 15 May 2016 - 08:31 PM

# AdwCleaner v5.117 - Logfile created 15/05/2016 at 18:24:04
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Ellen - ELLENPC7
# Running from : C:\Users\Ellen\Desktop\adwcleaner_5.117.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7212 bytes] - [15/05/2016 15:47:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [6877 bytes] - [15/05/2016 15:36:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [786 bytes] - [15/05/2016 18:24:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [858 bytes] ##########
 



#11 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 15 May 2016 - 09:05 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x64
Ran by Ellen (Limited) on Sun 05/15/2016 at 18:32:33.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\Ellen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\645V1JTC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ellen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5VDSHJA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ellen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6JM31FM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ellen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1FFP994 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\645V1JTC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5VDSHJA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6JM31FM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1FFP994 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/15/2016 at 18:33:40.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 16 May 2016 - 12:55 AM

I tried to start the computer normally. A Windows installer started to open. then I got the blue screen.



#13 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 16 May 2016 - 01:03 AM

I do not know how to attach the .dmp file. If you want it, please let me know.

 

Thanks.



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 16 May 2016 - 01:29 PM

Should this process  do so again.Please read the following instructions well. And FRST fixlist run

 

Step 1:
 FRST Script:
 Please download this attached  txt.gif  Fixlist.txt   10.24KB   2 downloads   and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 eabear

eabear
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:26 AM

Posted 16 May 2016 - 05:37 PM

HI,

Here is the file

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016
Ran by Ellen (2016-05-16 15:31:44) Run:2
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen (Available Profiles: Ellen & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {10476D91-BDB1-4F9E-BA1B-61A5FA518B6F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1086CFF9-423C-4D2F-B17F-D55E1B32123C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {14C2AF74-3AF7-4525-ABE4-EC742EACA645} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {273D11B1-086D-48D2-A113-4470A2A622DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2AAC7131-EC3E-4B70-A65B-6E0B99201AAB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3C0E396A-7699-4FC0-B0CC-928A74B574D6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6A358B9C-C5E1-4A75-ACD7-46EC4C740F22} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {914F90AE-479D-424B-8C97-1AF849AFD7B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AA6E9EBE-53CA-4877-9D2F-0CC0070AE7C1} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D57687EE-ADCB-4D21-B3CC-1A75E682EC6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FF0F232B-199B-4837-B84E-F0F13C91AC99} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
FirewallRules: [{80893DF5-E71E-45E6-A387-934FA1C3D6DA}] => (Allow) C:\Users\Ellen\AppData\Local\Temp\nsn5C01.tmp\Installer-10330903.exe
FirewallRules: [{6099F9B9-E69E-4B72-9C68-7A934F9715BA}] => (Allow) C:\Users\Ellen\AppData\Local\Temp\nsn5C01.tmp\Installer-10330903.exe
FirewallRules: [{6099F9B9-E69E-4B72-9C68-7A934F9715BA}] => (Allow) C:\Users\Ellen\AppData\Local\Temp
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1966097858-2923701501-1519854093-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default
FF DefaultSearchEngine: Ixquick
hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&_trksid=p3984.m2295.l3934&&CurrentPage=MyeBayNextAllSelling&ssPageName=STRK%3AME%3ALNLK%3AMESX&guest=1
hxxp://www.calbears.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\searchplugins\cnet-download.xml [2015-09-28]
FF SearchPlugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\searchplugins\firefox-add-ons.xml [2014-12-19]
FF SearchPlugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\searchplugins\ixquick.xml [2014-10-06]
FF SearchPlugin: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\searchplugins\youtube.xml [2014-12-19]
CHR StartupUrls: Default -> "hxxps://www.usertesting.com/my_dashboard/available_tests"
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
FF Homepage: hxxps://www.usertesting.com/users/sign_in
hxxp://bearinsider.com/forums/
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CMD: type ''C:\ComboFix.txt''
2016-05-14 01:19 - 2016-05-14 01:19 - 00000000 ____D C:\ProgramData\Trend Micro
2016-05-14 01:18 - 2016-05-14 01:18 - 00000036 _____ C:\Users\Ellen\AppData\Local\housecall.guid.cache
2016-05-14 01:17 - 2016-05-14 01:17 - 02527376 _____ (Trend Micro Inc.) C:\Users\Ellen\Downloads\HousecallLauncher64.exe
C:\Users\Ellen\AppData\Local\BIT927E.tmp
C:\Users\Ellen\AppData\Local\BIT7722.tmp
C:\Users\Ellen\AppData\Local\BIT8832.tmp
C:\Users\Ellen\Downloads\jxpiinstall(2).exe
C:\Users\Ellen\AppData\Roaming\LogFile.txt
AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton Security Suite (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => ""="Driver"
FirewallRules: [{80893DF5-E71E-45E6-A387-934FA1C3D6DA}] => (Allow) C:\Users\Ellen\AppData\Local\Temp\nsn5C01.tmp\Installer-10330903.exe
FirewallRules: [{6099F9B9-E69E-4B72-9C68-7A934F9715BA}] => (Allow) C:\Users\Ellen\AppData\Local\Temp\nsn5C01.tmp\Installer-10330903.exe
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2016-05-14] [not signed]
CHR Extension: (Norton Identity Safe) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-09-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx [2016-05-13]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx [2016-05-13]
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVia64.sys [692984 2015-07-10] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160513.023\ENG64.SYS [138488 2016-05-13] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160513.023\EX64.SYS [2148080 2016-05-13] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-05-13] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
2016-05-14 02:58 - 2016-05-14 19:50 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-05-14 02:23 - 2016-05-14 02:23 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\QuickScan
2016-05-14 00:18 - 2016-05-14 00:18 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-05-13 20:37 - 2016-05-13 20:37 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-05-13 20:37 - 2016-05-13 20:37 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-05-13 20:37 - 2016-05-13 20:37 - 00002422 _____ C:\Users\Public\Desktop\Norton Security Suite.LNK
2016-05-13 20:37 - 2016-05-13 20:37 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-05-13 20:36 - 2016-05-13 20:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-05-13 20:36 - 2016-05-13 20:36 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2016-05-13 20:36 - 2016-05-13 20:36 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-05-13 20:36 - 2016-05-13 20:36 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2016-05-13 22:53 - 2015-12-06 03:32 - 00000000 ____D C:\Users\Ellen\AppData\Local\NPE
2016-05-13 22:50 - 2015-12-06 03:34 - 00000000 ____D C:\NPE
2016-05-13 20:39 - 2015-09-28 22:46 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-05-13 20:36 - 2015-09-28 22:46 - 00000000 ____D C:\ProgramData\Norton
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
Reboot:
End




*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10476D91-BDB1-4F9E-BA1B-61A5FA518B6F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1086CFF9-423C-4D2F-B17F-D55E1B32123C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14C2AF74-3AF7-4525-ABE4-EC742EACA645} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{273D11B1-086D-48D2-A113-4470A2A622DD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AAC7131-EC3E-4B70-A65B-6E0B99201AAB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C0E396A-7699-4FC0-B0CC-928A74B574D6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A358B9C-C5E1-4A75-ACD7-46EC4C740F22} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{914F90AE-479D-424B-8C97-1AF849AFD7B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA6E9EBE-53CA-4877-9D2F-0CC0070AE7C1} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57687EE-ADCB-4D21-B3CC-1A75E682EC6F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF0F232B-199B-4837-B84E-F0F13C91AC99} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80893DF5-E71E-45E6-A387-934FA1C3D6DA} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6099F9B9-E69E-4B72-9C68-7A934F9715BA} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6099F9B9-E69E-4B72-9C68-7A934F9715BA} => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1966097858-2923701501-1519854093-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default => FRST is scripted not to move this directory.
Firefox DefaultSearchEngine removed successfully
hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&_trksid=p3984.m2295.l3934&&CurrentPage=MyeBayNextAllSelling&ssPageName=STRK%3AME%3ALNLK%3AMESX&guest=1 => Error: No automatic fix found for this entry.
hxxp://www.calbears.com/ => Error: No automatic fix found for this entry.
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
"C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\searchplugins\cnet-download.xml" => not found.
"C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\searchplugins\firefox-add-ons.xml" => not found.
"C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\searchplugins\ixquick.xml" => not found.
"C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\qzmhv6di.default\searchplugins\youtube.xml" => not found.
Chrome StartupUrls => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key not found.
Firefox "homepage" removed successfully
hxxp://bearinsider.com/forums/ => Error: No automatic fix found for this entry.
catchme => service not found.
VGPU => service not found.

=========  type ''C:\ComboFix.txt'' =========

The filename, directory name, or volume label syntax is incorrect.

========= End of CMD: =========

"C:\ProgramData\Trend Micro" => not found.
"C:\Users\Ellen\AppData\Local\housecall.guid.cache" => not found.
"C:\Users\Ellen\Downloads\HousecallLauncher64.exe" => not found.
"C:\Users\Ellen\AppData\Local\BIT927E.tmp" => not found.
"C:\Users\Ellen\AppData\Local\BIT7722.tmp" => not found.
"C:\Users\Ellen\AppData\Local\BIT8832.tmp" => not found.
"C:\Users\Ellen\Downloads\jxpiinstall(2).exe" => not found.
"C:\Users\Ellen\AppData\Roaming\LogFile.txt" => not found.
AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} => not found
AS: Norton Security Suite (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} => not found
FW: Norton Security Suite (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} => not found
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SMR501 => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80893DF5-E71E-45E6-A387-934FA1C3D6DA} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6099F9B9-E69E-4B72-9C68-7A934F9715BA} => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => key not found.
HKCR\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => key not found.
HKCR\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => key not found.
HKCR\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found.
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found.
HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} => value not found.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn => not found.
C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key not found.
"C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key not found.
"C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx" => not found.
N360 => service not found.
BHDrvx64 => service not found.
ccSet_N360 => service not found.
IDSVia64 => service not found.
NAVENG => service not found.
NAVEX15 => service not found.
SRTSP => service not found.
SRTSPX => service not found.
SymEFASI => service not found.
SymEvent => service not found.
SymIRON => service not found.
SymNetS => service not found.
"C:\Windows\System32\Tasks\Norton 360" => not found.
"C:\Users\Ellen\AppData\Roaming\QuickScan" => not found.
"C:\Windows\System32\Tasks\Norton WSC Integration" => not found.
"C:\Windows\system32\Drivers\SYMEVENT64x86.SYS" => not found.
"C:\Windows\system32\Drivers\SYMEVENT64x86.CAT" => not found.
"C:\Users\Public\Desktop\Norton Security Suite.LNK" => not found.
"C:\Program Files\Common Files\Symantec Shared" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite" => not found.
"C:\Windows\system32\Drivers\N360x64" => not found.
"C:\Program Files (x86)\NortonInstaller" => not found.
"C:\Program Files (x86)\Norton Security Suite" => not found.
"C:\Users\Ellen\AppData\Local\NPE" => not found.
"C:\NPE" => not found.
"C:\ProgramData\NortonInstaller" => not found.
"C:\ProgramData\Norton" => not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========

EmptyTemp: => 124.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:32:17 ====

 

Now what?

 

Thanks for your help. Glad we are online at the same time






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users