Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista PC - Father "Clicked" some link - can't acess Internet, scan, etc


  • This topic is locked This topic is locked
18 replies to this topic

#1 mark100

mark100

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 29 May 2016 - 07:54 AM

Greetings and thank you in advance for any and all assistance you can provide.

 

Background:

This is an issue on my Father's Dell laptop running Windows Vista.  Running on this PC (which I installed) is typically the ZoneAlarm Free Firewall, Avast Free Anti-Virus, and MalwareBytes Anti-Malware.  

 

My Dad reported that after clicking on some link while browsing, he wasn't able to access the internet.   I currently have hisPC at my home and here's what I have noticed / observed/ found out:

 

  • Although I can connect on my laptop to my home wifi network, I am not able to with his PC.  When I try to connect, I get the following message "Press the configuration button on the access point before continuing".  If I try to enter the password directly, I get "Windows cannot connect to this network"
  • If I try network diagnostics within "Control Panel / Network and Sharing Center, I get the following messages:
    • The network adapter "Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller is experiencing driver or hardware related issues
    • Make sure your Internet Protocol Bindings are correct.   Upon checking,both the Internet Protocol Version 4" and Version 6 are selected.
  • I did attempt to boot in Safe mode with networking - no difference in what I experienced above.
  • ZoneAlarm Firewall is loaded (ie, shows up n the bottom right taskbar) but "Show Monitor" and "Scan Now" options are greyed out.  
  • Avast is no longer showing up on the bottom right taskbar.   When I check on the desktop icon for Avast,  nothing happens and Avast will not load.
  • If I attempt to run MalwareBytes.   It will load, however, after a Scan is started, it terminates within a few seconds with the message "Threat Scan was canceled"
  • The following "Programs" are now on the system (none of which I installed for my Father and he wouldn't have installed himself):
    • One System Care
    • Chromium
    • NowUSeeIt Player

 

Again - thanks for any/all assistance you can provide.  

Mark

 

 

 

Contents of FRST.txt:

+++++++++++++++++

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016
Ran by jerry_ann (administrator) on JERRY_ANN-PC (29-05-2016 07:57:40)
Running from D:\
Loaded Profiles: jerry_ann (Available Profiles: jerry_ann & LogMeInRemoteUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(SkyHawke) C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [CaddieSyncConduit] => C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2544960 2013-05-08] (SkyHawke)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-15] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [NowUSeeIt Player] => C:\Program Files\NowUSeeItPlayer\NowUSeeItPlayer.exe [913920 2016-01-04] ()
HKLM\...\RunOnce: [GetFormsOnline_dbbar Uninstall] => rundll32 C:\PROGRA~1\DBUNIN~1.DLL,O -3 uninstalltype=IE
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\...\Run: [NowUSeeIt Player] => C:\Program Files\NowUSeeItPlayer\NowUSeeItPlayer.exe [913920 2016-01-04] ()
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\...\Run: [GoogleChromeAutoLaunch_70CCE655C7FAB1D6A023D8F63CC530FA] => C:\Users\jerry_ann\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-12] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9809CF1B-AEB7-4B6F-A853-AFE1A58983B1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DE3D3262-5521-4D46-940C-3CF909D4359D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {a152be81-478a-4ea8-81a8-41e8a41abf8d} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BYD^xdm106^YYA^us&si=1337-oT3SNu8M&ptb=F0B192B8-D8CF-4C99-9C0D-124197FC96BE&ind=2015111109&n=781c27c5&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {026250E9-6CFE-48CE-B480-3888EE5BB838} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {0EE5E43F-5821-4B8C-930D-A4DE7273F64A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {0F257489-5DE3-4EB8-9D30-6C2B0A4D6285} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {7ECA62F8-4DD9-49B0-9371-65863F2AD610} URL = hxxp://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {a152be81-478a-4ea8-81a8-41e8a41abf8d} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BYD^xdm106^YYA^us&si=1337-oT3SNu8M&ptb=F0B192B8-D8CF-4C99-9C0D-124197FC96BE&ind=2015111109&n=781c27c5&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {B8158A1F-CAA7-496F-8359-927A0C681DDD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&q={searchTerms}&gu=bac8ee441c7744ecb72d5fe9e80a6513&tu=10GXz00Au2C01g0&sku=&tstsId=&ver=&&r=667
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {B8B9E556-E49E-42CE-88F9-27E6E4708889} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc-sc
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {CD6F0E22-843E-4F7E-8ABC-0DF3319863E2} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {E3260C2A-0E4A-463A-B389-484A8054CBB2} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-11-19] (Yahoo! Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-18] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: No Name -> {c9356c23-e3f1-4582-8863-ce9c5bee7449} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-26] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-11-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {CC4BADAD-F6A0-45E2-B538-A7C49ACBF6C5} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\searchplugins\Search Provided by Yahoo.xml [2016-03-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-23] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-18]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-18]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
CHR Extension: (Google Search) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Avast Online Security) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-18]
CHR HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-15] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-12] (AVAST Software)
S4 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian) [File not signed]
S4 CobianBackup10; C:\Program Files\Cobian Backup 10\cbService.exe [1125376 2010-09-23] (Luis Cobian, CobianSoft) [File not signed]
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S4 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [242424 2008-11-03] (WildTangent, Inc.)
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [244904 2008-10-23] () [File not signed]
S4 SftService; C:\WINDOWS\SMINST\sftservice.EXE [632048 2009-02-23] (SoftThinks)
S4 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-15] (IDT, Inc.)
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.) [File not signed]
S4 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-02-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-23] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [171608 2016-02-12] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67088 2016-02-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-12] (AVAST Software)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [64512 2010-05-31] (ASIX Electronics Corp.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-11-03] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [138616 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44728 2015-11-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [770936 2015-11-03] (AO Kaspersky Lab)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [53960 2016-02-01] (360.cn)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [41088 2003-01-08] (Prolific Technology Inc.) [File not signed]
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2012-12-11] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63104 2012-12-11] (Silicon Laboratories)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [84512 2004-03-25] (MCCI)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2016-05-04] (SlimWare Utilities, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S3 slabbus; system32\DRIVERS\slabbus.sys [X]
S1 Vsdatant; system32\DRIVERS\vsdatant.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 07:56 - 2016-05-29 07:57 - 00000000 ____D C:\FRST
2016-05-28 07:38 - 2015-12-15 17:12 - 01021784 _____ (Mindspark) C:\Program Files\dbUninstall GetFormsOnline.dll
2016-05-28 07:38 - 2015-12-15 17:12 - 00173912 _____ (Mindspark) C:\Program Files\dbres.dll
2016-05-03 10:46 - 2016-05-11 19:30 - 00566158 _____ C:\Windows\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 07:57 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-05-29 07:57 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-29 07:56 - 2016-03-31 15:05 - 00000272 _____ C:\Windows\Tasks\One System CarePeriod.job
2016-05-29 07:33 - 2012-07-01 13:29 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-29 07:33 - 2012-07-01 13:29 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-28 09:29 - 2015-07-27 17:10 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-28 09:11 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-28 09:11 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-28 07:38 - 2011-12-26 22:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-28 07:11 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-11 19:05 - 2011-12-23 09:17 - 00001356 _____ C:\Users\jerry_ann\AppData\Local\d3d9caps.dat
2016-05-11 18:52 - 2006-11-02 09:01 - 00032754 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-04 18:19 - 2016-03-31 15:15 - 00000000 ____D C:\Program Files\360
2016-05-04 17:56 - 2015-11-12 08:23 - 00013368 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2016-05-02 10:45 - 2014-05-01 21:36 - 00431438 _____ C:\Windows\system32\Drivers\vsconfig.xml
2016-05-02 10:43 - 2015-11-21 12:53 - 00000639 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-05-02 09:31 - 2013-05-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2016-05-28 07:38 - 2015-12-15 17:12 - 0173912 _____ (Mindspark) C:\Program Files\dbres.dll
2016-05-28 07:38 - 2015-12-15 17:12 - 1021784 _____ (Mindspark) C:\Program Files\dbUninstall GetFormsOnline.dll
2011-12-23 09:17 - 2016-05-11 19:05 - 0001356 _____ () C:\Users\jerry_ann\AppData\Local\d3d9caps.dat
2011-12-26 08:07 - 2013-12-24 17:42 - 0242688 _____ () C:\Users\jerry_ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-03 17:46 - 2012-03-26 08:43 - 0001345 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 07:19

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 29 May 2016 - 09:25 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello mark100,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

While I review the log you provided please do the following..


  • Please rerun FRST as you did before, make sure to check the Addition.txt box before clicking Scan.  Once the scan is over, a window entitled "Addition.txt" will open.  Please post the contents of Addition.txt in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Addition.txt

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mark100

mark100
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 29 May 2016 - 10:19 PM

Hi Mal,

Sorry, thought I had included the Addition.txt file in my original post.  Please find attached - hopefully....

 

Thanks again for all help you can provide.

 

Mark

Attached Files



#4 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 30 May 2016 - 01:52 PM

Hi Mark,

There are some clear signs of infections in the logs you have provided, however at this point I can't say for sure if they are responsible for the lack of internet connectivity.  Let's start by cleaning the infections and if the connectivity issue persists afterwards, then we will look into that.  This of course means that you will need to download all tools to your computer and transfer them to the infected computer with a USB flash drive.

I also noticed that you ran FRST from the "D:" drive, which presumably is a flash drive.  Although FRST will run from a USB, I would prefer that in the future you save all tools to the desktop and run them from there.



Backup your registry using TCRB

  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

There are a few questions I would like you to ask your father:


  • I see some signs of Remote Access Programs on the computer, more specifically GoToAssist and LogMeIn.  However, they do not appear in the uninstall list.  Did your father install them or is he aware that they were installed at some point?
  • There are several entries related to Yahoo! in the logs you have provided.  Did your father purposefully install these?.  Although not malware, Yahoo! is frequently bundled with other programs and installed without one's direct consent.  Some of the tools we will use might flag it as a Potentially Unwanted Program (PUP).

Removing a program in Windows Vista


  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:

    Chromium
    FindYourMaps Internet Explorer Toolbar
    NowUSeeIt Player

  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.

I notice you have several security programs installed and running on your computer.  Although this might seem like a good idea, you are in fact putting your computer at risk, since they will interfere with each other. Please choose either Avast! or ZoneAlarm and uninstall the other program by following the same steps outlined in the step above.


Avast!
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden

ZoneAlarm
ZoneAlarm Antivirus (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden



Next..


AdwCleaner


  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point


I need you to run a search using FRST..




  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer;

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • Answer to my questions.
  • AdwCleaner log.
  • Search.txt

 


Edited by mAL_rEm018, 30 May 2016 - 02:24 PM.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#5 mark100

mark100
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 30 May 2016 - 05:57 PM

Hi Mal,

Again - thanks for your time, patience, help as we work through this - very much appreciate it.

Mark

 

Hopefully below is everything you requested:

  • Did you have trouble performing any of the steps?
    • No issues with TCRB
    • Removing programs (Chromium) - no error message but am still getting after reboot a window that is opening referring to Chromium (see attached)
    • Removing programs (FindYourMaps) - did receive the following error msg:  Error loading C:\Program Files\FindYourMaps__dp\bar\1.bin\dpBar.dll.   The specific module could not be found.
    • Removing programs (NowUSeeIt Player):   No apparent issue with removal
    • I do have a question:  I noticed that One System Care was not included to be uninstalled.   Is that ok?  Will it be addressed later?  This is one tool I didn't install so likely was by accident by my Dad.   I did also include (see attached), the One System Care message I received upon start of the computer as an FYI.
    • AdwCleaner, FRST - no issues other than Notepad crashed multiple time in my attempt to "Save As" the contents of each run into a TXT file on my flash drive so I could include it in my reply.  Eventually got it to save but took many tries.

 

  • Answer to my questions.
    • GoToAssist came with the system from Dell but has never been used with Dell (ie, we've never called for support) and could certainly be removed.   LogMeIn is something I installed to try to give me the ability to help my Dad remotely.
    • entries related to Yahoo! in the logs:   He doesn't use these and I'm sure they have been installed as part of other installs, updates, etc.
    • Not a question but I did unstall Avast for now.   Not sure why both Zonealarm  and Avast virus protections were active.   I typically use only Zonealarm for firewall and Avast for Anti-Virus.  It was easier to uninstall Avast at this point then to figure out out to disable the anti-virus on Zonealarm as I'm still not able to get the Zonealarm monitor up so I can make changes like that.   Can can also uninstall Zonealarm for the time being as well and just activate the Windows Firewall and Anti-virus if you think that might be better.

 

  • AdwCleaner log:

# AdwCleaner v5.119 - Logfile created 30/05/2016 at 18:12:39
# Updated 30/05/2016 by Xplode
# Database : 2016-05-25.2 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : jerry_ann - JERRY_ANN-PC
# Running from : C:\Users\jerry_ann\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : YahooAUService
Service Found : swdumon

***** [ Folders ] *****

Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\ProgramData\Application Data\apn
Folder Found : C:\ProgramData\Application Data\Ask
Folder Found : C:\ProgramData\Application Data\Conduit
Folder Found : C:\ProgramData\Application Data\Yahoo! Companion
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
Folder Found : C:\Users\Public\Documents\Downloaded Installers
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\OneSystemCare
Folder Found : C:\Program Files\Yahoo!\Companion
Folder Found : C:\Windows\system32\config\systemprofile\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil
Folder Found : C:\Users\jerry_ann\AppData\Local\slimware utilities inc
Folder Found : C:\Users\jerry_ann\AppData\Local\YSearchUtil
Folder Found : C:\Users\jerry_ann\AppData\Local\Downloaded Installers
Folder Found : C:\Users\jerry_ann\AppData\LocalLow\Check Point Software Technologies LTD
Folder Found : C:\Users\jerry_ann\AppData\LocalLow\Conduit
Folder Found : C:\Users\jerry_ann\AppData\LocalLow\iac
Folder Found : C:\Users\jerry_ann\AppData\LocalLow\ShopAtHome
Folder Found : C:\Users\jerry_ann\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\jerry_ann\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\jerry_ann\AppData\LocalLow\YahooCouponAddOn
Folder Found : C:\Users\jerry_ann\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Users\jerry_ann\AppData\Roaming\One System Care
Folder Found : C:\Users\jerry_ann\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
File Found : C:\Program Files\Yahoo!\Common\unyt.exe
File Found : C:\Windows\Reimage.ini
File Found : C:\Windows\system32\drivers\swdumon.sys
File Found : C:\Users\jerry_ann\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
File Found : C:\Users\jerry_ann\Downloads\Documents\ReimageRepair.exe
File Found : C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\searchplugins\Search Provided by Yahoo.xml
File Found : C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage
File Found : C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage
File Found : C:\user.js

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : One System CarePeriod
Task Found : One System Care Run Delay
Task Found : One System Care Monitor

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\SOFTWARE\Classes\AppID\yt.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Key Found : HKCU\Software\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\yt.CacheLoader
Key Found : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
Key Found : HKLM\SOFTWARE\Classes\yt.Clickstream
Key Found : HKLM\SOFTWARE\Classes\yt.Clickstream.1
Key Found : HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found : HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found : HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0384459a-9d5e-4ae1-b154-8eac39721c97}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6818868a-1b3d-4e35-a561-fa964a96cd3b}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9193e23b-4182-493f-a38e-682307a7c463}
Key Found : HKLM\SOFTWARE\Classes\Interface\{b723e5aa-0f63-47df-971c-ae8ea0f8393a}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found : HKCU\Software\BEFRUGAL
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\One System Care
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\ICSW1.19
Key Found : HKCU\Software\NowUSeeItPlayer
Key Found : HKCU\Software\csastats
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKLM\SOFTWARE\CheckPoint\ISW
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1902}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Security Toolbar
Key Found : HKU\.DEFAULT\Software\CheckPoint\ISW
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\BEFRUGAL
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Conduit
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\One System Care
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\PRODUCTSETUP
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\SlimWare Utilities Inc
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\ICSW1.19
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\NowUSeeItPlayer
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\csastats
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Toolbar
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1902}
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Security Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\BEFRUGAL
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\CheckPoint\ISW
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Data Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Data Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7ECA62F8-4DD9-49B0-9371-65863F2AD610}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a152be81-478a-4ea8-81a8-41e8a41abf8d}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B8158A1F-CAA7-496F-8359-927A0C681DDD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a152be81-478a-4ea8-81a8-41e8a41abf8d}
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7ECA62F8-4DD9-49B0-9371-65863F2AD610}
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Data Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a152be81-478a-4ea8-81a8-41e8a41abf8d}
Key Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B8158A1F-CAA7-496F-8359-927A0C681DDD}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
Value Found : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]

***** [ Web browsers ] *****

[C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\prefs.js] Found : user_pref("browser.search.defaultenginename", "Search Provided by Yahoo");
[C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\prefs.js] Found : user_pref("browser.search.selectedEngine", "Search Provided by Yahoo");
[C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\prefs.js] Found : user_pref("browser.startup.homepage", "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26c[...]
[C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : check point software technologies ltd
[C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www.yahoo.com
[C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : aaaajpkhjdkhhnkmgfjodbkfpbmibkkk
[C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Found : search provided by yahoo
[C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium&uref=chmm
[C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Extension] Found : bahkljhhdeciiaodlkppoonappfnheoi
[C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Found : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium&uref=chmm

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [25322 bytes] - [30/05/2016 18:12:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [25396 bytes] ##########
 

 

  • Search.txt

Farbar Recovery Scan Tool (x86) Version:29-05-2016
Ran by jerry_ann (2016-05-30 18:26:15)
Running from C:\Users\jerry_ann\Desktop
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sg2]
""="CaddieSyncConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\HomePage]
"{6ec74131-08b2-4f67-a9bc-5914ef1edb97}"="http://search.conduit.com?SearchSource=10&CUI=UN37505211911413115&UM=2&ctid=CT3299872"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"D85AC57AC9BD41D449820E7C0B6F32CD"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CaddieSyncConduit"="C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1775364]
"Url"="http://alerts.conduit-services.com/root/1784823/1775364/US"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="http://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit\RevertSettings]
"ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&CUI=UN37505211911413115&UM=2&ctid=CT3299872"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.8.2.0]

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar]
"SearchServerUrl"="http://search.conduit.com"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Login]
"users.conduit.com Last Login TB Version:6.17.2.8"="1387992984"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\conduit_CT3299872_CT3299872]

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\MetaData\1228971465]
"dbname"="conduit_CT3299872_CT3299872"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\MetaData\1825301918]
"dbname"="conduit_CT3299872_CT3299872"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\MetaData\3535415760]
"dbname"="conduit_CT3299872_CT3299872"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\MetaData\4000850192]
"dbname"="conduit_CT3299872_en"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Repository\MetaData\858845236]
"dbname"="conduit_CT3299872_CT3299872"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3299872&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\BackHandStorage\http___app_mam_conduit_com_getapp_CT3299872_mam_html_ctid=CT3299872&smv=EB_SMV]

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\ExternalComponent]
"http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3299872&UM=UM_UNINSTALL_ID"="1387913883"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\ExternalComponent]
"http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3299872"="1387913883"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&amp;ctid=CT3299872"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3299872"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\Search\Settings]
"NotFoundUrl"="http://search.conduit.com/corse/?ctid=CT3299872&octid=EB_ORIGINAL_CTID&SearchSource=11&CUI=SB_CUI&SSPV=EB_SSPV&Lay=LAY_ID&UM=2&fq=FQ_TERM&SAT=SAT_ID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.505/tbedrs.dll"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>USOH0212</LOCATION_ID><DAYS><DAY1><DATE>20131225</DATE><DAY>Wednesday</DAY><F_MIN>30</F_MIN><F_MAX>34</F_MAX><C_MIN>-1</C_MIN><C_MAX>1</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>1</UV_INDEX><SUNSET>5:12 pm</SUNSET><SUNRISE>7:52 am</SUNRISE><MOONRISE>12:19 am</MOONRISE><MOONSET>12:15 pm</MOONSET><MOON_PHASE>Last Quarter</MOON_PHASE><CONDITION_DESCRIPTION>Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20131226</DATE><DAY>Thursday</DAY><F_MIN>26</F_MIN><F_MAX>33</F_MAX><C_MIN>-3</C_MIN><C_MAX>1</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>2</UV_INDEX><SUNSET>5:13 pm</SUNSET><SUNRISE>7:53 am</SUNRISE><MOONRISE>1:20 am</MOONRISE><MOONSET>12:47 pm</MOONSET><MOON_PHASE>Waning Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy_big.gif</CONDITION_ICON></DAY2><DAY3><DATE>20131227</DATE><DAY>Friday</DAY><F_MIN>29</F_MIN><F_MAX>41</F_MAX><C_MIN>-2</C_MIN><C_MAX>5</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>2</UV_INDEX><SUNSET>5:14 pm</SUNSET><SUNRISE>7:53 am</SUNRISE><MOONRISE>2:23 am</MOONRISE><MOONSET>1:23 pm</MOONSET><MOON_PHASE>Waning Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy_big.gif</CONDITION_ICON></DAY3></DAYS><CURRENT_CONDITION><TEMP_F>21</TEMP_F><TEMP_C>-6</TEMP_C><WEATHER_TEXT/><SKY>Broken Clouds</SKY><FEELS_LIKE_F>13</FEELS_LIKE_F><FEELS_LIKE_C>-11</FEELS_LIKE_C><ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy_big.gif</ICON><BUTTON_ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy.gif</BUTTON_ICON><TOOLTIP_ICON>http://weather.conduit.com/images/weather/Tooltip/partly_cloudy_big.gif</TOOLTIP_ICON></CURRENT_CONDITION></FORECAST>"

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sg2\OpenWithProgids]
"CaddieSyncConduit"=""


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Trolltech]

[HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
====== End of Search ======

Attached Files


Edited by mark100, 30 May 2016 - 06:23 PM.


#6 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 30 May 2016 - 06:36 PM

Hi Mark,
 

Again - thanks for your time, patience, help as we work through this - very much appreciate it.

It's my pleasure. :)
 

I do have a question:  I noticed that One System Care was not included to be uninstalled.   Is that ok?  Will it be addressed later?  This is one tool I didn't install so likely was by accident by my Dad.   I did also include (see attached), the One System Care message I received upon start of the computer as an FYI.

Yes we will take care of One System Care.  The programs I asked you to remove were part of your uninstall list, One System Care was not, which is why I didn't ask you to uninstall it in my previous post.

Please follow the steps below..

Adwcleaner


  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Cleaning.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open.  Please copy/paste the contents in your next reply.

Next..

I need to see a fresh FRST log..



  • Right-click on FRST.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

Please give me an update on how the computer is behaving at this point..


-----------------------------------------
In your next reply, I would like to see..


  • AdwCleaner log
  • FRST.txt
  • Addition.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#7 mark100

mark100
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 30 May 2016 - 07:49 PM

Hi Mal,

So, you asked if the behavior of the computer has changed.   I have noticed a couple of things:

 

  • No longer getting the One System Care windows after reboot and the icon is no longer showing on the bottom right task-bar!
  • Consistently getting the following message when trying to "Save As" the Notepad entries for the various tools to the flash drive:
    "Notepad was closed.   To help prevent your computer, Data Execution Prevention as closed Notepad.   Click to learn more"
    I am able to eventually save each time but usually takes multiple attempts.
  • Still getting something related to Chromium after a reboot (see attached)
  • Still am not able to connect to Wifi

 

As requested:

 

AdwCleaner log

 

# AdwCleaner v5.119 - Logfile created 30/05/2016 at 19:50:35
# Updated 30/05/2016 by Xplode
# Database : 2016-05-25.2 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : jerry_ann - JERRY_ANN-PC
# Running from : C:\Users\jerry_ann\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService
[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\Conduit
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\Application Data\apn
[#] Folder Deleted : C:\ProgramData\Application Data\Ask
[#] Folder Deleted : C:\ProgramData\Application Data\Conduit
[#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder Deleted : C:\Users\Public\Documents\Downloaded Installers
[-] Folder Deleted : C:\Program Files\Conduit
[-] Folder Deleted : C:\Program Files\OneSystemCare
[-] Folder Deleted : C:\Program Files\Yahoo!\Companion
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\jerry_ann\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\jerry_ann\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\jerry_ann\AppData\Local\Downloaded Installers
[-] Folder Deleted : C:\Users\jerry_ann\AppData\LocalLow\Check Point Software Technologies LTD
[-] Folder Deleted : C:\Users\jerry_ann\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\jerry_ann\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\jerry_ann\AppData\LocalLow\ShopAtHome
[-] Folder Deleted : C:\Users\jerry_ann\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\jerry_ann\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\jerry_ann\AppData\LocalLow\YahooCouponAddOn
[-] Folder Deleted : C:\Users\jerry_ann\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
[-] Folder Deleted : C:\Users\jerry_ann\AppData\Roaming\One System Care
[-] Folder Deleted : C:\Users\jerry_ann\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File Deleted : C:\Program Files\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\Windows\Reimage.ini
[-] File Deleted : C:\Windows\system32\drivers\swdumon.sys
[-] File Deleted : C:\Users\jerry_ann\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
[-] File Deleted : C:\Users\jerry_ann\Downloads\Documents\ReimageRepair.exe
[-] File Deleted : C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\searchplugins\Search Provided by Yahoo.xml
[-] File Deleted : C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage
[-] File Deleted : C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage
[-] File Deleted : C:\user.js

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : One System CarePeriod
[-] Task Deleted : One System Care Run Delay
[-] Task Deleted : One System Care Monitor

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0384459a-9d5e-4ae1-b154-8eac39721c97}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6818868a-1b3d-4e35-a561-fa964a96cd3b}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9193e23b-4182-493f-a38e-682307a7c463}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{b723e5aa-0f63-47df-971c-ae8ea0f8393a}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\BEFRUGAL
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\One System Care
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\ICSW1.19
[-] Key Deleted : HKCU\Software\NowUSeeItPlayer
[-] Key Deleted : HKCU\Software\csastats
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\CheckPoint\ISW
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1902}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Security Toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\CheckPoint\ISW
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\BEFRUGAL
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7ECA62F8-4DD9-49B0-9371-65863F2AD610}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a152be81-478a-4ea8-81a8-41e8a41abf8d}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B8158A1F-CAA7-496F-8359-927A0C681DDD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a152be81-478a-4ea8-81a8-41e8a41abf8d}
[-] Data Restored : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[#] Value Deleted : HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]

***** [ Web browsers ] *****

[-] [C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "Search Provided by Yahoo");
[-] [C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "Search Provided by Yahoo");
[-] [C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26c[...]
[-] [C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : check point software technologies ltd
[-] [C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www.yahoo.com
[-] [C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaajpkhjdkhhnkmgfjodbkfpbmibkkk
[-] [C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo
[-] [C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium&uref=chmm
[-] [C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Extension] Deleted : bahkljhhdeciiaodlkppoonappfnheoi
[-] [C:\Users\jerry_ann\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyDtD0ByCyEtCtDtDtA0D0DtC0B0FtN0D0Tzu0StCyDyDtCtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzyyEyCzyzytGyBzyyCzytGyByDtByEtGyDzyzy0AtGtBtA0CyEtDtDzy0CyEyC0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0A0A0ByDtDzytGyEtD0CtBtGyEzyyDyBtG0A0A0E0FtGyDyDzyyBtD0E0D0A0Fzy0EtB2QtN0A0LzutB%26cr%3D482090735%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D6%26os%3DWindows%2BVista%2B™%2BHome%2BPremium&uref=chmm

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [22017 bytes] - [30/05/2016 19:50:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [25476 bytes] - [30/05/2016 18:12:39]
C:\AdwCleaner\AdwCleaner[S2].txt - [25550 bytes] - [30/05/2016 19:48:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [22239 bytes] ##########
 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016
Ran by jerry_ann (administrator) on JERRY_ANN-PC (30-05-2016 20:16:28)
Running from C:\Users\jerry_ann\Desktop
Loaded Profiles: jerry_ann (Available Profiles: jerry_ann & LogMeInRemoteUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Dell Inc.) C:\WINDOWS\System32\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(SkyHawke) C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [CaddieSyncConduit] => C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2544960 2013-05-08] (SkyHawke)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-15] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\...\Run: [GoogleChromeAutoLaunch_70CCE655C7FAB1D6A023D8F63CC530FA] => C:\Users\jerry_ann\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9809CF1B-AEB7-4B6F-A853-AFE1A58983B1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DE3D3262-5521-4D46-940C-3CF909D4359D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} -  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {026250E9-6CFE-48CE-B480-3888EE5BB838} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {0EE5E43F-5821-4B8C-930D-A4DE7273F64A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {0F257489-5DE3-4EB8-9D30-6C2B0A4D6285} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {B8B9E556-E49E-42CE-88F9-27E6E4708889} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc-sc
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {CD6F0E22-843E-4F7E-8ABC-0DF3319863E2} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {E3260C2A-0E4A-463A-B389-484A8054CBB2} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-26] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: No Name -> {c9356c23-e3f1-4582-8863-ce9c5bee7449} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-26] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {CC4BADAD-F6A0-45E2-B538-A7C49ACBF6C5} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default
FF NewTab: about:newtab
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-23] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
CHR Extension: (Google Search) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Avast Online Security) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-15] (Andrea Electronics Corporation)
S4 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian) [File not signed]
S4 CobianBackup10; C:\Program Files\Cobian Backup 10\cbService.exe [1125376 2010-09-23] (Luis Cobian, CobianSoft) [File not signed]
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S4 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [242424 2008-11-03] (WildTangent, Inc.)
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [244904 2008-10-23] () [File not signed]
S4 SftService; C:\WINDOWS\SMINST\sftservice.EXE [632048 2009-02-23] (SoftThinks)
S4 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-15] (IDT, Inc.)
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.) [File not signed]
S4 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [64512 2010-05-31] (ASIX Electronics Corp.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-11-03] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [138616 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44728 2015-11-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [770936 2015-11-03] (AO Kaspersky Lab)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [53960 2016-02-01] (360.cn)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [41088 2003-01-08] (Prolific Technology Inc.) [File not signed]
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2012-12-11] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63104 2012-12-11] (Silicon Laboratories)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [84512 2004-03-25] (MCCI)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S3 slabbus; system32\DRIVERS\slabbus.sys [X]
S1 Vsdatant; system32\DRIVERS\vsdatant.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-30 20:16 - 2016-05-30 20:20 - 00020034 _____ C:\Users\jerry_ann\Desktop\FRST.txt
2016-05-30 18:26 - 2016-05-30 18:26 - 00017394 _____ C:\Users\jerry_ann\Desktop\Search.txt
2016-05-30 18:20 - 2016-05-29 07:53 - 01734144 _____ (Farbar) C:\Users\jerry_ann\Desktop\FRST.exe
2016-05-30 18:12 - 2016-05-30 19:50 - 00000000 ____D C:\AdwCleaner
2016-05-30 17:48 - 2016-05-30 17:43 - 03677248 _____ C:\Users\jerry_ann\Desktop\AdwCleaner.exe
2016-05-30 17:36 - 2016-05-30 17:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JERRY_ANN-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2016-05-30 17:36 - 2016-05-30 17:36 - 00000000 ____D C:\RegBackup
2016-05-30 17:35 - 2016-05-30 17:35 - 00017392 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-05-30 17:35 - 2016-05-30 17:35 - 00002018 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-05-30 17:35 - 2016-05-30 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-30 17:35 - 2016-05-30 17:35 - 00000000 ____D C:\Program Files\Tweaking.com
2016-05-29 08:49 - 2016-05-29 08:49 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-29 07:56 - 2016-05-30 20:16 - 00000000 ____D C:\FRST
2016-05-03 10:46 - 2016-05-11 19:30 - 00566158 _____ C:\Windows\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-30 20:10 - 2012-07-01 13:29 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-30 20:10 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-30 20:10 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-30 20:10 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-30 20:09 - 2006-11-02 09:01 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-30 19:55 - 2014-01-22 12:59 - 00000000 ____D C:\Users\jerry_ann\AppData\LocalLow\Yahoo!
2016-05-30 19:55 - 2012-02-10 17:58 - 00000000 ____D C:\Users\jerry_ann\AppData\Roaming\Yahoo!
2016-05-30 19:55 - 2011-12-23 12:48 - 00000000 ____D C:\Users\jerry_ann\AppData\Roaming\CheckPoint
2016-05-30 19:50 - 2012-01-03 18:00 - 00000000 ____D C:\Program Files\Yahoo!
2016-05-30 19:49 - 2012-07-01 13:29 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-30 18:16 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-05-30 18:16 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-30 18:08 - 2011-12-23 14:08 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-30 18:08 - 2011-12-23 14:08 - 00000000 ____D C:\Program Files\AVAST Software
2016-05-30 07:45 - 2011-12-25 20:49 - 00000000 ____D C:\Users\jerry_ann\AppData\Roaming\Apple Computer
2016-05-29 12:28 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing
2016-05-29 08:49 - 2014-12-25 19:58 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-29 08:49 - 2014-09-05 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-29 08:49 - 2014-09-05 16:11 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-28 07:38 - 2011-12-26 22:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-11 19:05 - 2011-12-23 09:17 - 00001356 _____ C:\Users\jerry_ann\AppData\Local\d3d9caps.dat
2016-05-04 18:19 - 2016-03-31 15:15 - 00000000 ____D C:\Program Files\360
2016-05-02 10:45 - 2014-05-01 21:36 - 00431438 _____ C:\Windows\system32\Drivers\vsconfig.xml
2016-05-02 10:43 - 2015-11-21 12:53 - 00000639 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-05-02 09:31 - 2013-05-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2011-12-23 09:17 - 2016-05-11 19:05 - 0001356 _____ () C:\Users\jerry_ann\AppData\Local\d3d9caps.dat
2011-12-26 08:07 - 2013-12-24 17:42 - 0242688 _____ () C:\Users\jerry_ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-03 17:46 - 2012-03-26 08:43 - 0001345 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\jerry_ann\AppData\Local\Temp\libeay32.dll
C:\Users\jerry_ann\AppData\Local\Temp\msvcr120.dll
C:\Users\jerry_ann\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-30 20:18

==================== End of FRST.txt ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-05-2016
Ran by jerry_ann (2016-05-30 20:20:44)
Running from C:\Users\jerry_ann\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2009-05-07 05:54:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2389855253-1163327070-3577453299-500 - Administrator - Disabled)
Guest (S-1-5-21-2389855253-1163327070-3577453299-501 - Limited - Disabled)
jerry_ann (S-1-5-21-2389855253-1163327070-3577453299-1000 - Administrator - Enabled) => C:\Users\jerry_ann
LogMeInRemoteUser (S-1-5-21-2389855253-1163327070-3577453299-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Free Firewall Antivirus (Disabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Free Firewall Anti-Spyware (Disabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
FindYourMaps Internet Explorer Toolbar (HKLM\...\FindYourMaps_dpbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Should I Remove It (HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
SolutionCenter (HKLM\...\{A5AB9D5E-52E2-440E-A3ED-9512E253C81A}) (Version:  - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
ZoneAlarm Antivirus (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\jerry_ann\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08DBE92C-AD99-4B9D-AE74-F9781C145191} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {0D158CEA-D824-4754-8D63-6A1ED497CB24} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {1ED65423-C2B3-4600-8879-E23E1B010008} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.)
Task: {30EDB541-D606-4ACD-BBF4-A90F0FE6275A} - System32\Tasks\{4333B6BF-507F-47B0-9925-1953BD9C2A8B} => pcalua.exe -a D:\setup.exe -d D:\
Task: {3280617C-1C4A-476A-A273-E0C33B320A89} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-31] (Adobe Systems Incorporated)
Task: {3D0EFDC3-1822-4563-A2F0-055ABEDA9D62} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)
Task: {5061BD71-3531-4BF1-8E2B-829C11DAEF1A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {9AD9EDB9-C88C-495A-993F-90CFFCB3246B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.)
Task: {D6F6A69D-AD1E-423A-BCEA-F2E99D81B6C0} - System32\Tasks\{1A33CC5A-799D-4FA1-9CF0-8F1CFC095BF9} => pcalua.exe -a F:\Drivers\SG1_SG2\INFInstaller.exe -d F:\Drivers\SG1_SG2

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-05-07 07:10 - 2008-12-22 06:34 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-05-07 07:10 - 2008-12-22 06:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 12:13 - 2013-05-08 12:13 - 00109568 _____ () C:\Program Files\SkyGolf\CaddieSync Express\qextserialport1.dll
2009-01-10 14:32 - 2009-01-10 14:32 - 00011362 _____ () C:\Program Files\SkyGolf\CaddieSync Express\mingwm10.dll
2009-06-22 22:42 - 2009-06-22 22:42 - 00043008 _____ () C:\Program Files\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll
2013-05-08 12:13 - 2013-05-08 12:13 - 00590848 _____ () C:\Program Files\SkyGolf\CaddieSync Express\qjson0.dll
2013-05-08 12:17 - 2013-05-08 12:17 - 00167232 _____ () C:\Program Files\SkyGolf\CaddieSync Express\conduitscripting0.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jerry_ann\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cbVSCService => 2
MSCONFIG\Services: CobianBackup10 => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMIMaint => 2
MSCONFIG\Services: LogMeIn => 2
MSCONFIG\Services: LVPrcSrv => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: sprtsvc_DellSupportCenter => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Cobian Backup 10 Interface => "C:\Program Files\Cobian Backup 10\cbInterface.exe" -service
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: GetFormsOnline EPM Support => "C:\PROGRA~1\GETFOR~1\bar\1.bin\dbmedint.exe" t8EPMSup.dll,S
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launcher => %WINDIR%\SMINST\Components\scheduler\Launcher.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{871B44B6-51D9-4806-8C02-14746E6F129F}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{02D635CF-F84F-493C-AFED-C0E574C3F38E}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{15927E53-166D-40A0-9821-5B3B8E967580}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{287632DA-671B-4AAC-9F9A-20A21B8F63FB}] => (Allow) LPort=80
FirewallRules: [{C067D123-3385-4C78-A150-037663A86CAE}] => (Allow) LPort=80
FirewallRules: [{6FC45B4C-8082-48E9-A9EE-CF8BE0BF31DC}] => (Allow) LPort=80
FirewallRules: [{A531CD06-A662-464D-97DA-644809D9539D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28B6A2B0-3140-46D4-8B85-421E5758B58B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4EE1C4E-7916-4E2E-A9DA-A89FF9F17B3D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5630E038-9325-4E3F-92F6-5227B90AB270}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D96F6A6B-B73A-4FC0-967A-247437BEAAE1}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E01E890F-0BCE-4F6A-9992-3FA7E396E530}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F487A2F0-D1D2-4E5E-ABD3-5F1DB2596594}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F9C20F3B-EE00-43E0-912A-3D03B9314A2F}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-05-2016 10:06:57 Scheduled Checkpoint
28-05-2016 08:40:17 Scheduled Checkpoint
29-05-2016 13:37:22 Scheduled Checkpoint
30-05-2016 08:24:24 Scheduled Checkpoint
30-05-2016 17:41:35 Removed NowUSeeIt Player
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2016 08:12:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2016 06:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NOTEPAD.EXE, version 6.0.6002.19438, time stamp 0x559e8472, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x56fafc1b, exception code 0xc0000005, fault offset 0x746d736a,
process id 0xb2c, application start time 0xNOTEPAD.EXE0.

Error: (05/30/2016 06:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NOTEPAD.EXE, version 6.0.6002.19438, time stamp 0x559e8472, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x56fafc1b, exception code 0xc0000005, fault offset 0x746d736a,
process id 0xf2c, application start time 0xNOTEPAD.EXE0.

Error: (05/30/2016 06:15:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NOTEPAD.EXE, version 6.0.6002.19438, time stamp 0x559e8472, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x56fafc1b, exception code 0xc0000005, fault offset 0x746d736a,
process id 0xeb4, application start time 0xNOTEPAD.EXE0.

Error: (05/30/2016 06:09:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2016 05:55:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2016 05:45:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2016 04:35:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2016 06:58:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2016 11:40:22 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (05/30/2016 08:22:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: TrueVector Internet MonitorZone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Zone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: TrueVector Internet MonitorZone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Zone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: TrueVector Internet MonitorZone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Zone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: TrueVector Internet MonitorZone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Zone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: TrueVector Internet MonitorZone Alarm Firewall Driver%%2

Error: (05/30/2016 08:22:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Zone Alarm Firewall Driver%%2


CodeIntegrity:
===================================
  Date: 2016-05-30 20:19:43.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-30 20:19:42.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-30 20:19:41.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-30 20:19:40.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 12:06:39.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 12:06:38.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 12:06:37.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 12:06:35.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 12:06:34.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 12:06:32.983
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 3033.63 MB
Available physical RAM: 1632.96 MB
Total Virtual: 6297.5 MB
Available Virtual: 4838.3 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:50.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: A9F9AA9B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files



#8 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 31 May 2016 - 01:39 PM

Hi Mark,

Please run the following fix..
 

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
CreateRestorePoint:

HKLM\...\Run: [hpqSRMon] => [X]
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\...\Run: [GoogleChromeAutoLaunch_70CCE655C7FAB1D6A023D8F63CC530FA] => C:\Users\jerry_ann\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} -  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {026250E9-6CFE-48CE-B480-3888EE5BB838} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {0EE5E43F-5821-4B8C-930D-A4DE7273F64A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {B8B9E556-E49E-42CE-88F9-27E6E4708889} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc-sc
BHO: No Name -> {c9356c23-e3f1-4582-8863-ce9c5bee7449} -> No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> No Name - {CC4BADAD-F6A0-45E2-B538-A7C49ACBF6C5} -  No File
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-02]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-11-03] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [138616 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44728 2015-11-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [770936 2015-11-03] (AO Kaspersky Lab)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [53960 2016-02-01] (360.cn)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S3 slabbus; system32\DRIVERS\slabbus.sys [X]
S1 Vsdatant; system32\DRIVERS\vsdatant.sys [X]
2016-05-30 19:55 - 2014-01-22 12:59 - 00000000 ____D C:\Users\jerry_ann\AppData\LocalLow\Yahoo!
2016-05-30 19:55 - 2012-02-10 17:58 - 00000000 ____D C:\Users\jerry_ann\AppData\Roaming\Yahoo!
2016-05-30 19:50 - 2012-01-03 18:00 - 00000000 ____D C:\Program Files\Yahoo!
2016-05-30 18:08 - 2011-12-23 14:08 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-30 18:08 - 2011-12-23 14:08 - 00000000 ____D C:\Program Files\AVAST Software
2016-05-28 07:38 - 2011-12-26 22:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-04 18:19 - 2016-03-31 15:15 - 00000000 ____D C:\Program Files\360
CustomCLSID: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\jerry_ann\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3 [133]
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
C:\Users\jerry_ann\AppData\Local\Chromium
C:\Users\jerry_ann\AppData\Local\Temp\libeay32.dll
C:\Users\jerry_ann\AppData\Local\Temp\msvcr120.dll
C:\Users\jerry_ann\AppData\Local\Temp\sqlite3.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\AppDataLow\Software\Installl_Converter]
[-HKEY_USERS\S-1-5-21-2389855253-1163327070-3577453299-1000\Software\Trolltech]


Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next..

Removing a program in Windows Vista


  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs (if still present):

    FindYourMaps Internet Explorer Toolbar

  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Note: you can only remove one program at a time.

Next..



  • Open the Start menu.
  • In the search box type msconfig and press enter.
  • A window entitled System Configuration will open.
  • Select the Services tab and click on Enable all located at the bottom.
  • Next select the Startup tab and click on Enable all located at the bottom.
  • Click on Apply and OK.
  • Please reboot the computer.
    Do not make any other modification while in the System Configuration!

Once the computer is restarted, please do the following..

I need to see a fresh FRST log..



  • Right-click on FRST.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

How is your computer behaving at this point?

-----------------------------------------
In your next reply, I would like to see..


  • fixlog.txt
  • Were you able to remove FindYourMaps Internet Explorer Toolbar?
  • FRST.txt
  • Addition.txt
  • Update on your computer performance.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#9 mark100

mark100
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 31 May 2016 - 10:23 PM

Mal,

Hmmm, hopefully I haven't  messed this up.   I ran the code in fixlist.txt.   It did create a log file (attached).   However, once it started to delete temporary files, it hung up (got "Not responding" message).   After about thirty minutes, I just proceeded with the next step as I was able to open other windows, etc.   I checked for FindYourMaps Internet Explorer Toolbar but it was not listed in Control Panel.   I proceeded to the MSCONFIG step and Enabled as instructed.   However, when I rebooted, I just got a blank screen.   I tried again and got two options.   To repair or to just proceed with Windows.   I tried the second first and same thing - nothing.   So, I tried the repair option but now I have a window "Startup Repair" which has been running now for a least 45 minutes and one that won't let me cancel.    What should I do next?

 

Thanks - Mark

 

Note:   Fixlog.txt attached.

Attached Files


Edited by mark100, 31 May 2016 - 10:24 PM.


#10 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 31 May 2016 - 11:01 PM

Hi Mark,

I am very sorry for your troubles. :( Please restart the computer and describe exactly what is happening when it is booting. Try to be as specific as you can.  I will do everything I can to help you. :)

mAL


Edited by mAL_rEm018, 31 May 2016 - 11:01 PM.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#11 mark100

mark100
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 01 June 2016 - 05:54 AM

Hi Mal,

Ok - I just let the Startup Repair to continue to run during the night.  This morning, it had completed but with a message stating that Startup Repair could not fix the issue.   When I clicked on "Ok", the system shutdown.   I tried to reboot and this time Window actually loaded without error!

 

Aside from appls/tools which are now enabled (that I had disabled previously), the only other difference I see is that I'm not receiving the Chromium window upon startup anymore.   Still not able to connect to the Internet.

 

I was able to execute FRST - here are the results (Attached.txt is attached):

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016
Ran by jerry_ann (administrator) on JERRY_ANN-PC (01-06-2016 06:28:37)
Running from C:\Users\jerry_ann\Desktop
Loaded Profiles: jerry_ann (Available Profiles: jerry_ann & LogMeInRemoteUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 10\cbVSCService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 10\cbService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(SoftThinks) C:\WINDOWS\SMINST\SftService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(SkyHawke) C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 10\cbInterface.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [CaddieSyncConduit] => C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2544960 2013-05-08] (SkyHawke)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-15] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam\Quickcam.exe [2656528 2008-12-20] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [GetFormsOnline EPM Support] => "C:\PROGRA~1\GETFOR~1\bar\1.bin\dbmedint.exe" t8EPMSup.dll,S
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1745648 2008-11-03] ()
HKLM\...\Run: [Cobian Backup 10 Interface] => C:\Program Files\Cobian Backup 10\cbInterface.exe [3154432 2010-09-23] (Luis Cobian, CobianSoft)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [200704 2008-09-04] (Alps Electric Co., Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2389855253-1163327070-3577453299-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-01-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9809CF1B-AEB7-4B6F-A853-AFE1A58983B1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DE3D3262-5521-4D46-940C-3CF909D4359D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {0F257489-5DE3-4EB8-9D30-6C2B0A4D6285} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {CD6F0E22-843E-4F7E-8ABC-0DF3319863E2} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2389855253-1163327070-3577453299-1000 -> {E3260C2A-0E4A-463A-B389-484A8054CBB2} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-26] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-26] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\jerry_ann\AppData\Roaming\Mozilla\Firefox\Profiles\28ovapaz.default
FF NewTab: about:newtab
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-23] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
CHR Extension: (Google Search) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\jerry_ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-15] (Andrea Electronics Corporation)
R2 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup10; C:\Program Files\Cobian Backup 10\cbService.exe [1125376 2010-09-23] (Luis Cobian, CobianSoft) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [242424 2008-11-03] (WildTangent, Inc.)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [244904 2008-10-23] () [File not signed]
R2 SftService; C:\WINDOWS\SMINST\sftservice.EXE [632048 2009-02-23] (SoftThinks)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-15] (IDT, Inc.)
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.) [File not signed]
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [64512 2010-05-31] (ASIX Electronics Corp.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [41088 2003-01-08] (Prolific Technology Inc.) [File not signed]
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2012-12-11] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63104 2012-12-11] (Silicon Laboratories)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [84512 2004-03-25] (MCCI)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-01 06:28 - 2016-06-01 06:28 - 00020323 _____ C:\Users\jerry_ann\Desktop\FRST.txt
2016-05-31 22:40 - 2016-05-31 22:56 - 00016615 _____ C:\Users\jerry_ann\Desktop\Fixlog.txt
2016-05-31 22:39 - 2016-05-31 22:37 - 00007445 _____ C:\Users\jerry_ann\Desktop\fixlist.txt
2016-05-30 18:26 - 2016-05-30 18:26 - 00017394 _____ C:\Users\jerry_ann\Desktop\Search.txt
2016-05-30 18:20 - 2016-05-29 07:53 - 01734144 _____ (Farbar) C:\Users\jerry_ann\Desktop\FRST.exe
2016-05-30 18:12 - 2016-05-30 19:50 - 00000000 ____D C:\AdwCleaner
2016-05-30 17:48 - 2016-05-30 17:43 - 03677248 _____ C:\Users\jerry_ann\Desktop\AdwCleaner.exe
2016-05-30 17:36 - 2016-05-30 17:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JERRY_ANN-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2016-05-30 17:36 - 2016-05-30 17:36 - 00000000 ____D C:\RegBackup
2016-05-30 17:35 - 2016-05-30 17:35 - 00017392 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-05-30 17:35 - 2016-05-30 17:35 - 00002018 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-05-30 17:35 - 2016-05-30 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-30 17:35 - 2016-05-30 17:35 - 00000000 ____D C:\Program Files\Tweaking.com
2016-05-29 08:49 - 2016-05-29 08:49 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-29 07:56 - 2016-06-01 06:28 - 00000000 ____D C:\FRST
2016-05-03 10:46 - 2016-05-11 19:30 - 00566158 _____ C:\Windows\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-01 05:29 - 2012-07-01 13:29 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-01 05:20 - 2014-01-22 13:09 - 00000883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2016-06-01 05:20 - 2014-01-22 13:09 - 00000867 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-06-01 05:19 - 2012-07-01 13:29 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-01 05:19 - 2011-12-29 21:06 - 00000000 ____D C:\ProgramData\LogMeIn
2016-06-01 05:19 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-01 05:19 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-01 05:19 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-31 23:08 - 2006-11-02 09:01 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-31 23:07 - 2012-05-25 16:52 - 00000000 ____D C:\Windows\pss
2016-05-31 22:56 - 2011-12-23 12:48 - 00000000 ____D C:\Users\jerry_ann\AppData\LocalLow\Temp
2016-05-30 19:55 - 2011-12-23 12:48 - 00000000 ____D C:\Users\jerry_ann\AppData\Roaming\CheckPoint
2016-05-30 18:16 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-05-30 18:16 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-30 07:45 - 2011-12-25 20:49 - 00000000 ____D C:\Users\jerry_ann\AppData\Roaming\Apple Computer
2016-05-29 12:28 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing
2016-05-29 08:49 - 2014-12-25 19:58 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-29 08:49 - 2014-09-05 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-29 08:49 - 2014-09-05 16:11 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-11 19:05 - 2011-12-23 09:17 - 00001356 _____ C:\Users\jerry_ann\AppData\Local\d3d9caps.dat
2016-05-02 10:45 - 2014-05-01 21:36 - 00431438 _____ C:\Windows\system32\Drivers\vsconfig.xml
2016-05-02 10:43 - 2015-11-21 12:53 - 00000639 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-05-02 09:31 - 2013-05-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2011-12-23 09:17 - 2016-05-11 19:05 - 0001356 _____ () C:\Users\jerry_ann\AppData\Local\d3d9caps.dat
2011-12-26 08:07 - 2013-12-24 17:42 - 0242688 _____ () C:\Users\jerry_ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-03 17:46 - 2012-03-26 08:43 - 0001345 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-01 05:33

==================== End of FRST.txt ============================

Attached Files



#12 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 02 June 2016 - 01:05 PM

Hi Mark,

My apologies for the delay.  I had an emergency that required me to be away from the computer.

Farbar Service Scanner

  • Please download Farbar Service Scanner from Here
  • Save it to your desktop.
  • Right-Click on FSS.exe and select Run as Administrator.
  • Ensure that the following options are checked:

     

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

     

  • Click on Scan.
  • Once the process is over a log entitled FSS.txt will open.  Please post the contents of FSS.txt in your next reply.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#13 mark100

mark100
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 02 June 2016 - 06:43 PM

Hi Mal,

No problem - hope everything is ok.   As I needed to get the PC back to my father tomorrow morning and he doesn't live close, I had to proceed as I wasn't sure when you might return (not a criticism as I very much appreciate what you guys do at this site, just a reality for me).   I'll update you on what I've done and, time permitting this evening, you can let me know if the instructions above are still valid or not.

 

So, I decided uninstall ZoneAlarm to keep stuff simple and just activated the Windows Firewall and Windows Defender.   From there, I was able to figure out how to re-establish Internet access.   I reboot the router (even though my PC was working fine).   Once I did that for the second time, it connected.  From there, I updated Windows and then updated the Windows Defender DB and ran a scan - it was clean.   I then updated Malwarebytes, did a scan - it picked up some PUP (similar to what Adwcleaner) and resolved those. 

 

I also updated and ran CCleaner.   Nothing major encountered.  Then, I installed Avast, updated the DB, and ran a full scan.   Minor issue detected and resolved.

 

So, at this point I think I'm ok but certainly would be open to any additional / final checks (including the Farbar Service Scanner) you might want to look before we consider this truely resolved.   Let me know your thoughts as you are much more of an expert in this area than I am.

 

Again - thanks for all your help and I do look forward to your final recommendation on any further steps (if any).

 

Mark



#14 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 02 June 2016 - 08:57 PM

Hi Mark,

I am happy to know that the internet connectivity issues have been resolved.  It isn't the first time that ZoneAlarm has caused some issues with a computer.

As far as the Farbar Service Scanner goes, there is no need to run the tool as I would have used it to troubleshoot the connectivity issues.  There are still a few matters I would like to attend to before you give the computer back to your father, however I understand that you have to give the computer back tomorrow, so I will add the steps in one post.

 

I also updated and ran CCleaner.

CCleaner is a great program to have, however I would advise your father to stay away from the built-in Registry Cleaner.



Then, I installed Avast, updated the DB, and ran a full scan

Avast! is a great Antivirus.  It also contains an AntiSpyware, therefore I would advise you to disable Windows Defender.  The AV and AS provided with Avast! alongside the Windows Firewall is good protection.  Feel free to also leave Malwarebytes on the computer.

Please follow the steps below..

Please download Add Remove Program Cleaner to your desktop.


  • Right-click on addremovecleaner and select " Run as administrator " to run it.
  • Locate FindYourMaps Internet Explorer Toolbar in the menu and click once on it to highlight.
  • Now click on Remove from add/remove programs list.
  • At the prompt click on Yes then Exit.
  • Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot the computer.

I noticed that your Firefox browser was outdated.  If you have not already done so, please follow the steps below to update it.

Update Firefox


  • Open Firefox.
  • Click on Help in the Menu Bar.
  • Select About Firefox.
  • When the update has finished downloading, click Restart Firefox to Update.
    Firefox should now be updated.  If you were unable to update FF, please let me know in your next post.

Next..

Removing a program in Windows Vista


  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:

    Java 8 Update 77

  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Note: you can only remove one program at a time.

To re-install Java, follow the steps below..


  • Click on the following link: Java.
  • Save the executable file to your desktop and close your browser.
  • Right-click on jre-8u91-windows-i586-iftw.exe and select Run as administrator.
  • Make sure to read the license agreement and then click on Install.
    Uncheck all software offers bundled with Java.
  • Select Next.
  • When the process is over, select Close.
    Note: when you select Close your browser will automatically be opened to check if Java was properly installed.
  • You can now check to see if you have the latest Java version by clicking on Verify Java Version.

Let's remove the tools we have used so far..



  • Please download Delfix to your desktop.
  • Right-click on delfix_1.013.exe and select Run as administrator.
  • Check the following boxes:

     

    • Remove disinfection tools
    • Purge system restore

     

  • You can now safely remove any tools and/or logs that may remain on your computer.

You and your father should find the following information useful..



Please post back to let me know once you have completed the steps above.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#15 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 03 June 2016 - 08:11 PM

Hi Mark,

 

Were you able to complete the steps outlined in my last post?


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users