Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove "iskySoft Helper compact"


  • This topic is locked This topic is locked
22 replies to this topic

#1 navanoda

navanoda

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 29 June 2016 - 09:54 AM

I too am having the same issue " iSkySoft Helper Compact" (certificate from some investment company in China) wants to make change to my hard drive upon start up. Like the previous user, I am selecting "no".  Can I follow the same fixes outlined for user with same issue?

 

thank you



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 30 June 2016 - 08:57 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account. If pirated software is found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we? :thumbsup:

Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 30 June 2016 - 10:34 PM

Hello Pystryker ... thank you for addressing my issue. 

Here is content of the FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016

Ran by Anne (administrator) on LAPTOP (30-06-2016 23:29:07)
Running from C:\Users\Anne\Downloads
Loaded Profiles: Anne (Available Profiles: Anne)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(HP Inc.) C:\Program Files (x86)\Hp\HP System Event\HPWMISVC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-03] (Realtek Semiconductor)
HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe [2012104 2015-11-27] (Corel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2728472 2014-12-16] (Sony Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1971872 2016-03-28] ()
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-16] (Google Inc.)
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1311958c-1a06-4d06-b6c7-fe934c61e597}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1f1fc89e-4d57-47cc-88a1-6d431385186c}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{78c81b64-9294-4ccb-876a-81690cbd1a93}: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194
Tcpip\..\Interfaces\{a04645b1-861d-4b16-9d84-60f0e30beb88}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e537db67-947c-4098-9d9c-0c9ab7f7c32f}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKLM-x32 -> {A10C1145-B4C5-4688-9C4B-A2727BD388D5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-28] (Wondershare)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> hxxp://www.google.ca/
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2062813529-956125313-3570552973-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Anne\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-2062813529-956125313-3570552973-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Anne\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2062813529-956125313-3570552973-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Anne\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-08-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi
FF Extension: iSkysoft iMedia Converter Deluxe - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2016-05-18]
 
Chrome: 
=======
CHR Profile: C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-05-17]
CHR Extension: (HP SimplePass) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-06-04]
CHR Extension: (AdBlock) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-30]
CHR Extension: (Ad;Block Plus) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mobccnfiffccdmcihlaccmelecheomab [2016-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR HKU\S-1-5-21-2062813529-956125313-3570552973-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; c:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S4 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-16] (Sony Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-05-30] (IBM Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-05-03] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268920 2016-05-17] (Synaptics Incorporated)
S2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [54808 2016-02-10] (Advanced Micro Devices, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
S2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101112 2016-02-10] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2016-02-10] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-02-11] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-10] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-06] (REALiX™)
R1 RapportCerberus_1609041; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609041.sys [1157864 2016-06-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-30] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-30] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-30] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-30] (IBM Corp.)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [311552 2015-11-12] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-11] (Realtek                                            )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [5164288 2016-04-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-05-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-05-15] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-30 23:29 - 2016-06-30 23:30 - 00024823 _____ C:\Users\Anne\Downloads\FRST.txt
2016-06-30 23:28 - 2016-06-30 23:29 - 00000000 ____D C:\FRST
2016-06-30 23:28 - 2016-06-30 23:28 - 02390016 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2016-06-30 11:14 - 2016-06-30 11:14 - 00146892 _____ C:\Users\Anne\Downloads\06-23-2016.pdf
2016-06-29 12:11 - 2016-06-29 12:11 - 00000648 _____ C:\DelFix.txt
2016-06-29 12:11 - 2016-06-29 12:11 - 00000000 ____D C:\WINDOWS\ERUNT
2016-06-29 12:07 - 2016-06-29 12:07 - 00045560 _____ C:\Users\Anne\Downloads\MTB.txt
2016-06-28 22:28 - 2016-06-29 09:22 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-28 22:28 - 2016-06-28 22:28 - 00003952 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-06-28 22:27 - 2016-06-28 22:28 - 20461248 _____ (Adobe Systems Incorporated) C:\Users\Anne\Downloads\install_flash_player_ppapi.exe
2016-06-28 22:26 - 2016-06-28 22:26 - 00001289 _____ C:\Users\Anne\Desktop\Facebook Games Arcade (BETA).lnk
2016-06-28 22:26 - 2016-06-28 22:26 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2016-06-28 22:26 - 2016-06-28 22:26 - 00000000 ____D C:\Users\Anne\AppData\Local\FacebookGames
2016-06-28 22:26 - 2016-06-28 22:26 - 00000000 ____D C:\Users\Anne\AppData\Local\Facebook
2016-06-28 22:25 - 2016-06-28 22:25 - 00106256 _____ () C:\Users\Anne\Downloads\FacebookGamesArcadeSetup.exe
2016-06-23 18:18 - 2016-06-23 18:18 - 00816640 _____ C:\Users\Anne\Downloads\RETROFIT-Prescriptive-Worksheets-Exterior-Lighting-V-1-0-Jan2015.xlsx
2016-06-23 18:17 - 2016-06-23 18:17 - 00818176 _____ C:\Users\Anne\Downloads\RETROFIT-Prescriptive-Worksheets-Unitary-AC-V-1-0-Jan2015.xlsx
2016-06-23 18:15 - 2016-06-23 18:15 - 00814080 _____ C:\Users\Anne\Downloads\RETROFIT-Prescriptive-Worksheets-Multi-Res-In-Suite-V-1-0-Jan2015.xlsx
2016-06-23 18:13 - 2016-06-23 18:13 - 00819200 _____ C:\Users\Anne\Downloads\RETROFIT-Prescriptive-Worksheets-Motors-V-1-0-Jan2015.xlsx
2016-06-23 18:12 - 2016-06-23 18:12 - 00834048 _____ C:\Users\Anne\Downloads\RETROFIT-Prescriptive-Worksheets-Lighting-V-1-0-Jan2015 (3).xlsx
2016-06-23 18:11 - 2016-06-23 18:11 - 00834048 _____ C:\Users\Anne\Downloads\RETROFIT-Prescriptive-Worksheets-Lighting-V-1-0-Jan2015 (2).xlsx
2016-06-23 18:11 - 2016-06-23 18:11 - 00834048 _____ C:\Users\Anne\Downloads\RETROFIT-Prescriptive-Worksheets-Lighting-V-1-0-Jan2015 (1).xlsx
2016-06-23 18:10 - 2016-06-23 18:10 - 00834048 _____ C:\Users\Anne\Downloads\RETROFIT-Prescriptive-Worksheets-Lighting-V-1-0-Jan2015.xlsx
2016-06-23 10:22 - 2016-06-23 10:23 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-06-22 12:42 - 2016-06-22 12:42 - 03656416 _____ C:\Users\Anne\Downloads\certified-light-bulbs-2016-06-22.csv
2016-06-21 13:47 - 2016-06-29 23:05 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAnne
2016-06-21 13:47 - 2016-06-29 23:05 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAnne.job
2016-06-19 23:43 - 2016-06-19 23:43 - 01997426 _____ C:\Users\Anne\Downloads\AP030E (3).pdf
2016-06-19 23:42 - 2016-06-19 23:42 - 01997426 _____ C:\Users\Anne\Downloads\AP030E.pdf
2016-06-19 23:42 - 2016-06-19 23:42 - 01997426 _____ C:\Users\Anne\Downloads\AP030E (2).pdf
2016-06-19 23:42 - 2016-06-19 23:42 - 01997426 _____ C:\Users\Anne\Downloads\AP030E (1).pdf
2016-06-19 23:39 - 2016-06-19 23:40 - 00087573 _____ C:\Users\Anne\Downloads\Posting_Locations_with_Duration_years.pdf
2016-06-17 09:47 - 2016-06-17 09:47 - 00037485 _____ C:\Users\Anne\Downloads\250002957782.pdf
2016-06-16 15:32 - 2016-06-16 15:32 - 00038760 _____ C:\Users\Anne\Downloads\250002955359 (1).pdf
2016-06-16 11:25 - 2016-06-16 11:25 - 00038760 _____ C:\Users\Anne\Downloads\250002955359.pdf
2016-06-16 11:10 - 2016-06-16 11:10 - 00710993 _____ C:\Users\Anne\Downloads\light_bulb_calculator_1.xlsx
2016-06-15 12:45 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 12:45 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 12:45 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 12:45 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 12:45 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 12:45 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 12:45 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 12:45 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 12:45 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 12:45 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 12:45 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 12:45 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 12:45 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 12:45 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 12:45 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 12:45 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 12:45 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 12:45 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 12:45 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 12:45 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 12:45 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 12:45 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 12:45 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 12:45 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 12:45 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 12:45 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 12:45 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 12:44 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 12:44 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 12:44 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 12:44 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 12:44 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 12:44 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 12:44 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 12:44 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 12:44 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 12:44 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 12:44 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 12:44 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 12:44 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 12:44 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 12:44 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 12:44 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 12:44 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 12:44 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 12:44 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 12:44 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 12:44 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 12:44 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 12:44 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 12:44 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 12:44 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 12:44 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 12:44 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 12:44 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 12:44 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 12:44 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 12:44 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 12:44 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 12:44 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 12:44 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 12:44 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 12:44 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 12:44 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 12:44 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 12:44 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 12:44 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 12:44 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 12:44 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 12:44 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 12:44 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 12:44 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 12:44 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 12:44 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 12:44 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 12:44 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 12:44 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 12:44 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 12:44 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 12:44 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 12:44 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 12:44 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 12:44 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 12:44 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 12:44 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 12:44 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 12:44 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 12:44 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 12:44 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 12:44 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 12:44 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 12:44 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 12:44 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 12:44 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 12:44 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 12:44 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 12:44 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 12:43 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 12:43 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 12:43 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 12:43 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 12:43 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 12:43 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 12:43 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 12:43 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 12:43 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 12:43 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 12:43 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 12:43 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 12:43 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 12:43 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 12:43 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 12:43 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 12:43 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 12:43 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 12:43 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 12:43 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 12:43 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 12:43 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 12:43 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 12:43 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 12:43 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 12:43 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 12:43 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 12:43 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 12:43 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 12:43 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 12:43 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 12:43 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 12:43 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 12:43 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 12:43 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 12:43 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 12:43 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 12:43 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 12:43 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 12:43 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 12:43 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 12:43 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 12:43 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 12:43 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 12:43 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 12:43 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 12:43 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 12:43 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 12:43 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 12:43 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 12:43 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 12:43 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 12:43 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 12:43 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 12:43 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 12:43 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 12:43 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 12:43 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 12:43 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 12:43 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 12:43 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 12:43 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 12:43 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 12:43 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 12:43 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 12:43 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 12:43 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 12:43 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 12:43 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 12:43 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 12:43 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 12:43 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 12:43 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 12:43 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 12:43 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 12:43 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 12:43 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 12:43 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 12:43 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 12:43 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 12:43 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 12:43 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 12:43 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 12:43 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 12:43 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 12:43 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 12:43 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 12:43 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 12:43 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 12:43 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-15 09:35 - 2016-06-15 09:35 - 00101234 _____ C:\Users\Anne\Downloads\043223170131001-2016May01-2016May31.pdf
2016-06-09 23:40 - 2016-06-09 23:40 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Corel
2016-06-09 23:40 - 2016-06-09 23:40 - 00000000 ____D C:\ProgramData\Protexis64
2016-06-09 23:39 - 2016-06-09 23:39 - 00000000 ____D C:\Users\Anne\Documents\Corel PaintShop Pro
2016-06-09 23:39 - 2016-06-09 23:39 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Ulead Systems
2016-06-09 23:39 - 2016-06-09 23:39 - 00000000 ____D C:\Users\Anne\AppData\Local\Corel PaintShop Pro
2016-06-09 23:37 - 2016-06-09 23:37 - 00001297 _____ C:\Users\Public\Desktop\Corel PaintShop Pro X8 (64-bit).lnk
2016-06-09 23:37 - 2016-06-09 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X8
2016-06-09 23:37 - 2016-06-09 23:37 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-06-09 23:33 - 2016-06-09 23:33 - 00000000 ____D C:\Program Files\Corel
2016-06-09 23:30 - 2016-06-09 23:38 - 00000000 ____D C:\ProgramData\Corel
2016-06-09 23:30 - 2016-06-09 23:30 - 00000000 ____D C:\Program Files (x86)\Corel
2016-06-09 23:26 - 2016-06-09 23:26 - 00000000 ____D C:\ProgramData\UniqueId
2016-06-09 23:22 - 2016-06-09 23:26 - 01945904 _____ (Corel Corporation) C:\Users\Anne\Downloads\pspx8.0.exe
2016-06-09 21:48 - 2016-06-09 21:49 - 03822974 _____ (ACN 064 583 633 T/A Neuraltek ) C:\Users\Anne\Downloads\blkmagic.exe
2016-06-09 21:44 - 2016-06-09 21:45 - 05468488 _____ (CPSSoftware ) C:\Users\Anne\Downloads\InstantPhotoColorSetup (1).exe
2016-06-09 16:09 - 2016-06-09 16:14 - 05472288 _____ (CPSSoftware ) C:\Users\Anne\Downloads\InstantPhotoColorSetup.exe
2016-06-09 15:51 - 2016-06-09 15:53 - 57920440 _____ (clipping-path-studio.com ) C:\Users\Anne\Downloads\InstantMaskUltimateSetup12win64.exe
2016-06-09 01:35 - 2016-06-09 01:35 - 00005753 _____ C:\Users\Anne\Downloads\colon_hydrotherapy_sarnia.pdf
2016-06-07 14:25 - 2016-06-07 14:25 - 02123154 _____ C:\Users\Anne\Downloads\PBOA_Traffic_2016.xlsx
2016-06-05 14:34 - 2016-06-05 14:34 - 00004081 _____ C:\Users\Anne\Downloads\2016-01-31_HOKS1168_DetailedMemberStatement (2).pdf
2016-06-05 14:34 - 2016-06-05 14:34 - 00003967 _____ C:\Users\Anne\Downloads\2016-05-31_HOKS1168_DetailedMemberStatement (1).pdf
2016-06-05 14:33 - 2016-06-05 14:33 - 00004081 _____ C:\Users\Anne\Downloads\2016-01-31_HOKS1168_DetailedMemberStatement (1).pdf
2016-06-05 14:33 - 2016-06-05 14:33 - 00003998 _____ C:\Users\Anne\Downloads\2016-02-29_HOKS1168_DetailedMemberStatement (1).pdf
2016-06-05 14:32 - 2016-06-05 14:32 - 00003995 _____ C:\Users\Anne\Downloads\2016-03-31_HOKS1168_DetailedMemberStatement (1).pdf
2016-06-05 14:31 - 2016-06-05 14:31 - 00004182 _____ C:\Users\Anne\Downloads\2016-04-30_HOKS1168_DetailedMemberStatement (1).pdf
2016-06-05 14:28 - 2016-06-05 14:28 - 00004787 _____ C:\Users\Anne\Downloads\2016-05-31_HOKS1168_DetailedMemberStatement.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-30 23:30 - 2014-12-17 03:23 - 00000000 ____D C:\Users\Anne\Documents\Outlook Files
2016-06-30 23:23 - 2014-12-27 19:02 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002UA.job
2016-06-30 23:20 - 2014-12-16 01:22 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-30 22:56 - 2016-01-19 13:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-30 22:56 - 2015-04-10 13:01 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Skype
2016-06-30 22:56 - 2014-12-29 10:44 - 00000000 ____D C:\Users\Anne\AppData\Local\Microsoft Help
2016-06-30 21:23 - 2014-12-27 19:02 - 00000866 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002Core.job
2016-06-30 15:51 - 2014-12-15 23:27 - 00000000 ____D C:\Users\Anne\AppData\Local\Packages
2016-06-30 10:04 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-30 10:04 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-30 09:54 - 2014-12-16 01:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-30 09:21 - 2015-07-15 23:56 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-06-30 09:21 - 2014-08-31 19:06 - 16666375 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-06-30 09:20 - 2016-02-13 09:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-30 02:35 - 2016-04-29 04:22 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-06-30 02:35 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-30 00:04 - 2014-12-15 23:36 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{39275036-E60D-4DB3-AFF8-7E5BAA865571}
2016-06-29 18:51 - 2015-12-22 23:15 - 00000000 ____D C:\Users\Anne\AppData\Local\CrashDumps
2016-06-29 11:01 - 2016-04-29 04:26 - 00972168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-29 11:01 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-27 10:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-06-26 12:58 - 2016-05-17 16:03 - 00001230 _____ C:\Users\Public\Desktop\iSkysoft PDF Editor.lnk
2016-06-26 12:56 - 2015-01-10 22:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-26 12:07 - 2016-03-29 15:26 - 00001344 _____ C:\Users\Anne\Desktop\Revo Uninstaller.lnk
2016-06-25 10:59 - 2014-12-18 15:41 - 00000000 ____D C:\Users\Anne\AppData\Local\ElevatedDiagnostics
2016-06-24 10:22 - 2014-12-27 21:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 10:22 - 2014-12-27 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 10:27 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-23 10:22 - 2014-07-11 03:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-23 10:20 - 2014-12-27 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 00:43 - 2014-12-23 23:56 - 00000000 ____D C:\Users\Anne\Documents\My Scans
2016-06-20 13:00 - 2014-12-24 00:00 - 00000000 ____D C:\Users\Anne\Documents\RECIPES
2016-06-18 23:11 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-18 01:44 - 2016-04-29 04:27 - 00000000 ____D C:\Users\Anne
2016-06-17 20:30 - 2016-01-21 23:55 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 20:30 - 2016-01-21 23:55 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 09:56 - 2016-05-14 14:56 - 09717952 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-06-16 18:19 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-16 08:53 - 2016-02-13 09:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-16 08:34 - 2016-02-13 09:11 - 00356128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 03:11 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-16 03:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-16 03:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-15 17:10 - 2014-12-17 11:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 17:00 - 2014-12-17 11:35 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 16:40 - 2015-01-16 20:04 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-10 08:50 - 2016-05-14 10:12 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-06-10 02:15 - 2016-05-14 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-06-09 23:30 - 2014-07-11 04:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-08 09:33 - 2016-05-12 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-06-05 03:43 - 2015-10-31 18:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Anne\AppData\Roaming\BYAIAMUF
2015-02-14 18:03 - 2016-01-19 18:11 - 0000847 _____ () C:\Users\Anne\AppData\Roaming\Rim.Desktop.Exception.log
2015-02-14 17:48 - 2015-02-14 17:48 - 0001111 _____ () C:\Users\Anne\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-02-14 18:03 - 2016-01-19 18:11 - 0000847 _____ () C:\Users\Anne\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-12-27 20:43 - 2016-01-19 11:58 - 0000180 _____ () C:\Users\Anne\AppData\Roaming\WB.CFG
2016-03-26 11:46 - 2016-03-26 11:46 - 0007601 _____ () C:\Users\Anne\AppData\Local\Resmon.ResmonCfg
2015-11-12 03:44 - 2015-11-12 03:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-13 00:18 - 2015-05-15 01:35 - 0000112 _____ () C:\ProgramData\O3F008.dat
2015-01-10 15:00 - 2015-01-10 15:00 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-01-10 15:00 - 2015-01-10 15:00 - 1525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-01-10 15:00 - 2015-01-10 15:00 - 0837543 _____ () C:\ProgramData\yvd_ie_se.exe
 
Files to move or delete:
====================
C:\ProgramData\O3F008.dat
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe
 
 
Some files in TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\libeay32.dll
C:\Users\Anne\AppData\Local\Temp\msvcr120.dll
C:\Users\Anne\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-30 09:30
 
==================== End of FRST.txt ============================


#4 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 30 June 2016 - 10:37 PM

Content of the Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Anne (2016-06-30 23:31:27)
Running from C:\Users\Anne\Downloads
Windows 10 Home Version 1511 (X64) (2016-04-29 09:17:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2062813529-956125313-3570552973-500 - Administrator - Disabled)
Anne (S-1-5-21-2062813529-956125313-3570552973-1002 - Administrator - Enabled) => C:\Users\Anne
DefaultAccount (S-1-5-21-2062813529-956125313-3570552973-503 - Limited - Disabled)
Guest (S-1-5-21-2062813529-956125313-3570552973-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2062813529-956125313-3570552973-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A30D3EA3-B90A-DDD5-949E-6DDE67E64FE6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.1.0 - Auslogics Labs Pty Ltd)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Corel PaintShop Pro X8 (HKLM-x32\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.2.0.61 - Corel Corporation)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.5.6618 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DummyInstaller (HKLM-x32\...\{E2210743-20C9-48E3-BA03-B1E39772E662}) (Version: 1.0.0 - Microsoft)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Photos Backup (HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.9 - HP Inc.)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
ICA (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden
IPM_PSP_COM64 (Version: 18.2.0.61 - Corel Corporation) Hidden
iSkysoft DVD Creator(Build 3.8.0) (HKLM-x32\...\iSkysoft DVD Creator_is1) (Version:  - Wondershare Software)
iSkysoft iMedia Converter Deluxe(Build 5.9.0.1) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 5.9.0.1 - iSkysoft Software)
iSkysoft PDF Editor(Build 5.5.0) (HKLM-x32\...\{4D91F5A1-EBFB-4735-8D51-BA8EA10407C4}_is1) (Version: 5.5.0.1 - iSkysoft Studio)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\4415f693b586d348) (Version: 16.0.1146.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.1.00 - Sony Corporation) Hidden
PSPPContent (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
PSPPro64 (Version: 18.2.0.61 - Corel Corporation) Hidden
Rapport (x32 Version: 3.5.1609.65 - Trusteer) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.59 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7808 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Setup (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
StudioTax 2014 (HKLM-x32\...\{2EF6F96B-39E8-42AB-9338-25F801615CD8}) (Version: 10.0.13.1 - BHOK IT Consulting)
StudioTax 2015 (HKLM-x32\...\{10DC0B0F-E7D6-4F37-9CF9-0A76A689AAB0}) (Version: 11.0.8.6 - BHOK IT Consulting)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.65 - Trusteer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Anne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Anne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Anne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C1CBC2-0106-4B7D-8D54-6FE393320F42} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {01FD374D-8FB8-4D23-8E83-CEC69335ECDA} - \Loca\Loca\Loca -> No File <==== ATTENTION
Task: {04C2CBE3-C7BB-48DE-9653-250937EA24BB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-28] (Adobe Systems Incorporated)
Task: {0CC354C8-DFD6-4221-B334-C788D6E537ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0D35C008-0FC8-4C91-A135-65F51E82AF4C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {0EAEACE3-1634-482B-9B55-481259AE9390} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {192B4CFF-2C39-4FD7-AD14-694D4104AA0C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {25C4686B-704E-4D83-9ED6-252A173BFC83} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {27FAAA9A-D69A-4897-A8DD-34817D7CC02E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-28] (Adobe Systems Incorporated)
Task: {324B7338-8216-44DE-87F8-F1E033189254} - \boosterpop -> No File <==== ATTENTION
Task: {398F56C9-2AAF-4142-B799-A137618915AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {3BBE7D94-032F-48EE-9F3E-C1535826FBFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {40F18C46-6161-4D14-8FFA-134F7A38293E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {413CCA37-669D-4467-A164-E0626B1F4E54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {4219F8FC-B740-4B6E-89B1-1C1038132B8D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {431255E6-01D2-4806-ACB3-0E9CC5727304} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002Core => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {431C1573-9EAA-4512-AAA0-D989C696C2A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {470E1443-99DF-46B3-9177-0537E524D0F6} - System32\Tasks\Driver Booster SkipUAC (Anne) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {5179DC6C-A758-4627-8779-269ED415713A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {569EC297-3A81-469A-9030-B411BE0FB9BA} - System32\Tasks\KMCLF => C:\ProgramData\1a1fd46aab584ca2b99da2dc1dd494df\1a1fd46aab584ca2b99da2dc1dd494df.exe <==== ATTENTION
Task: {639545A3-3073-404A-AB29-2C4B8BBD736F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6A61B341-7F80-4F15-B68E-B92C6BBB500F} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {6B8EE527-A2FB-4BEA-BD27-DC320F863A21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {6E9464F3-857B-4485-9B3D-13059BCBCDEC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {727224AE-8CB7-42C1-8CA4-1F176BAA1708} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {73B97E33-3BD5-4889-A946-193B6C4E9635} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {742F0609-AC0E-4C78-A460-F60E10990249} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {746CA36E-1A0F-49DA-9B6B-F490DB2CB32F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76E13519-B97C-4652-8CE8-512A08587DF7} - System32\Tasks\ZGJMAX => C:\ProgramData\95df673d05c34d3086d7c3f895bdf8e3\95df673d05c34d3086d7c3f895bdf8e3.exe <==== ATTENTION
Task: {779EF5CB-9F35-47FC-9523-338B4259D25D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {77BF27D5-334C-4157-8351-EC91DD5D255F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {813A83C9-C459-4649-8947-503EC7C862AA} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)
Task: {8A8915CB-DD98-404F-9091-58228166E3D0} - System32\Tasks\HPCeeScheduleForAnne => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A17B107E-F546-49A9-81B4-FC47CA9A2D74} - System32\Tasks\DriverAssist.Autostart => C:\Program Files\DriverAssist\DriverAssist.exe
Task: {B06024BE-69D3-44EB-9AF0-AD1CF9C2A97D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B1AF2905-BE35-4F1F-86F7-18E601D415EA} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {B8E6D2AA-EDB2-40A3-88B7-715C03D63001} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)
Task: {BABC01DD-14C1-4ED6-B482-03B1291E9D31} - System32\Tasks\POMAGTHNIP => C:\ProgramData\6c54da2e97bd4bf69fea341a446a9746\6c54da2e97bd4bf69fea341a446a9746.exe <==== ATTENTION
Task: {C217175B-BB7B-4C89-94D3-F688790BE260} - System32\Tasks\Western Digital\SmartWare\____Volume_4947d23c_73db_4d89_9bb7_c8924fe27af3______Volume_3eb600cc_0000_0000_0000_100000000000__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
Task: {C48965F7-7368-4A2C-A5F2-D255506F64EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {C4EC0E7E-A7B3-4226-BD07-A31E7D2B77F1} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe <==== ATTENTION
Task: {C75856BB-FC15-462C-8325-51454F50BC42} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C821DE75-85D3-48D7-8E38-BFF0E28EB22D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {C8A4EF56-AC08-47A4-A731-ABAD60BA9854} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002UA => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D177F1D4-0E9A-4129-B285-D525757942D4} - System32\Tasks\{5BDD535F-417E-4658-8F59-EFC57C4A31D5} => pcalua.exe -a "C:\Users\Anne\Downloads\sp72391 (1).exe" -d C:\WINDOWS\system32
Task: {D34C56D6-FF78-41A5-8542-92E6E73EF434} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies)
Task: {DBAD212E-0644-4864-91E6-F91B0980A68B} - System32\Tasks\DriverAssist.Scanning => C:\Program Files\DriverAssist\DriverAssist.exe
Task: {E5DF0417-86CC-48DC-9BF9-13B2CF1F21C9} - System32\Tasks\{AD84743C-C690-418B-A091-0E64072CA5E4} => pcalua.exe -a "C:\Users\Anne\Downloads\sp72552 (1).exe" -d C:\WINDOWS\system32
Task: {EB6EB2FE-BFD6-4978-BDE0-46504F060A27} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)
Task: {F062B9D1-1930-4446-8E1E-F02C81026DA2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F2C3C087-D3CB-4A73-AE15-F47804E8380B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {F9F821DB-1786-46D7-965F-A16FDF0DB2A6} - System32\Tasks\Google Update => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002Core.job => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002UA.job => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAnne.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Public\Desktop\Snapfish.lnk -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_caAC:\Program Files (x86)\Online Services\snapfish\SnapfishGreen.ico (No File)
Shortcut: C:\Users\Public\Desktop\TripAdvisor.lnk -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cnnb&s=TripAdvisor_dt&tp=dticon (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-08-06 21:39 - 2015-08-06 21:39 - 00127488 _____ () c:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-18 15:58 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-08-04 08:26 - 2015-08-04 08:26 - 00718040 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2016-04-29 08:07 - 2016-04-29 08:07 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-29 08:07 - 2016-04-29 08:07 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-24 04:17 - 2016-05-24 04:17 - 00959168 _____ () C:\Users\Anne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-16 19:41 - 2016-06-10 05:05 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-08-04 08:26 - 2015-08-04 08:26 - 00861912 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2016-04-29 11:25 - 2016-04-29 11:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-15 12:44 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:40 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-15 12:45 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 12:45 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 12:44 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-17 20:30 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 20:30 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-28 10:35 - 2016-06-28 10:36 - 03790336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 08:19 - 2015-12-15 08:19 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-29 11:25 - 2016-04-29 11:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-29 11:25 - 2016-04-29 11:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-05-17 14:30 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-05-17 14:30 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-05-07 07:46 - 2016-06-22 09:42 - 03540680 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
2016-03-16 19:39 - 2016-06-10 04:05 - 01061576 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\bell.ca -> hxxps://www.bell.ca
IE trusted site: HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\bmo.com -> hxxps://www.bmo.com
IE trusted site: HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\bnn.ca -> hxxps://www.bnn.ca
IE trusted site: HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\google.ca -> hxxps://www.google.ca
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Anne\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch EPM Support"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch AppIntegrator 32-bit"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch AppIntegrator 64-bit"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "gmsd_ca_31"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "Utility Chest AppIntegrator 32-bit"
HKLM\...\StartupApproved\Run32: => "Utility Chest AppIntegrator 64-bit"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E6E83B4106DDB542C4E67576230415B4"
HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{63E5ECD0-1326-465C-9F25-D5977D291FD3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2434479B-E363-4393-8438-0D03D1635A56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EA3F8809-E842-4758-812D-2B9F19184418}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{994092BD-832F-49A7-9F6C-A382F1B349EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E7DCDD7-628B-46CD-B74C-6C512A9D9C8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBC3F81C-4CF6-456D-A716-35EC6BAA1758}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DB0E5282-5AD0-4E5B-B69C-8D4C8605365C}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{58DC2A4E-3A27-411E-A8C7-D6AADA160DE0}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{E5049ECA-C3FF-4524-9253-454980C8CFAC}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{31829E77-7E67-46D8-B63E-92F6B67FD41E}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{74C4E6D9-69EC-4755-A9D2-704657D6B6AB}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{3C5F876B-E7B9-43B9-8282-DCFBCD6924CB}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{80B8986E-800C-4D7B-B601-2193407B56C5}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{CB3BB79A-0B64-4C38-9882-5598B2912E86}] => (Allow) LPort=4481
FirewallRules: [{F9B1FABE-C3CD-4310-9AAF-CDCF321C5903}] => (Allow) LPort=4481
FirewallRules: [{5E3F33B0-19C1-4E9B-A06E-125D9ECEB827}] => (Allow) LPort=4482
FirewallRules: [{8F9F6430-F568-42C1-96BE-7BCFF89B7861}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{138E9027-5F3C-4A02-9F41-62EB765A863B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{154B91D4-7802-49C0-87B1-493E45A3AC37}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C87CFE59-3961-4E2C-90C1-929CECF8851A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{E564F832-A1EB-4AF1-A297-957AED0A7AA9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{1FA16D5A-D12D-448B-844C-289819C6EA6B}] => (Allow) C:\Users\Anne\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{B406CCFC-2F8D-4F99-87EE-F47D4236C8B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3FAF51E8-0ACD-4288-B3D7-D2EC241205D9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{CDB6111B-338E-4BFF-899B-C727BB14E0E7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{4A8C9F30-05F1-4127-85A8-9E6E247A5DA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{E17D0FB2-8341-4598-A72D-B20DDA954385}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A834FD53-696B-437F-9D4D-BAF7C8C85EC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{6CD66238-F700-4343-A837-A13C03D404EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
29-06-2016 12:13:51 Revo Uninstaller's restore point - Facebook Games Arcade 0.8.1.0
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/30/2016 09:58:52 AM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Error: (06/30/2016 09:58:48 AM) (Source: HP Active Health) (EventID: 1100) (User: )
Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/30/2016 09:58:46 AM) (Source: HP Active Health) (EventID: 1101) (User: )
Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Error: (06/30/2016 09:21:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tbaseprovisioning.exe, version: 1.0.0.0, time stamp: 0x56b4dcb7
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a
Exception code: 0xe0434352
Fault offset: 0x000bdae8
Faulting process id: 0x5a4
Faulting application start time: 0xtbaseprovisioning.exe0
Faulting application path: tbaseprovisioning.exe1
Faulting module path: tbaseprovisioning.exe2
Report Id: tbaseprovisioning.exe3
Faulting package full name: tbaseprovisioning.exe4
Faulting package-relative application ID: tbaseprovisioning.exe5
 
Error: (06/30/2016 09:21:10 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: tbaseprovisioning.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress)
   at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
   at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(System.ServiceModel.Security.X509CertificateRecipientServiceCredential)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(System.ServiceModel.Description.ServiceCredentials)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
   at System.ServiceModel.Description.ConfigLoader.LoadBehaviors[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1<System.ServiceModel.Configuration.BehaviorExtensionElement>, System.Collections.Generic.KeyedByTypeCollection`1<System.__Canon>, Boolean)
   at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(System.ServiceModel.ServiceHostBase, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement, System.Action`1<System.Uri>, Boolean)
   at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(System.ServiceModel.Description.ConfigLoader, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHost.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(System.ServiceModel.UriSchemeKeyedCollection)
   at System.ServiceModel.ServiceHost.InitializeDescription(System.Type, System.ServiceModel.UriSchemeKeyedCollection)
   at System.ServiceModel.ServiceHost..ctor(System.Type, System.Uri[])
   at RootPaApp.RootPaWindowsService.startThread()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (06/29/2016 06:50:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 15.16.20045.57024, time stamp: 0x57488f28
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000008
Fault offset: 0xb4088c7a
Faulting process id: 0x210c
Faulting application start time: 0xAcroRd32.exe0
Faulting application path: AcroRd32.exe1
Faulting module path: AcroRd32.exe2
Report Id: AcroRd32.exe3
Faulting package full name: AcroRd32.exe4
Faulting package-relative application ID: AcroRd32.exe5
 
Error: (06/29/2016 12:14:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/29/2016 12:01:34 PM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Error: (06/29/2016 12:00:53 PM) (Source: HP Active Health) (EventID: 1100) (User: )
Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/29/2016 12:00:28 PM) (Source: HP Active Health) (EventID: 1101) (User: )
Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
 
System errors:
=============
Error: (06/30/2016 05:01:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/30/2016 09:57:21 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (06/30/2016 09:23:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The tbaseprovisioning service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/30/2016 09:20:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UxTuneUp service failed to start due to the following error: 
%%1083 = The executable program that this service is configured to run in does not implement the service.
 
 
Error: (06/30/2016 02:35:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4d7d5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/30/2016 02:35:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4d7d5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/30/2016 02:35:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4d7d5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/30/2016 02:35:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4d7d5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/30/2016 02:35:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/29/2016 12:03:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The tbaseprovisioning service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-06-30 23:30:03.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 23:30:03.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 23:30:02.690
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 23:30:02.666
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 23:30:02.124
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 23:30:02.101
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 23:30:02.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 11:18:06.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 11:18:06.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-30 11:18:06.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 43%
Total physical RAM: 7103.31 MB
Available physical RAM: 4019.82 MB
Total Virtual: 10173.31 MB
Available Virtual: 6730.48 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:667 GB) (Free:558.67 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.77 GB) (Free:2.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive z: (HP_TOOLS) (Fixed) (Total:7.99 GB) (Free:7.98 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 449A93E7)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 30 June 2016 - 11:00 PM

Hello Pystryker ... thank you for addressing my issue.


Hello, you're quite welcome. Thank you for the logs. :)

Let's see if iSkysoft will go quietly. Let's try uninstalling the 3 programs shown in the Additions.txt log. We'll also follow up with a few other steps, just in case. :thumbup2:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.


Step 1: Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • iSkysoft DVD Creator
  • iSkysoft iMedia Converter Deluxe
  • iSkysoft PDF Editor
Step 2: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\Anne\Downloads to your Desktop or the fix will not work. All tools must be run rom the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Program Files (x86)\Common Files\iSkysoft
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1971872 2016-03-28] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-28] (Wondershare)
C:\ProgramData\iSkysoft
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi
FF Extension: iSkysoft iMedia Converter Deluxe - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2016-05-18]
C:\Users\Public\Desktop\iSkysoft PDF Editor.lnk
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe
C:\ProgramData\O3F008.dat
CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> no filepath
Task: {00C1CBC2-0106-4B7D-8D54-6FE393320F42} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {01FD374D-8FB8-4D23-8E83-CEC69335ECDA} - \Loca\Loca\Loca -> No File <==== ATTENTION
Task: {0CC354C8-DFD6-4221-B334-C788D6E537ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0EAEACE3-1634-482B-9B55-481259AE9390} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {324B7338-8216-44DE-87F8-F1E033189254} - \boosterpop -> No File <==== ATTENTION
Task: {40F18C46-6161-4D14-8FFA-134F7A38293E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4219F8FC-B740-4B6E-89B1-1C1038132B8D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {569EC297-3A81-469A-9030-B411BE0FB9BA} - System32\Tasks\KMCLF => C:\ProgramData\1a1fd46aab584ca2b99da2dc1dd494df\1a1fd46aab584ca2b99da2dc1dd494df.exe <==== ATTENTION
Task: {639545A3-3073-404A-AB29-2C4B8BBD736F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {73B97E33-3BD5-4889-A946-193B6C4E9635} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {746CA36E-1A0F-49DA-9B6B-F490DB2CB32F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76E13519-B97C-4652-8CE8-512A08587DF7} - System32\Tasks\ZGJMAX => C:\ProgramData\95df673d05c34d3086d7c3f895bdf8e3\95df673d05c34d3086d7c3f895bdf8e3.exe <==== ATTENTION
Task: {779EF5CB-9F35-47FC-9523-338B4259D25D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B06024BE-69D3-44EB-9AF0-AD1CF9C2A97D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BABC01DD-14C1-4ED6-B482-03B1291E9D31} - System32\Tasks\POMAGTHNIP => C:\ProgramData\6c54da2e97bd4bf69fea341a446a9746\6c54da2e97bd4bf69fea341a446a9746.exe <==== ATTENTION
Task: {C4EC0E7E-A7B3-4226-BD07-A31E7D2B77F1} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe <==== ATTENTION
Task: {F062B9D1-1930-4446-8E1E-F02C81026DA2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F2C3C087-D3CB-4A73-AE15-F47804E8380B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Shortcut: C:\Users\Public\Desktop\Snapfish.lnk -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_caAC:\Program Files (x86)\Online Services\snapfish\SnapfishGreen.ico (No File)
Shortcut: C:\Users\Public\Desktop\TripAdvisor.lnk -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cnnb&s=TripAdvisor_dt&tp=dticon (No File)
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 5: Fresh Scan with FRST
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Please let me know if the programs uninstalled with no issues when you post the following logs.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 30 June 2016 - 11:55 PM

so, I've uninstalled the iSkysoft software (3 applications)

moved FRST64.exe to Desktop as well as fixlist.txt script in notepad

however, when I run FRST "fix" I get a pop-up message that says "No fixlist.txt found.  the fixlist.txt should be in the same director/folder the tool is located."

Yet, they are listed in Desktop!

Meanwhile, I'll proceed with the remaining tools you've identified.



#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 30 June 2016 - 11:58 PM

Hello :)

Try saving the fixlist.txt to the Desktop again, and then run FRST.exe again. As long as they are both on the Desktop, it should work. :thumbup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 01 July 2016 - 12:51 AM

OK ... here are the logs you requested:

 

Fixlog.txt Log

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016

Ran by Anne (2016-07-01 01:20:23) Run:1

Running from C:\Users\Anne\Desktop

Loaded Profiles: Anne (Available Profiles: Anne)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

C:\Program Files (x86)\Common Files\iSkysoft

HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1971872 2016-03-28] ()

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File

BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-28] (Wondershare)

C:\ProgramData\iSkysoft

Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File

FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi

FF Extension: iSkysoft iMedia Converter Deluxe - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2016-05-18]

C:\Users\Public\Desktop\iSkysoft PDF Editor.lnk

C:\ProgramData\yvd_chrome_se.exe

C:\ProgramData\yvd_firefox_se.exe

C:\ProgramData\yvd_ie_se.exe

C:\ProgramData\O3F008.dat

CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> no filepath

Task: {00C1CBC2-0106-4B7D-8D54-6FE393320F42} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {01FD374D-8FB8-4D23-8E83-CEC69335ECDA} - \Loca\Loca\Loca -> No File <==== ATTENTION

Task: {0CC354C8-DFD6-4221-B334-C788D6E537ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {0EAEACE3-1634-482B-9B55-481259AE9390} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {324B7338-8216-44DE-87F8-F1E033189254} - \boosterpop -> No File <==== ATTENTION

Task: {40F18C46-6161-4D14-8FFA-134F7A38293E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {4219F8FC-B740-4B6E-89B1-1C1038132B8D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {569EC297-3A81-469A-9030-B411BE0FB9BA} - System32\Tasks\KMCLF => C:\ProgramData\1a1fd46aab584ca2b99da2dc1dd494df\1a1fd46aab584ca2b99da2dc1dd494df.exe <==== ATTENTION

Task: {639545A3-3073-404A-AB29-2C4B8BBD736F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {73B97E33-3BD5-4889-A946-193B6C4E9635} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {746CA36E-1A0F-49DA-9B6B-F490DB2CB32F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {76E13519-B97C-4652-8CE8-512A08587DF7} - System32\Tasks\ZGJMAX => C:\ProgramData\95df673d05c34d3086d7c3f895bdf8e3\95df673d05c34d3086d7c3f895bdf8e3.exe <==== ATTENTION

Task: {779EF5CB-9F35-47FC-9523-338B4259D25D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {B06024BE-69D3-44EB-9AF0-AD1CF9C2A97D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {BABC01DD-14C1-4ED6-B482-03B1291E9D31} - System32\Tasks\POMAGTHNIP => C:\ProgramData\6c54da2e97bd4bf69fea341a446a9746\6c54da2e97bd4bf69fea341a446a9746.exe <==== ATTENTION

Task: {C4EC0E7E-A7B3-4226-BD07-A31E7D2B77F1} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe <==== ATTENTION

Task: {F062B9D1-1930-4446-8E1E-F02C81026DA2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {F2C3C087-D3CB-4A73-AE15-F47804E8380B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION

Shortcut: C:\Users\Public\Desktop\Snapfish.lnk -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_caAC:\Program Files (x86)\Online Services\snapfish\SnapfishGreen.ico (No File)

Shortcut: C:\Users\Public\Desktop\TripAdvisor.lnk -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cnnb&s=TripAdvisor_dt&tp=dticon (No File)

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: ipconfig /flushdns

Emptytemp:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe => No running process found

C:\Program Files (x86)\Common Files\iSkysoft => moved successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iSkysoft Helper Compact.exe => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DelaypluginInstall => value removed successfully

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully

"HKLM\SOFTWARE\Policies\Google" => key removed successfully

HKU\S-1-5-21-2062813529-956125313-3570552973-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 

HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully

"HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key not found. 

HKCR\Wow6432Node\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key not found. 

C:\ProgramData\iSkysoft => moved successfully

"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ISVCU@iSkysoft.com => value not found.

C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi => not found.

"C:\Users\Public\Desktop\iSkysoft PDF Editor.lnk" => not found.

C:\ProgramData\yvd_chrome_se.exe => moved successfully

C:\ProgramData\yvd_firefox_se.exe => moved successfully

C:\ProgramData\yvd_ie_se.exe => moved successfully

"C:\ProgramData\O3F008.dat" => not found.

"HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully

"HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00C1CBC2-0106-4B7D-8D54-6FE393320F42}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00C1CBC2-0106-4B7D-8D54-6FE393320F42}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01FD374D-8FB8-4D23-8E83-CEC69335ECDA}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01FD374D-8FB8-4D23-8E83-CEC69335ECDA}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Loca\Loca\Loca" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CC354C8-DFD6-4221-B334-C788D6E537ED}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CC354C8-DFD6-4221-B334-C788D6E537ED}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EAEACE3-1634-482B-9B55-481259AE9390}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EAEACE3-1634-482B-9B55-481259AE9390}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{324B7338-8216-44DE-87F8-F1E033189254}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{324B7338-8216-44DE-87F8-F1E033189254}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40F18C46-6161-4D14-8FFA-134F7A38293E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40F18C46-6161-4D14-8FFA-134F7A38293E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4219F8FC-B740-4B6E-89B1-1C1038132B8D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4219F8FC-B740-4B6E-89B1-1C1038132B8D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{569EC297-3A81-469A-9030-B411BE0FB9BA}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{569EC297-3A81-469A-9030-B411BE0FB9BA}" => key removed successfully

C:\WINDOWS\System32\Tasks\KMCLF => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMCLF" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{639545A3-3073-404A-AB29-2C4B8BBD736F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{639545A3-3073-404A-AB29-2C4B8BBD736F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73B97E33-3BD5-4889-A946-193B6C4E9635}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73B97E33-3BD5-4889-A946-193B6C4E9635}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{746CA36E-1A0F-49DA-9B6B-F490DB2CB32F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{746CA36E-1A0F-49DA-9B6B-F490DB2CB32F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76E13519-B97C-4652-8CE8-512A08587DF7}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76E13519-B97C-4652-8CE8-512A08587DF7}" => key removed successfully

C:\WINDOWS\System32\Tasks\ZGJMAX => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZGJMAX" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{779EF5CB-9F35-47FC-9523-338B4259D25D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{779EF5CB-9F35-47FC-9523-338B4259D25D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B06024BE-69D3-44EB-9AF0-AD1CF9C2A97D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B06024BE-69D3-44EB-9AF0-AD1CF9C2A97D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BABC01DD-14C1-4ED6-B482-03B1291E9D31} => key not found. 

C:\WINDOWS\System32\Tasks\POMAGTHNIP => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\POMAGTHNIP => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4EC0E7E-A7B3-4226-BD07-A31E7D2B77F1}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4EC0E7E-A7B3-4226-BD07-A31E7D2B77F1}" => key removed successfully

C:\WINDOWS\System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\windows\DiskDiagnostic\DiskDiagnostic" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F062B9D1-1930-4446-8E1E-F02C81026DA2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F062B9D1-1930-4446-8E1E-F02C81026DA2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2C3C087-D3CB-4A73-AE15-F47804E8380B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2C3C087-D3CB-4A73-AE15-F47804E8380B}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found. 

Shortcut: C:\Users\Public\Desktop\Snapfish.lnk -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2014_caAC:\Program Files (x86)\Online Services\snapfish\SnapfishGreen.ico (No File) => Error: No automatic fix found for this entry.

Shortcut: C:\Users\Public\Desktop\TripAdvisor.lnk -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cnnb&s=TripAdvisor_dt&tp=dticon (No File) => Error: No automatic fix found for this entry.

 

=========  netsh advfirewall reset =========

 

Ok.


Junkware Removal Tool Log

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 10 Home x64 

Ran by Anne (Administrator) on 2016-07-01 at  0:58:10.80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 18 

 

Successfully deleted: C:\ProgramData\1a1fd46aab584ca2b99da2dc1dd494df (Folder) 

Successfully deleted: C:\ProgramData\6c54da2e97bd4bf69fea341a446a9746 (Folder) 

Successfully deleted: C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 (Folder) 

Successfully deleted: C:\ProgramData\95df673d05c34d3086d7c3f895bdf8e3 (Folder) 

Successfully deleted: C:\ProgramData\iobit\driver booster (Folder) 

Successfully deleted: C:\ProgramData\O3F008.dat (File) 

Successfully deleted: C:\ProgramData\productdata (Folder) 

Successfully deleted: C:\Users\Anne\AppData\Local\crashrpt (Folder) 

Successfully deleted: C:\Users\Anne\AppData\Local\installer (Folder) 

Successfully deleted: C:\Users\Anne\Appdata\LocalLow\company (Folder) 

Successfully deleted: C:\Users\Anne\AppData\Roaming\iobit\driver booster (Folder) 

Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Anne) (Task)

Successfully deleted: C:\WINDOWS\system32\Tasks\DriverAssist.Autostart (Task)

Successfully deleted: C:\WINDOWS\system32\Tasks\DriverAssist.Scanning (Task)

Successfully deleted: C:\WINDOWS\system32\Tasks\Google Update (Task)

Successfully deleted: C:\WINDOWS\system32\Tasks\POMAGTHNIP (Task)

Successfully deleted: C:\WINDOWS\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)

Successfully deleted: C:\WINDOWS\prefetch\DRIVERSETUP.EXE-D84134EA.pf (File) 

 

 

 

Registry: 4 

 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{A10C1145-B4C5-4688-9C4B-A2727BD388D5} (Registry Key)



#9 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 01 July 2016 - 12:56 AM

# AdwCleaner v5.201 - Logfile created 01/07/2016 at 01:34:28

# Updated 30/06/2016 by ToolsLib

# Database : 2016-06-30.2 [Server]

# Operating system : Windows 10 Home  (X64)

# Username : Anne - LAPTOP

# Running from : C:\Users\Anne\Desktop\AdwCleaner.exe

# Option : Clean

# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

# AdwCleaner v5.201 - Logfile created 01/07/2016 at 01:09:23

# Updated 30/06/2016 by ToolsLib

# Database : 2016-06-30.2 [Server]

# Operating system : Windows 10 Home  (X64)

# Username : Anne - LAPTOP

# Running from : C:\Users\Anne\Desktop\AdwCleaner.exe

# Option : Scan

# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

File Found : C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uhytajrtpo-a.akamaihd.net_0.localstorage

File Found : C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uhytajrtpo-a.akamaihd.net_0.localstorage-journal

 

***** [ DLL ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : facebook-messenger.en.softonic.com

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : photopus.en.softonic.com

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : pdf2jpg.en.softonic.com

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : supergeek-free-jpg-to-pdf-converter.en.softonic.com

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : universal-viewer.en.softonic.com

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : free-pdf-to-jpg.en.softonic.com

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : vnew-pdf-to-image-converter.en.softonic.com

[C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : pdf-to-word-free.en.softonic.com

 

*************************

 

C:\AdwCleaner\AdwCleaner[S1].txt - [2062 bytes] - [01/07/2016 01:09:23]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2135 bytes] ##########

 
# AdwCleaner v5.201 - Logfile created 01/07/2016 at 01:29:58
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Anne - LAPTOP
# Running from : C:\Users\Anne\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [2214 bytes] - [01/07/2016 01:09:23]
C:\AdwCleaner\AdwCleaner[S2].txt - [689 bytes] - [01/07/2016 01:29:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [761 bytes] ##########


#10 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 01 July 2016 - 12:58 AM

Fresh - FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016

Ran by Anne (administrator) on LAPTOP (01-07-2016 01:40:28)

Running from C:\Users\Anne\Desktop

Loaded Profiles: Anne (Available Profiles: Anne)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(HP Inc.) C:\Program Files (x86)\Hp\HP System Event\HPWMISVC.exe

(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-03] (Realtek Semiconductor)

HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe [2012104 2015-11-27] (Corel Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2728472 2014-12-16] (Sony Corporation)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)

HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)

HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)

HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-16] (Google Inc.)

HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)

HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)

Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-04]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{1311958c-1a06-4d06-b6c7-fe934c61e597}: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{1f1fc89e-4d57-47cc-88a1-6d431385186c}: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{78c81b64-9294-4ccb-876a-81690cbd1a93}: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194

Tcpip\..\Interfaces\{a04645b1-861d-4b16-9d84-60f0e30beb88}: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{e537db67-947c-4098-9d9c-0c9ab7f7c32f}: [DhcpNameServer] 192.168.2.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPCON14/4

HKU\S-1-5-21-2062813529-956125313-3570552973-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)

Toolbar: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)

Toolbar: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

 

Edge: 

======

Edge HomeButtonPage: HKU\S-1-5-21-2062813529-956125313-3570552973-1002 -> hxxp://www.google.ca/

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2062813529-956125313-3570552973-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Anne\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-24] (Citrix Online)

FF Plugin HKU\S-1-5-21-2062813529-956125313-3570552973-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Anne\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin HKU\S-1-5-21-2062813529-956125313-3570552973-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Anne\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt

FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-08-11] [not signed]

 

Chrome: 

=======

CHR Profile: C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Rapport) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-05-17]

CHR Extension: (HP SimplePass) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-06-04]

CHR Extension: (AdBlock) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-30]

CHR Extension: (Ad;Block Plus) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mobccnfiffccdmcihlaccmelecheomab [2016-05-19]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]

CHR HKU\S-1-5-21-2062813529-956125313-3570552973-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; c:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed]

S4 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)

R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]

S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-16] (Sony Corporation)

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-05-30] (IBM Corp.)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-05-03] (Realtek Semiconductor)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268920 2016-05-17] (Synaptics Incorporated)

S2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [54808 2016-02-10] (Advanced Micro Devices, Inc.)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)

S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)

S2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)

R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Fresh - Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016

Ran by Anne (2016-07-01 01:43:20)

Running from C:\Users\Anne\Desktop

Windows 10 Home Version 1511 (X64) (2016-04-29 09:17:56)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2062813529-956125313-3570552973-500 - Administrator - Disabled)

Anne (S-1-5-21-2062813529-956125313-3570552973-1002 - Administrator - Enabled) => C:\Users\Anne

DefaultAccount (S-1-5-21-2062813529-956125313-3570552973-503 - Limited - Disabled)

Guest (S-1-5-21-2062813529-956125313-3570552973-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2062813529-956125313-3570552973-1004 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)

AMD Catalyst Install Manager (HKLM\...\{A30D3EA3-B90A-DDD5-949E-6DDE67E64FE6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.1.0 - Auslogics Labs Pty Ltd)

Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)

AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden

AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)

AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)

Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)

Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)

Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)

Corel PaintShop Pro X8 (HKLM-x32\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.2.0.61 - Corel Corporation)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.)

Cyberlink PhotoDirector (Version: 5.0.5.6618 - CyberLink Corp.) Hidden

CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)

CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)

CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

DummyInstaller (HKLM-x32\...\{E2210743-20C9-48E3-BA03-B1E39772E662}) (Version: 1.0.0 - Microsoft)

Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)

Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)

Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Photos Backup (HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)

HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.9 - HP Inc.)

HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)

ICA (x32 Version: 18.2.0.61 - Corel Corporation) Hidden

Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden

Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden

IPM_PSP_COM64 (Version: 18.2.0.61 - Corel Corporation) Hidden

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden

MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)

Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-2062813529-956125313-3570552973-1002\...\4415f693b586d348) (Version: 16.0.1146.9 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)

PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation)

PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden

PMB_ServiceUploader (x32 Version: 9.1.00 - Sony Corporation) Hidden

PSPPContent (x32 Version: 18.2.0.61 - Corel Corporation) Hidden

PSPPHelp (x32 Version: 18.2.0.61 - Corel Corporation) Hidden

PSPPro64 (Version: 18.2.0.61 - Corel Corporation) Hidden

Rapport (x32 Version: 3.5.1609.65 - Trusteer) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.59 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7808 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)

Setup (x32 Version: 18.2.0.61 - Corel Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)

SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden

StudioTax 2014 (HKLM-x32\...\{2EF6F96B-39E8-42AB-9338-25F801615CD8}) (Version: 10.0.13.1 - BHOK IT Consulting)

StudioTax 2015 (HKLM-x32\...\{10DC0B0F-E7D6-4F37-9CF9-0A76A689AAB0}) (Version: 11.0.8.6 - BHOK IT Consulting)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.65 - Trusteer)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)

WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)

WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden

WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)

WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden

WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)

WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)

Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Anne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Anne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2062813529-956125313-3570552973-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Anne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {04C2CBE3-C7BB-48DE-9653-250937EA24BB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-28] (Adobe Systems Incorporated)

Task: {0D35C008-0FC8-4C91-A135-65F51E82AF4C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)

Task: {192B4CFF-2C39-4FD7-AD14-694D4104AA0C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)

Task: {25C4686B-704E-4D83-9ED6-252A173BFC83} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

Task: {27FAAA9A-D69A-4897-A8DD-34817D7CC02E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-28] (Adobe Systems Incorporated)

Task: {398F56C9-2AAF-4142-B799-A137618915AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {3BBE7D94-032F-48EE-9F3E-C1535826FBFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {413CCA37-669D-4467-A164-E0626B1F4E54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

Task: {431255E6-01D2-4806-ACB3-0E9CC5727304} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002Core => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {431C1573-9EAA-4512-AAA0-D989C696C2A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)

Task: {5179DC6C-A758-4627-8779-269ED415713A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {6A61B341-7F80-4F15-B68E-B92C6BBB500F} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)

Task: {6B8EE527-A2FB-4BEA-BD27-DC320F863A21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {6E9464F3-857B-4485-9B3D-13059BCBCDEC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)

Task: {727224AE-8CB7-42C1-8CA4-1F176BAA1708} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)

Task: {742F0609-AC0E-4C78-A460-F60E10990249} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {77BF27D5-334C-4157-8351-EC91DD5D255F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)

Task: {813A83C9-C459-4649-8947-503EC7C862AA} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)

Task: {8A8915CB-DD98-404F-9091-58228166E3D0} - System32\Tasks\HPCeeScheduleForAnne => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {B1AF2905-BE35-4F1F-86F7-18E601D415EA} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Task: {B8E6D2AA-EDB2-40A3-88B7-715C03D63001} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)

Task: {C217175B-BB7B-4C89-94D3-F688790BE260} - System32\Tasks\Western Digital\SmartWare\____Volume_4947d23c_73db_4d89_9bb7_c8924fe27af3______Volume_3eb600cc_0000_0000_0000_100000000000__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)

Task: {C48965F7-7368-4A2C-A5F2-D255506F64EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)

Task: {C75856BB-FC15-462C-8325-51454F50BC42} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

Task: {C821DE75-85D3-48D7-8E38-BFF0E28EB22D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)

Task: {C8A4EF56-AC08-47A4-A731-ABAD60BA9854} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002UA => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {D177F1D4-0E9A-4129-B285-D525757942D4} - System32\Tasks\{5BDD535F-417E-4658-8F59-EFC57C4A31D5} => pcalua.exe -a "C:\Users\Anne\Downloads\sp72391 (1).exe" -d C:\WINDOWS\system32

Task: {E5DF0417-86CC-48DC-9BF9-13B2CF1F21C9} - System32\Tasks\{AD84743C-C690-418B-A091-0E64072CA5E4} => pcalua.exe -a "C:\Users\Anne\Downloads\sp72552 (1).exe" -d C:\WINDOWS\system32

Task: {EB6EB2FE-BFD6-4978-BDE0-46504F060A27} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002Core.job => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2062813529-956125313-3570552973-1002UA.job => C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForAnne.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)



#11 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 01 July 2016 - 12:59 AM

OK pystryker ... that's all the logs you requested!



#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 01 July 2016 - 01:04 AM

OK pystryker ... that's all the logs you requested!


Hello :)

Excellent, the logs are looking great! No sign of the iSkysoft in any of them. However, the AdwCleaner log showed only that you ran a scan, but didn't clean the items it found.

Please run it again, and when the scan is complete, press the Clean button.

When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\Adwcleaner

Things I need to see in your next post:

AdwCleaner Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 01 July 2016 - 01:21 AM

OK, re-ran the Adware cleaner; pop up stated "Adware cleaner found no malicious programmes on your computer".  Ran "clean" ... here is the log:

 

# AdwCleaner v5.201 - Logfile created 01/07/2016 at 02:15:39

# Updated 30/06/2016 by ToolsLib

# Database : 2016-06-30.2 [Server]

# Operating system : Windows 10 Home  (X64)

# Username : Anne - LAPTOP

# Running from : C:\Users\Anne\Desktop\AdwCleaner.exe

# Option : Clean

# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Proxy settings cleared

:: Winsock settings cleared

:: TCP/IP settings cleared

:: Firewall settings cleared

:: IPSec settings cleared

:: BITS queue cleared

:: IE policies deleted

:: Chrome policies deleted

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [1161 bytes] - [01/07/2016 01:34:28]

C:\AdwCleaner\AdwCleaner[C2].txt - [938 bytes] - [01/07/2016 02:15:39]

C:\AdwCleaner\AdwCleaner[S1].txt - [2214 bytes] - [01/07/2016 01:09:23]

C:\AdwCleaner\AdwCleaner[S2].txt - [839 bytes] - [01/07/2016 01:29:58]

C:\AdwCleaner\AdwCleaner[S3].txt - [984 bytes] - [01/07/2016 02:09:28]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1227 bytes] ##########



#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 01 July 2016 - 06:41 AM

Hello :)
 

OK, re-ran the Adware cleaner; pop up stated "Adware cleaner found no malicious programmes on your computer". Ran "clean" ... here is the log:


:thumbup2: Let's run some scans for remnants and orphans. How is the machine running?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

Start the program and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: Security Check

Please download Security Check by screen317 to your Desktop by clicking here.

Once downloaded, double click the program and follow the prompts.

Once finished, the program will produce a log called checkup.txt

Please post that log in your next reply.

Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 navanoda

navanoda
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 01 July 2016 - 11:59 AM

so.... ran the malware bytes and have log.  However, the ESET online scanner froze after about 2.5 hrs running time.  I'll re-run later today/tonight and send logs according.

 

thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users