Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer/browser running slow


  • This topic is locked This topic is locked
104 replies to this topic

#1 diamondqueen

diamondqueen

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:45 PM

Posted 21 September 2016 - 02:07 PM

My computer is running incredibly slow and my browser takes minutes to download .pdfs. I have now idea what it is infected with; no scanning tool can find anything. When I shut the computer down, it requests to force stop programs running in the background, including the task host.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Denise (administrator) on DENISE-PC (21-09-2016 13:32:29)
Running from C:\Users\Denise\Downloads
Loaded Profiles: Denise (Available Profiles: Denise)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Denise\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-16] (Yahoo!, Inc.)
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Run: [Yahoo Messenger] => C:\Users\Denise\AppData\Local\yahoomessenger\app-0.8.266\Yahoo Messenger.exe [61315088 2016-08-16] (Yahoo! Inc)
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2016-05-12]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D2EDF54F-3197-457F-90FD-70ED22BD97E3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=U303
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {9065F38C-40A4-48AD-9C88-143DB3F8E5AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9065F38C-40A4-48AD-9C88-143DB3F8E5AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-890001207-1432119572-3731189959-1000 -> {9065F38C-40A4-48AD-9C88-143DB3F8E5AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-890001207-1432119572-3731189959-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-890001207-1432119572-3731189959-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\26rrmtbd.default-1470077468029
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\26rrmtbd.default-1470077468029\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2016-05-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-17] [not signed]
FF HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/?mkt=en-US&pc=__PARAM__
CHR StartupUrls: Default -> "hxxps://movies.netflix.com/ProfilesGate?nextpage=http%3A%2F%2Fmovies.netflix.com%2FDefault"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default [2016-05-10]
CHR Extension: (Google Drive) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (uBlock Origin) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-04-14]
CHR Extension: (HTTPS Everywhere) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-30]
CHR Extension: (Google Hangouts) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Privacy Badger) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-04-14]
CHR HKU\S-1-5-21-890001207-1432119572-3731189959-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Denise\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-11]
CHR HKU\S-1-5-21-890001207-1432119572-3731189959-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-890001207-1432119572-3731189959-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-21 13:32 - 2016-09-21 13:35 - 00022605 _____ C:\Users\Denise\Downloads\FRST.txt
2016-09-21 13:31 - 2016-09-21 13:32 - 00000000 ____D C:\FRST
2016-09-21 13:29 - 2016-09-21 13:29 - 02402816 _____ (Farbar) C:\Users\Denise\Downloads\FRST64.exe
2016-09-21 11:07 - 2016-09-21 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-09-21 11:07 - 2016-09-21 11:07 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-09-21 10:58 - 2016-09-21 10:59 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Denise\Downloads\cbSetup.exe
2016-09-07 17:08 - 2016-09-07 17:10 - 00126990 _____ C:\Windows\ntbtlog.txt
2016-09-07 13:21 - 2016-09-21 11:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-02 15:41 - 2016-09-02 15:41 - 00000000 ____D C:\Users\Denise\Documents\Iberia Bank
2016-08-23 15:47 - 2016-08-23 20:10 - 00038617 _____ C:\Users\Denise\Desktop\Grades Fall 2016.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-21 13:38 - 2013-06-13 13:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-21 13:19 - 2016-08-16 15:16 - 00000000 ____D C:\Users\Denise\AppData\Roaming\Yahoo Messenger
2016-09-21 12:58 - 2013-06-04 14:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-21 10:58 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-21 10:58 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-21 10:51 - 2014-06-03 14:18 - 00000000 ___RD C:\Users\Denise\Google Drive
2016-09-21 10:50 - 2013-06-04 14:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-21 10:48 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-16 14:39 - 2013-06-13 13:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-16 14:39 - 2012-04-03 12:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-16 14:39 - 2011-05-17 15:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-16 14:38 - 2011-11-22 16:17 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-16 14:38 - 2009-12-22 09:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-07 17:05 - 2012-05-10 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-07 13:30 - 2012-12-04 14:46 - 00000000 ____D C:\Users\Denise\Documents\Fax
2016-09-07 13:23 - 2010-02-23 15:31 - 00000000 ____D C:\Users\Denise\AppData\Local\Yahoo
2016-09-07 13:23 - 2010-02-23 15:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-07 13:22 - 2010-02-23 15:30 - 00000000 ____D C:\ProgramData\Yahoo!
2016-09-07 13:20 - 2010-02-23 16:47 - 00000000 ____D C:\Users\Denise\AppData\Local\CrashDumps
2016-09-02 15:56 - 2012-12-04 14:46 - 00000000 ___RD C:\Users\Denise\Documents\Scanned Documents
2016-09-02 15:41 - 2010-02-23 15:04 - 00000000 ___RD C:\Users\Denise\Desktop\Documents 2016-09-21 11;32;31 (Full)
2016-09-01 15:53 - 2010-02-23 15:07 - 00127232 _____ C:\Users\Denise\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-01 15:52 - 2009-07-13 23:45 - 00468360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-31 12:09 - 2010-02-23 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-08-31 12:06 - 2009-12-22 09:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-08-31 11:44 - 2009-07-14 02:45 - 00000000 ____D C:\Windows\ShellNew
2016-08-23 15:03 - 2014-06-03 14:16 - 00001923 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-23 15:03 - 2014-06-03 14:16 - 00001921 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-23 15:03 - 2014-06-03 14:16 - 00001911 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-23 15:03 - 2014-06-03 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-12-19 11:35 - 2015-06-18 15:27 - 0007666 _____ () C:\Users\Denise\AppData\Local\Resmon.ResmonCfg
2016-05-25 14:19 - 2016-05-25 14:19 - 0463480 _____ () C:\Users\Denise\AppData\Local\tmpFLAT ROCK 11 ACRES.0
2016-05-25 14:19 - 2016-05-25 14:19 - 0254476 _____ () C:\Users\Denise\AppData\Local\tmpFLAT ROCK 11 ACRES.JPG
2011-05-02 09:38 - 2011-05-03 01:58 - 0009138 ___SH () C:\ProgramData\2oadg2vt613sh2
2011-05-17 00:24 - 2011-05-23 07:17 - 0007878 ___SH () C:\ProgramData\48a48mik51vk2jv6mv7c1bk0b57ic55771l7
2010-03-16 13:21 - 2010-03-16 13:21 - 0000252 _____ () C:\ProgramData\FastPics.log
2010-12-17 14:01 - 2010-12-17 14:20 - 0000859 _____ () C:\ProgramData\hpzinstall.log
2011-04-28 08:33 - 2015-02-17 14:16 - 0023247 _____ () C:\ProgramData\lxdu.log
2010-03-08 13:45 - 2011-04-29 08:37 - 0055958 _____ () C:\ProgramData\lxduJSW.log
2010-02-25 14:34 - 2010-02-25 14:34 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\Denise\AppData\Local\Temp\_is9B74.exe
C:\Users\Denise\AppData\Local\Temp\_isED1C.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-01 19:39

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Denise (21-09-2016 13:50:27)
Running from C:\Users\Denise\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-02-23 20:04:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-890001207-1432119572-3731189959-500 - Administrator - Disabled)
ASPNET (S-1-5-21-890001207-1432119572-3731189959-1003 - Limited - Enabled)
Denise (S-1-5-21-890001207-1432119572-3731189959-1000 - Administrator - Enabled) => C:\Users\Denise
Guest (S-1-5-21-890001207-1432119572-3731189959-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-890001207-1432119572-3731189959-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909g (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 48.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x64 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MPM (HKLM-x32\...\{CD8C5C7F-7C58-4F85-8977-A6C08C087912}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Officejet Pro 8500 A909 Series (HKLM\...\{D850BEF5-67AF-4071-9538-FA9AC725D62C}) (Version: 13.0 - HP)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Paltalk Messenger 11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.640.17816 - AVM Software Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version: - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Socrates Media Product Browser (HKLM-x32\...\{DBD63176-CA6A-4E3B-8D09-8D0592F869EF}) (Version: 2.75.0000 - Socrates Media, LLC)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.25 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.20 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WizTree v1.06 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
Yahoo Messenger (HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\yahoomessenger) (Version: 0.8.266 - Yahoo! Inc)
Yahoo! Search Protection (HKLM-x32\...\Yahoo! Search Defender) (Version: - ) <==== ATTENTION
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C4472A-F70E-4A43-AAB9-0528F9F78BCD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {032198E6-C352-4737-96DF-5DB93DF56361} - System32\Tasks\{3DC93726-B5FF-4670-AC43-EB697DC6540A} => pcalua.exe -a "C:\Program Files (x86)\Nuance\PaperPort\ScannerWizardU.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12" -c /A [PaperPort 12.1] /L [eng]
Task: {03597524-CC54-4018-B832-A48D0EE928BC} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {0949E4C8-B180-40E9-954F-91FB62144ECF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {2A3BDE40-A7E6-47E6-A924-C529446AE0DC} - System32\Tasks\{E74878CB-3A22-44AA-802E-4E450ACABFD1} => pcalua.exe -a E:\setup.exe -d E:\
Task: {39763883-2E29-4D51-B8D5-6EE2F185FECF} - System32\Tasks\Installation App Launcher => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe [2009-10-26] (Lexmark International Inc.)
Task: {4020C769-EF2E-41C4-A523-305601C81C20} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {404C3EBF-78BD-43C3-ADA7-425D5805A5AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {4E683C5C-D60F-426F-B2B4-9FF8D9BAF2C6} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {709CBB75-87B6-4207-B7C3-68C7407A8010} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {76CA932D-6A91-4158-846B-892C1E0D4408} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {888AF08D-9660-4151-9589-D5283C66CA30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {895B206F-4378-4C54-AFC4-3E28150E5283} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {A8C39DB0-12D1-4044-9165-42533F3B89C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {AD708525-793C-4231-89F8-B1D57ED32FA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D1CCA951-3E23-4085-8457-C5E11DA71496} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D44F0421-0C99-4AE3-9218-DB1E22612E37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {F42E2B42-FE3D-49E9-8440-6CFAB483BB60} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {F4F4FFCE-A6F8-4DDF-A930-99D3D87CC23F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-03-07] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-02-25 14:44 - 2009-05-14 02:24 - 00045568 _____ () C:\Windows\System32\LXDUPMON.DLL
2010-02-25 14:44 - 2009-09-04 02:31 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
2015-02-17 14:42 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-17 14:42 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-17 14:42 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2016-05-17 15:48 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-09-21 10:50 - 2016-09-21 10:50 - 00098816 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32api.pyd
2016-09-21 10:49 - 2016-09-21 10:49 - 00110080 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\pywintypes27.dll
2016-09-21 10:50 - 2016-09-21 10:50 - 00364544 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\pythoncom27.dll
2016-09-21 10:50 - 2016-09-21 10:50 - 00320512 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32com.shell.shell.pyd
2016-09-21 10:49 - 2016-09-21 10:50 - 00776704 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\_hashlib.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 01176576 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\wx._core_.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00806400 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\wx._gdi_.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00816128 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\wx._windows_.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 01067008 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\wx._controls_.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00733184 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\wx._misc_.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00682496 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\pysqlite2._sqlite.pyd
2016-09-21 10:49 - 2016-09-21 10:49 - 00088064 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\_ctypes.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00119808 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32file.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00108544 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32security.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00007168 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\hashobjs_ext.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00017920 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\thumbnails_ext.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00088064 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\usb_ext.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00012800 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\common.time34.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00018432 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32event.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00167936 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32gui.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00046080 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\_socket.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 01208320 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\_ssl.pyd
2016-09-21 10:49 - 2016-09-21 10:49 - 00128512 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\_elementtree.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00127488 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\pyexpat.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00038912 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32inet.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00036864 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\_psutil_windows.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00525208 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\windows._lib_cacheinvalidation.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00011264 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32crypt.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00077312 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\wx._html2.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00027136 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\_multiprocessing.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00020480 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\_yappi.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00035840 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32process.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00686080 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\unicodedata.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00078848 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\wx._animate.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00123392 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\wx._wizard.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00024064 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32pipe.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00010240 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\select.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00025600 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32pdh.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00017408 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32profile.pyd
2016-09-21 10:50 - 2016-09-21 10:50 - 00022528 ____R () C:\Users\Denise\AppData\Local\Temp\_MEI20922\win32ts.pyd
2009-12-21 20:09 - 2009-12-21 20:09 - 00016832 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\viewerps.dll
2016-05-12 15:49 - 2015-03-27 11:24 - 38713856 _____ () C:\Program Files (x86)\Paltalk Messenger\libcef.dll
2016-05-12 15:49 - 2016-05-04 11:23 - 02226688 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7898 more sites.

IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\...\123simsen.com -> www.123simsen.com

There are 7898 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-05-12 17:35 - 00833180 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 localhost.localdomain
255.255.255.255 broadcasthost
127.0.0.1 local127.0.0.1 goatse.cx # More information on sites such as
127.0.0.1 www.goatse.cx # these can be found in this article
127.0.0.1 oralse.cx # en.wikipedia.org/wiki/List_of_shock_sites
127.0.0.1 www.oralse.cx
127.0.0.1 goatse.ca
127.0.0.1 www.goatse.ca
127.0.0.1 oralse.ca
127.0.0.1 www.oralse.ca
127.0.0.1 goat.cx
127.0.0.1 www.goat.cx
127.0.0.1 1girl1pitcher.com
127.0.0.1 1girl1pitcher.org
127.0.0.1 1guy1cock.com
127.0.0.1 1man1jar.org
127.0.0.1 1man2needles.com
127.0.0.1 1priest1nun.com
127.0.0.1 1priest1nun.net
127.0.0.1 2girls1cup.cc
127.0.0.1 2girls1cup.com
127.0.0.1 2girls1cup-free.com
127.0.0.1 2girls1cup.nl
127.0.0.1 2girls1cup.ws
127.0.0.1 2girls1finger.com
127.0.0.1 2girls1finger.org
127.0.0.1 2guys1stump.org
127.0.0.1 3guys1hammer.ws
127.0.0.1 4girlsfingerpaint.com

There are 27287 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-890001207-1432119572-3731189959-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe"
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: lxdumon.exe => "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{059B59BC-1C2B-4FA8-95AE-672C8F0215D8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{0F2DDCF1-544E-44AD-9539-907C3C18387C}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{026C71A5-ADF4-43D0-935C-2957CB22DD45}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{9A69F8ED-A843-4751-97AE-966D1CAE2DA5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{92490CD2-29F4-47F5-AAEB-6C6AFDF076AB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{C8F97959-0B17-445B-9B7E-306E8CA68078}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{42B0B7DD-2288-4F74-8F11-03C7D7AEDC41}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{54335D64-029F-4516-A96A-9F7D952F1A53}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AFC5578A-A353-4578-A756-9193260F78D5}] => (Allow) svchost.exe
FirewallRules: [{FBD66B90-3C68-4936-A56D-CCF594E23EE3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{5B8FCEC4-7550-4BB7-AC57-EEC3079FD059}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0832A689-8B0D-4958-8207-31A63355109D}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D791053B-3A71-4C9D-8C22-5E710945E6BA}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{CFE81B96-BE68-407E-A291-FDDEC5C9C000}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [TCP Query User{D26E30AE-8B4B-4865-B5BC-99902794A9C6}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{4D4CFDFE-B8EF-4633-8F7B-2FA4AE1BE7EB}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{E21692B3-2263-47F8-881B-906FFD92D48A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{5DD271EE-1673-4062-91F2-B18CE1552722}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{0EC0B61F-E344-4DF7-A64B-3636F2FC9647}] => (Allow) E:\setup\hpznui40.exe
FirewallRules: [{7B13CED9-90D8-430E-A9FD-9C753C5903E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{43559451-F9E1-4EBE-AA9A-5AB48C680B59}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1B416B68-D9F5-453F-A8AD-529D4DE567E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{15C9278B-799C-415E-81B7-F4175F589C87}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{211761C8-1799-423B-BA54-4D42A34373B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{5DDE5B43-65E9-4145-8C9D-E711FBDEFCB3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6F0E3818-D4F3-40BC-91C0-DC4A73AE373F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BB75956F-7107-4B94-B34D-4CB6A7E68D78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{DDD14FEA-1F64-4FD3-AA31-3C8E903F8EEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{612FF5B2-63A6-4139-AA16-6512C274BB25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{70082FAB-03AA-49E3-93F1-F643CCB2A4ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{8AE72794-A75D-49E6-BCB3-04B2AAE80505}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{2CB9C3C8-8A34-480D-B597-D3F7C993E7AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0E886700-0E50-4C2B-AB65-52652E5F98CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{CE390D0C-1D01-4D81-8536-7FD8BF1D6646}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{328886CE-F1FA-432D-967F-7BF813195E26}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F72D2C6F-2ACD-4264-B948-5BBB57B2270B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{AFB773A1-F24B-4478-8148-9D7649F57981}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{6F04C824-8B7C-4AD3-B9F1-C3DC14256746}C:\program files (x86)\microsoft office\office12\winword.exe] => (Block) C:\program files (x86)\microsoft office\office12\winword.exe
FirewallRules: [UDP Query User{328F4043-39F7-491E-AD81-74FD809BE7AF}C:\program files (x86)\microsoft office\office12\winword.exe] => (Block) C:\program files (x86)\microsoft office\office12\winword.exe
FirewallRules: [{10D1AC6E-5167-4670-BBBE-EDEA3DAE2B8B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{9C702916-A801-4945-B902-72918A38FE01}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{B62EF328-494D-4CF3-997A-3AA0C9EEE0BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BD20751A-730E-4F6C-81AC-D5E00A93CCD5}] => (Allow) LPort=2869
FirewallRules: [{3E16F55D-86B6-4F66-B271-E1B3009DF6AF}] => (Allow) LPort=1900
FirewallRules: [{C1683B5D-188D-4002-A942-4AA2A28FE756}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{C812F9DA-F59C-490D-9553-E7BAAAD74A36}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3A4DF7B6-ABCD-4261-8482-D26C22571AF9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F6FAFD82-A21A-44B8-9D61-DC69210389B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{219E0A35-298A-44A6-88D4-AD458107C13C}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{993F3CB6-74D6-440F-A40B-43F0FCE691AA}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{66B6C835-948B-429A-B249-5A7343724482}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{8257244D-9607-4FCD-A4D9-DC08CA71F31D}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{A2851A1C-0B82-40A1-9C69-3CACB9A23E20}C:\users\denise\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\denise\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BF108513-F2EF-4013-8166-0B0F045D0A46}C:\users\denise\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\denise\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{19B6BA7B-CE21-4379-958C-17B4581DDF12}C:\users\denise\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\denise\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D8E933B8-4BE2-43B7-B623-EEA0F98D8B45}C:\users\denise\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\denise\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8E19F72B-DE8B-42EB-8EE8-F5A92DDA11B6}] => (Allow) C:\Users\Denise\Downloads\install\data\Disk1\setup.exe
FirewallRules: [{C6F486AF-EA64-4B76-A95C-456F42F15897}] => (Allow) C:\Users\Denise\Downloads\install\data\Disk1\setup.exe
FirewallRules: [{319191C4-BB86-45C1-A488-D88885CB3D4A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-07-2016 15:37:11 Windows Update
18-07-2016 13:01:46 Windows Update
27-07-2016 13:51:37 Windows Update
27-07-2016 16:53:13 Removed Adobe Acrobat Reader DC.
28-07-2016 09:52:50 Installed Adobe Reader 9.3.
02-08-2016 03:02:42 Windows Update
02-08-2016 12:59:38 JRT Pre-Junkware Removal
05-08-2016 15:08:04 Windows Update
31-08-2016 11:18:36 Configured Microsoft Office Home and Student 2007
20-09-2016 15:32:17 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2016 11:28:15 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a95eab30-e059-4b35-a4dd-65eb57d74824}

Error: (09/21/2016 10:51:03 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/21 10:51:03.483]: [00002668]: Initialize TwdsMain Class failed!

Error: (09/21/2016 10:51:03 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/21 10:51:03.436]: [00002668]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (09/21/2016 10:51:03 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/21 10:51:03.420]: [00002668]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0..

Error: (09/20/2016 03:30:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/20 15:30:24.477]: [00003932]: Initialize TwdsMain Class failed!

Error: (09/20/2016 03:30:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/20 15:30:24.476]: [00003932]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (09/20/2016 03:30:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/20 15:30:24.429]: [00003932]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0..

Error: (09/19/2016 02:39:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/19 14:39:14.379]: [00003324]: Initialize TwdsMain Class failed!

Error: (09/19/2016 02:39:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/19 14:39:14.378]: [00003324]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (09/19/2016 02:39:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/09/19 14:39:14.322]: [00003324]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0..


System errors:
=============
Error: (09/21/2016 10:51:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/21/2016 10:51:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/21/2016 10:51:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (09/21/2016 10:49:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/21/2016 10:49:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (09/20/2016 03:30:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2016 03:18:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.1846.0

Update Source: Microsoft Update Server

Update Stage: Download

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13000.0

Error code: 0x8024001e

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/19/2016 03:18:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.1846.0

Update Source: Microsoft Update Server

Update Stage: Download

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13000.0

Error code: 0x8024001e

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/19/2016 02:39:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2016 02:39:32 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.


==================== Memory info ===========================

Processor: AMD Sempron™ Processor LE-1250
Percentage of memory in use: 77%
Total physical RAM: 2814.49 MB
Available physical RAM: 621.48 MB
Total Virtual: 5627.17 MB
Available Virtual: 3348.93 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:287.14 GB) (Free:212.24 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.85 GB) (Free:1.55 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 22 September 2016 - 09:13 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:45 AM

Posted 22 September 2016 - 09:06 AM

Greetings diamondqueen and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:45 AM

Posted 22 September 2016 - 09:23 AM

Thank you for your patience.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Yahoo! Search Protection

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-890001207-1432119572-3731189959-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
2011-05-02 09:38 - 2011-05-03 01:58 - 0009138 ___SH () C:\ProgramData\2oadg2vt613sh2
2011-05-17 00:24 - 2011-05-23 07:17 - 0007878 ___SH () C:\ProgramData\48a48mik51vk2jv6mv7c1bk0b57ic55771l7
C:\Users\Denise\AppData\Local\Temp\_is9B74.exe
C:\Users\Denise\AppData\Local\Temp\_isED1C.exe
Task: {2A3BDE40-A7E6-47E6-A924-C529446AE0DC} - System32\Tasks\{E74878CB-3A22-44AA-802E-4E450ACABFD1} => pcalua.exe -a E:\setup.exe -d E:\
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

WhatIsHang by NirSoft For 64 bit Systems

--------------------
  • Download WhatIsHang for 64 bit systems and save it to your desktop
  • Unzip the folder to your desktop
  • Right click on the icon, select Run as Administrator (XP simply double click icon) and a WhatIsHang window will appear on the desktop
  • Attempt to shut down your computer
  • If any error information is populated select Edit, then Copy Entire Report
  • Include that information in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Program uninstall?
  • Fixlog
  • AdwCleaner log
  • WhatIsHang information
  • Attached System Summary information

Edited by Oh My!, 22 September 2016 - 09:25 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 diamondqueen

diamondqueen
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:45 PM

Posted 22 September 2016 - 05:04 PM

Hi Gary, I'm Denise. Thank you for your time.

 

I uninstalled the P2P program (utorrent). There are some disturbing porny items listed in my logs, are there any other P2P programs that I am not aware of that I need to delete?

 

I also uninstalled the program you recommended.

 

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Denise (22-09-2016 15:52:20) Run:1
Running from C:\Users\Denise\Desktop\Fix
Loaded Profiles: Denise (Available Profiles: Denise)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-890001207-1432119572-3731189959-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
2011-05-02 09:38 - 2011-05-03 01:58 - 0009138 ___SH () C:\ProgramData\2oadg2vt613sh2
2011-05-17 00:24 - 2011-05-23 07:17 - 0007878 ___SH () C:\ProgramData\48a48mik51vk2jv6mv7c1bk0b57ic55771l7
C:\Users\Denise\AppData\Local\Temp\_is9B74.exe
C:\Users\Denise\AppData\Local\Temp\_isED1C.exe
Task: {2A3BDE40-A7E6-47E6-A924-C529446AE0DC} - System32\Tasks\{E74878CB-3A22-44AA-802E-4E450ACABFD1} => pcalua.exe -a E:\setup.exe -d E:\
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-890001207-1432119572-3731189959-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => not found.
C:\Windows\SysWOW64\npdeployJava1.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
C:\ProgramData\2oadg2vt613sh2 => moved successfully
C:\ProgramData\48a48mik51vk2jv6mv7c1bk0b57ic55771l7 => moved successfully
C:\Users\Denise\AppData\Local\Temp\_is9B74.exe => moved successfully
C:\Users\Denise\AppData\Local\Temp\_isED1C.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A3BDE40-A7E6-47E6-A924-C529446AE0DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A3BDE40-A7E6-47E6-A924-C529446AE0DC}" => key removed successfully
C:\Windows\System32\Tasks\{E74878CB-3A22-44AA-802E-4E450ACABFD1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E74878CB-3A22-44AA-802E-4E450ACABFD1}" => key removed successfully


The system needed a reboot.

==== End of Fixlog 15:58:54 ====

 

AdwCleaner log:

 

# AdwCleaner v6.020 - Logfile created 22/09/2016 at 16:30:32
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-22.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Denise - DENISE-PC
# Running from : C:\Users\Denise\Downloads\AdwCleaner(1).exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Denise\AppData\LocalLow\HPAppData
[-] Folder deleted: C:\Users\Denise\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\Denise\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion


***** [ Files ] *****

[-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.DataStore
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.StringList
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-890001207-1432119572-3731189959-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-890001207-1432119572-3731189959-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-890001207-1432119572-3731189959-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [15817 Bytes] - [22/09/2016 16:30:32]
C:\AdwCleaner\AdwCleaner[R0].txt - [3672 Bytes] - [22/05/2015 15:50:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [3733 Bytes] - [22/05/2015 15:52:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [14945 Bytes] - [22/09/2016 16:22:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16111 Bytes] ##########
 

WhatIsHang:

No information (My computer still had a task host open that it had to force close)Attached File  Summary.zip   126.73KB   2 downloads



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:45 AM

Posted 22 September 2016 - 05:54 PM

Nice to meet you Denise.

The sketchy entries you are referring to are actually legitimate. That is a protection mechanism so that if for some reason a website tries to redirect you to one of those sites it will be stopped.

Please do this.

===================================================

Determining the Services Running Under a taskhost.exe

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and hit Enter
  • Copy and paste the following after the command prompt and then hit Enter

tasklist /svc /fi "imagename eq taskhost.exe" >%userprofile%\desktop\taskhost.txt

  • A taskhost.txt document should be placed on your Desktop
  • Copy and paste the contents of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • taskhost.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 diamondqueen

diamondqueen
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:45 PM

Posted 23 September 2016 - 12:04 PM

Image Name                     PID Services                                    
========================= ======== ============================================
taskhost.exe                  2756 N/A       



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:45 AM

Posted 23 September 2016 - 01:34 PM

Greetings Denise,

Thanks for the information which unfortunately doesn't help us at all.

When you intentionally close all programs and try to shut down the computer is taskhost.exe the only one hanging?

Please boot into Safe Mode with Networking and tell me if you experince the same thing. Test your browser behavior as well as your overall computer speed as compared when you boot normally.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 diamondqueen

diamondqueen
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:45 PM

Posted 23 September 2016 - 03:09 PM

Update: I got a pop up today threatening all kinds of data loss if I didn't call the number on the screen. This is new.  I have a screenshot if you want it.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:45 AM

Posted 23 September 2016 - 04:13 PM

Yes, please provide a screen shot. Did you click on anything?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 diamondqueen

diamondqueen
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:45 PM

Posted 23 September 2016 - 05:44 PM

No, I didn't click on anything but the X to close it. Attached is a screenshot of the pop up. If you prefer me to put it in the text of the message, please let me know.

 

 

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:45 AM

Posted 23 September 2016 - 05:56 PM

Thanks, that is perfect.

I don't think that is of any major concern as it is the same pop up my wife got but nothing happened with it.

Try Safe Mode with Networking then we will go from there.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:45 AM

Posted 26 September 2016 - 10:24 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 diamondqueen

diamondqueen
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:45 PM

Posted 26 September 2016 - 02:58 PM

Sorry for the delayed response. I shut down everything in my tray and nothing hangs when I shut down. :(

The CPU usage is still maxed out at 100%.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:45 AM

Posted 26 September 2016 - 05:01 PM

Did you try booting into Safe Mode with Networking (see Post #7)?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 diamondqueen

diamondqueen
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:45 PM

Posted 28 September 2016 - 03:06 PM

Thank you for your patience.

 

I tried several shut down procedures:

  1. Regular shut down:  Three notices popped up. "TaskEng: task schedule engine process" "task host process" and blank with "waiting for background programs to close"
  2. Regular shut down WITH closing all programs in the tray: no programs hanging
  3. Safe mode with networking: no programs hanging





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users