Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups and cannot install a printer


  • This topic is locked This topic is locked
2 replies to this topic

#1 SeeknM

SeeknM

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 09 October 2016 - 08:39 PM

I keep seeing pop-ups and I am unable to install a printer. My drive spins fast. I am unable to run a command prompt in administrator mode from within an administrator account.  
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by Keith (administrator) on MELISSAGLOVER (09-10-2016 07:21:13)
Running from C:\Users\Keith\Desktop
Loaded Profiles: Keith (Available Profiles: Melissa Glover & Keith & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
() C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2828072 2011-09-16] (Synaptics Incorporated)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-08-22] ()
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [fst_us_220] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.exe [3225088 2015-10-18] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2011-02-03] (Hewlett-Packard Company)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-06] (Client Connect LTD)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-08-21]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Melissa Glover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-08-21]
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Keith\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM-x32] => http=127.0.0.1:3128
AutoConfigURL: [HKLM] => http=127.0.0.1:3128
Winsock: Catalog9 01 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 02 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 03 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 04 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9 16 C:\windows\system32\Nuyedf.dll No File 
Winsock: Catalog9-x64 01 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 02 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 03 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 04 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Winsock: Catalog9-x64 16 C:\windows\system32\Nuyedf64.dll [375120 2015-11-12] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{14EBB45F-8C8B-49FB-BDCB-439A11475760}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{D08009B3-421A-4FA7-AE6A-59C9DCABD554}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-1010346940-739637343-2868352682-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
URLSearchHook: HKLM-x32 - (No Name) - {02edb56b-9b33-435b-b7df-b2843273a694} - No File
URLSearchHook: HKLM-x32 - (No Name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No File
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto4_14_31&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyE0EtB0CyDyByEyDyCyBzztN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V2Z2Y2Z1FyE1VtCyE1VtAtCtN1L1G1B1V1N2Y1L1Qzu2SyEyEzztA0BtCzzzytGtA0C0EtAtGtD0CzzyDtGyBtC0AtDtGyE0EtA0D0AyByC0FtBtBtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyEyD0BtDtCyBtG0A0FtD0AtGyE0C0FyCtGzytCzyzytG0CyDyCyB0D0B0D0BtCtAzy0A2Q&cr=821694722&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=3884089e-83c9-4643-a810-48559462dd88&searchtype=ds&q={searchTerms}&installDate=21/07/2013
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/24&hid=1743523206435441235&lg=EN&cc=US
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
SearchScopes: HKU\S-1-5-21-1010346940-739637343-2868352682-1006 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=FANztutbl012,2c74c1a3-d630-4acc-b346-496869c565b9,
BHO: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho64.dll => No File
BHO: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho64.dll => No File
BHO: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho64.dll => No File
BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll [2014-08-21] (esc)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.x64.dll [2014-07-27] ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-10-18] (Goobzo Ltd.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Fast Free Converter 4.1 -> {0267CB62-3A0A-4847-AA96-A338AD292E0F} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL => No File
BHO-x32: No Name -> {02edb56b-9b33-435b-b7df-b2843273a694} -> No File
BHO-x32: No Name -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> No File
BHO-x32: MediaPlayerEnhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho.dll => No File
BHO-x32: Plus-HD-8.9 -> {11111111-1111-1111-1111-110511281100} -> C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho.dll => No File
BHO-x32: HQ-Video-Pro-1.4 -> {11111111-1111-1111-1111-110511291120} -> C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-bho.dll => No File
BHO-x32: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll [2014-08-21] (esc)
BHO-x32: LyricsWoofer -> {1b3b6848-2fa2-4d87-a03a-bcbc4a8cee8c} -> C:\Program Files (x86)\LyricsWoofer\133.dll => No File
BHO-x32: SelectionLinks -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> C:\Program Files (x86)\OApps\SelectionLinks.dll => No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-25] (RealPlayer)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: LessTabs -> {3178A392-8963-471E-B7A2-969CB58D6496} -> C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll => No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-09] (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Show Lyrics -> {90609D82-77C3-4391-8915-CF5638CF4605} -> C:\Program Files (x86)\Show-Lyrics\slyrics.dll => No File
BHO-x32: No Name -> {96A25A24-2E87-4374-8A50-CC6F943FCE4D} -> No File
BHO-x32: ReGulearDeals -> {A54D8AB7-B70F-79EA-C354-45C49260F762} -> C:\ProgramData\ReGulearDeals\aJ2KYcFIr2.dll [2014-07-27] ()
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-10-18] (Goobzo Ltd.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll => No File
BHO-x32: M-Lyrics -> {C9AFAF70-F7EB-44B6-A334-0ED998D466E7} -> C:\Program Files (x86)\M-Lyrics\lfind.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-09] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.5\deltaTlbr.dll No File
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{350F8805-D431-4908-8701-57A62717BAF2}] - C:\Program Files\groover121120151836\Firefox\{350F8805-D431-4908-8701-57A62717BAF2}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll [2014-01-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll [2014-01-29] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-10-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-10-25] (RealNetworks, Inc.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-21] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-21] (globalUpdate)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bakaaanikglogbgdnnkhieaaadpnkggc] - C:\Users\MELISS~1\AppData\Local\Temp\tbch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bdephonbpjofbmmhhlhiegdokbhhccch] - C:\Program Files (x86)\LyricsWoofer\133.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Users\Melissa Glover\AppData\Roaming\OpenCandy\DCDB5705B04C487E8DB0754E1A44B316\app.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kfpelfbdfajdjanfefecookocekcfkni] - C:\Program Files (x86)\OApps\chrome-sl.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [ogoocamnhedgmkaapmjkkioohkedbecm] - C:\Program Files (x86)\M-Lyrics\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [pkahcfoiapkaglphahjnnmojmlbhnidb] - C:\Program Files (x86)\Show-Lyrics\Chrome.crx <not found>
StartMenuInternet: Google Chrome - chrome.exe
StartMenuInternet: Google Chrome.Guest - C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllDaySavingsService64; C:\Program Files (x86)\57F737B4-ACBE-4AFB-87B3-6DC08B80F484\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 CFUACProxy_hddv2usb3; C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe [83792 2011-09-08] (Storage Appliance Corp.)
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S4 f592fff6; c:\Program Files (x86)\AppendMonitor\AppendMonitor.dll [2236928 1980-08-21] () [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-21] (globalUpdate) [File not signed] <==== ATTENTION
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
S4 hzunyanhtn64; C:\Program Files\005\hzunyanhtn64.exe [709120 2014-08-21] () [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S4 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] () [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-08-22] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S4 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [3001856 2015-10-28] (Search Module Ltd.) [File not signed]
S4 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-18] (ShopperPro) <==== ATTENTION
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update GrabRez; "C:\Program Files (x86)\GrabRez\updateGrabRez.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 1980-12-17] (Cherimoya Ltd) <==== ATTENTION
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2011-08-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2011-08-22] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [45728 2015-10-28] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-18] ()
S2 SPDRIVER_1.42.1.2687; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2687\jsdrv.sys [52384 2015-10-18] ()
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-08-03] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2011-08-03] (LG Electronics Inc.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-02-21] (StdLib)
S1 apcqaqmq; \??\C:\windows\system32\drivers\apcqaqmq.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
U2 wuaserv; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 07:21 - 2016-10-09 07:21 - 00031910 _____ C:\Users\Keith\Desktop\FRST.txt
2016-10-09 07:20 - 2016-10-09 07:21 - 00000000 ____D C:\FRST
2016-10-09 07:18 - 2016-10-09 00:57 - 02405376 _____ (Farbar) C:\Users\Keith\Desktop\FRST64.exe
2016-10-09 06:09 - 2016-10-09 06:19 - 00000000 ____D C:\Users\Keith\Documents\Bluetooth Folder
2016-10-09 06:09 - 2016-10-09 06:09 - 00000000 ____D C:\Users\Keith\AppData\Local\BMExplorer
2016-10-09 02:51 - 2016-10-09 02:51 - 00000000 __SHD C:\found.008
2016-09-29 22:26 - 2016-09-29 22:30 - 00000000 ___SD C:\32788R22FWJFW
2016-09-29 22:26 - 2016-09-29 22:26 - 00000000 ____D C:\windows\erdnt
2016-09-29 22:03 - 2016-09-29 22:03 - 00000000 ____D C:\Users\Keith\AppData\Local\VirtualStore
2016-09-29 22:02 - 2016-09-29 22:02 - 00002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-09-29 22:02 - 2016-09-29 22:02 - 00002080 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-09-29 22:02 - 2016-09-29 22:02 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-09-27 22:30 - 2016-09-27 22:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\SynthMaker
2016-09-27 22:30 - 2016-09-27 22:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Acoustica
2016-09-27 21:34 - 2016-09-29 20:23 - 00000000 ____D C:\windows\pss
2016-09-27 19:55 - 2016-09-27 20:34 - 00000332 _____ C:\windows\Tasks\HPCeeScheduleForKeith.job
2016-09-27 19:55 - 2016-09-27 19:55 - 00003186 _____ C:\windows\System32\Tasks\HPCeeScheduleForKeith
2016-09-27 19:55 - 2016-09-27 19:55 - 00000000 ____D C:\Users\Keith\AppData\Local\Hewlett-Packard_Developme
2016-09-27 19:55 - 2016-09-27 19:55 - 00000000 ____D C:\Users\Keith\AppData\Local\Hewlett-Packard
2016-09-27 19:54 - 2016-09-27 19:54 - 272784158 _____ C:\Users\Keith\Documents\RegistryBackup.reg
2016-09-27 19:35 - 2016-09-27 19:35 - 00262144 _____ C:\windows\Minidump\092716-98764-01.dmp
2016-09-27 19:31 - 2016-09-29 21:48 - 00000000 ____D C:\Users\Keith\AppData\Local\ElevatedDiagnostics
2016-09-27 18:49 - 2016-09-27 18:49 - 00000000 ____H C:\Users\Melissa Glover\BIT9A39.tmp
2016-09-27 18:48 - 2016-09-27 19:35 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForMelissa Glover.job
2016-09-27 18:48 - 2016-09-27 18:49 - 00003240 _____ C:\windows\System32\Tasks\HPCeeScheduleForMelissa Glover
2016-09-27 17:48 - 2016-09-27 17:48 - 00000000 ____D C:\Users\Keith\AppData\LocalLow\{A54D8AB7-B70F-79EA-C354-45C49260F762}
2016-09-27 17:46 - 2016-09-27 17:46 - 00000000 ____D C:\Users\Keith\AppData\Roaming\WinRAR
2016-09-27 16:00 - 2016-09-27 16:00 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Hewlett-Packard
2016-09-27 14:35 - 2016-09-27 14:35 - 00000000 ____D C:\Users\Keith\AppData\LocalLow\Sun
2016-09-27 14:34 - 2016-09-27 14:34 - 00000000 ____D C:\Users\Keith\Documents\Native Instruments
2016-09-27 14:33 - 2016-09-27 14:33 - 00000000 ____D C:\Users\Keith\AppData\Local\Native Instruments
2016-09-27 14:30 - 2016-09-27 14:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Intel Corporation
2016-09-27 14:29 - 2016-09-27 18:11 - 00001621 _____ C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2016-09-27 14:29 - 2016-09-27 14:31 - 00000000 ____D C:\Users\Keith\AppData\Roaming\hpqLog
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Synaptics
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Apple Computer
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Adobe
2016-09-27 14:29 - 2016-09-27 14:29 - 00000000 ____D C:\Users\Keith\AppData\Local\PDFC
2016-09-27 14:28 - 2016-09-27 17:30 - 00000258 __RSH C:\Users\Keith\ntuser.pol
2016-09-27 14:28 - 2016-09-27 17:30 - 00000000 ____D C:\Users\Keith
2016-09-27 14:28 - 2016-09-27 14:28 - 00109296 _____ C:\Users\Keith\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\My Documents
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Videos
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Pictures
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 _SHDL C:\Users\Keith\Documents\My Music
2016-09-27 14:28 - 2016-09-27 14:28 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Systweak
2016-09-27 14:28 - 2012-01-22 21:52 - 00000000 ____D C:\Users\Keith\AppData\Local\Microsoft Help
2016-09-27 14:28 - 2009-07-27 10:09 - 00000020 ___SH C:\Users\Keith\ntuser.ini
2016-09-27 14:03 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-09-27 14:03 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-09-27 14:03 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-09-27 14:03 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-09-27 14:02 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-09-27 14:02 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-09-27 14:02 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-09-27 14:02 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-09-27 14:02 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-09-27 14:02 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-09-27 14:02 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-09-27 13:14 - 2016-09-27 13:15 - 00037954 _____ C:\Users\Keith\Documents\hardinfo_report.html
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 06:16 - 2009-07-14 00:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-09 06:16 - 2009-07-14 00:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-09 06:15 - 2011-08-06 07:01 - 00000000 ____D C:\Users\Public\Documents\Atheros
2016-10-09 06:09 - 2011-08-06 07:01 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-10-09 06:08 - 2011-05-04 20:54 - 00000000 ____D C:\ProgramData\PDFC
2016-10-09 06:08 - 2011-05-04 20:50 - 00000000 ____D C:\ProgramData\HPQLOG
2016-10-09 06:02 - 2014-03-01 01:54 - 00000000 ____D C:\Users\Melissa Glover\AppData\Roaming\Open Download Manager
2016-09-27 21:04 - 2014-08-21 19:59 - 00002168 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-6.job
2016-09-27 20:41 - 2009-07-14 01:13 - 00783234 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-27 20:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-09-27 20:38 - 2014-03-30 00:01 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup
2016-09-27 20:36 - 2014-08-21 19:59 - 00004160 _____ C:\windows\Tasks\6d83c2d0-7f9f-4d68-ab13-5715fd424552.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00002696 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-4.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00002220 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-7.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001788 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-1.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001698 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-5_user.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001678 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-5.job
2016-09-27 20:36 - 2014-08-21 19:59 - 00001408 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-2.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00004498 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-11.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00002792 _____ C:\windows\Tasks\be385958-0c74-4875-a328-8aaabb7f3cac-3.job
2016-09-27 20:36 - 2014-08-21 19:58 - 00000904 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2016-09-27 20:36 - 2014-03-23 21:41 - 00000458 ____H C:\windows\Tasks\SW-Booster-S-619517029.job
2016-09-27 20:36 - 2014-03-04 00:41 - 00001634 _____ C:\windows\Tasks\MediaPlayerEnhance-updater.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001590 _____ C:\windows\Tasks\MediaPlayerEnhance-codedownloader.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001526 _____ C:\windows\Tasks\Plus-HD-8.9-updater.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001488 _____ C:\windows\Tasks\MediaPlayerEnhance-enabler.job
2016-09-27 20:36 - 2014-03-04 00:40 - 00001380 _____ C:\windows\Tasks\Plus-HD-8.9-enabler.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00003474 _____ C:\windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00002434 _____ C:\windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00002344 _____ C:\windows\Tasks\Plus-HD-8.9-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-04 00:39 - 00001482 _____ C:\windows\Tasks\Plus-HD-8.9-codedownloader.job
2016-09-27 20:36 - 2014-03-04 00:38 - 00003110 _____ C:\windows\Tasks\Plus-HD-8.9-chromeinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00003130 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-chromeinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00002610 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001556 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-updater.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001512 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job
2016-09-27 20:36 - 2014-03-03 11:33 - 00001410 _____ C:\windows\Tasks\HQ-Video-Pro-1.4-enabler.job
2016-09-27 20:36 - 2013-07-01 03:31 - 00000402 _____ C:\windows\Tasks\Show Lyrics Update.job
2016-09-27 20:36 - 2013-07-01 01:46 - 00000422 _____ C:\windows\Tasks\LyricsWoofer Update.job
2016-09-27 20:36 - 2013-05-11 03:37 - 00000392 _____ C:\windows\Tasks\M-Lyrics Update.job
2016-09-27 20:34 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-27 20:06 - 2014-08-21 20:06 - 00000316 _____ C:\windows\Tasks\Groovorio Updater.job
2016-09-27 20:03 - 2014-08-21 19:58 - 00000908 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2016-09-27 19:41 - 1980-11-23 22:37 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-09-27 19:35 - 2012-06-27 19:49 - 00000000 ____D C:\windows\Minidump
2016-09-27 19:34 - 2012-06-27 19:49 - 995515056 _____ C:\windows\MEMORY.DMP
2016-09-27 19:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-09-27 18:49 - 2011-08-18 23:12 - 00000000 ____D C:\Users\Melissa Glover
2016-09-27 17:48 - 2011-09-04 22:24 - 02537472 ___SH C:\Users\Melissa Glover\Downloads\Thumbs.db
2016-09-27 17:30 - 2014-08-21 20:00 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2016-09-27 16:00 - 2013-01-25 22:30 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-09-27 14:03 - 2014-08-21 20:01 - 00000000 ____D C:\Program Files\AllDaySavings
ZeroAccess:
C:\Users\Melissa Glover\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\nsd4A2B.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nse926.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nsf601D.exe
C:\Users\Guest\AppData\Local\Temp\nsg2790.exe
C:\Users\Guest\AppData\Local\Temp\nsg3D32.exe
C:\Users\Guest\AppData\Local\Temp\nskAC1A.exe
C:\Users\Guest\AppData\Local\Temp\nsm8DA.exe
C:\Users\Guest\AppData\Local\Temp\nsmFE7E.exe
C:\Users\Guest\AppData\Local\Temp\nso6FD4.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nst81ED.tmp.exe
C:\Users\Guest\AppData\Local\Temp\nswAEE8.exe
C:\Users\Guest\AppData\Local\Temp\nsx2DF.tmp.exe
C:\Users\Guest\AppData\Local\Temp\playnowradio.exe
C:\Users\Guest\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Guest\AppData\Local\Temp\SPSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\0dmzsv3z.dll
C:\Users\Melissa Glover\AppData\Local\Temp\6C76_HiDefMedia-1.1.12-win32.exe
C:\Users\Melissa Glover\AppData\Local\Temp\air5A9D.exe
C:\Users\Melissa Glover\AppData\Local\Temp\air6C75.exe
C:\Users\Melissa Glover\AppData\Local\Temp\airAE87.exe
C:\Users\Melissa Glover\AppData\Local\Temp\BackupSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\chrome.exe
C:\Users\Melissa Glover\AppData\Local\Temp\dlLogic.exe
C:\Users\Melissa Glover\AppData\Local\Temp\dltr.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixPro.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Melissa Glover\AppData\Local\Temp\eFixProSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\embededstub.exe
C:\Users\Melissa Glover\AppData\Local\Temp\GCVerifier.dll
C:\Users\Melissa Glover\AppData\Local\Temp\gkc.exe
C:\Users\Melissa Glover\AppData\Local\Temp\hq-video-pro-1-4.exe
C:\Users\Melissa Glover\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\LiveSupport_update.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsbB1D9.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsbB534.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsc350C.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsc9263.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nse39C.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsfC8BB.tmp.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsgAB41.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsh673A.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsh8257.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsjE5D3.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm1806.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm1AC5.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm63FE.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm641F.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsm8EF8.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nso4E29.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nso5490.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsr9243.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nstEBDC.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nstF10B.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsw5E92.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsw9A01.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nswA7A8.exe
C:\Users\Melissa Glover\AppData\Local\Temp\nsx37FA.exe
C:\Users\Melissa Glover\AppData\Local\Temp\OfferBrokerage_14111.exe
C:\Users\Melissa Glover\AppData\Local\Temp\oprun28864.exe
C:\Users\Melissa Glover\AppData\Local\Temp\oprun9098.exe
C:\Users\Melissa Glover\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Melissa Glover\AppData\Local\Temp\setup_709.exe
C:\Users\Melissa Glover\AppData\Local\Temp\setup__6272.exe
C:\Users\Melissa Glover\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Melissa Glover\AppData\Local\Temp\SpOrder.dll
C:\Users\Melissa Glover\AppData\Local\Temp\SPSetup.exe
C:\Users\Melissa Glover\AppData\Local\Temp\toparcupd.exe
C:\Users\Melissa Glover\AppData\Local\Temp\Tsu0672F4F3.dll
C:\Users\Melissa Glover\AppData\Local\Temp\uninst1.exe
C:\Users\Melissa Glover\AppData\Local\Temp\Uninstall.exe
C:\Users\Melissa Glover\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Melissa Glover\AppData\Local\Temp\verifier.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2011-08-19 14:48] - [2011-08-19 14:48] - 0357888 ____A (Microsoft Corporation) 7F451F275680080B057A3D41A5D34596
 
C:\windows\SysWOW64\dnsapi.dll
[2011-08-19 14:48] - [2011-08-19 14:48] - 0270336 ____A (Microsoft Corporation) FC4723F0CF1D8864430B4F9A398133F8
 
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2013-01-06 02:19
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 11 October 2016 - 01:15 AM

Hi SeeknM :)

 

My name is polskamachina and I would like to welcome you the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 12 October 2016 - 08:51 AM

Duplicate post. This topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users