Jump to content

my lapttop shuts down before malware bytes finishes scanning


fattire
 Share

Recommended Posts

When I scan I see 13 threats in the registry then goes to 14 when scanning files but computer always shuts down before finishing scan I even tried it in safe mode and still shuts down.   Not sure what to do nowScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015

Ran by herbalgirl (administrator) on SALLY-PC (20-10-2015 12:26:37)
Running from C:\Users\herbalgirl\Downloads
Loaded Profiles: herbalgirl (Available Profiles: herbalgirl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
 
(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe
 
 
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12899840 2015-02-24] (Verizon)
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [MusicManager] => C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [Google Update] => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\system: [DisableCMD] 
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoInstrumentation]
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [_WrSyncExcl] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncGreen] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncRed] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncYellow] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D74C9FA-BE71-4253-9669-902040F4EF34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CC192957-A1AF-4F57-A905-21586F7519E7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.xfinity.com/?cid=customer
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
URLSearchHook: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=5244151340554421&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=5244151340554421&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {EE319D40-EE59-4B71-B118-7FFF6254A3F2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {08445E86-D7C8-4B81-B812-87DF49914139} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {8857D548-A27B-4797-A04A-82B5773510ED} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=5244151340554421&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKU\.DEFAULT -> DefaultScope {8857D548-A27B-4797-A04A-82B5773510ED} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> {8857D548-A27B-4797-A04A-82B5773510ED} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> DefaultScope {FA5336FD-EEF3-4B16-BF47-3D67DC8AF615} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=081713&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> {8857D548-A27B-4797-A04A-82B5773510ED} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> {EE319D40-EE59-4B71-B118-7FFF6254A3F2} URL = 
SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> {FA5336FD-EEF3-4B16-BF47-3D67DC8AF615} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=081713&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-04-29] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-09-24] (Webroot)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-04-29] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-09-24] (Webroot)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] (<TOSHIBA>)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-04-29] (Webroot)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin64-0.98.70.dll [2015-05-20] (getfireshot.com)
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.98.70.dll [2015-05-20] (getfireshot.com)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-04-29] (Webroot)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKU\.DEFAULT -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
DPF: HKLM-x32 {98A52828-A5D6-11D3-82B8-00104B39A31D} hxxps://prodarmbo.outboxoffice.com/prodarmbo/OnyxMaskEdit2Dual.cab
Handler: livecall - No CLSID Value
Handler: msnim - No CLSID Value
 
FireFox:
========
FF ProfilePath: C:\Users\herbalgirl\AppData\Roaming\Mozilla\Firefox\Profiles\7isepdrw.default-1442338425969
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll [2007-03-09] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3512542795-3224472316-1624659645-1001: @citrixonline.com/appdetectorplugin -> C:\Users\herbalgirl\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-3512542795-3224472316-1624659645-1001: @tools.google.com/Google Update;version=3 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3512542795-3224472316-1624659645-1001: @tools.google.com/Google Update;version=9 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll [2007-03-09] (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\herbalgirl\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-02-21] (Cisco WebEx LLC)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-09-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-09-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-04-29]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> bing.com/?mkt=en-US&pc=__PARAM__
CHR StartupUrls: Profile 1 -> "hxxp://xfinity.comcast.net/"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Profile 1 -> bing.com_
CHR DefaultNewTabURL: Profile 1 -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Profile 1 -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-13]
CHR Extension: (YouTube) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-13]
CHR Extension: (Google Calendar) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-13]
CHR Extension: (Pandora) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-11-13]
CHR Extension: (Sublimes collection : island paradise) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidjlkfgfcjpljccpeekkkafgaogmpmi [2013-11-13]
CHR Extension: (Social Fixer for Facebook) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-01-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Maps) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-01-15]
CHR Extension: (Google Play Books) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-10-30]
CHR Extension: (Autofill) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2013-09-11]
CHR Extension: (Google Wallet) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Webroot Password Manager) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-04-30]
CHR Extension: (Gmail) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR Profile: C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Google Docs) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-01]
CHR Extension: (YouTube) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-01]
CHR Extension: (Google Search) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]
CHR Extension: (Google Calendar) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-04-01]
CHR Extension: (Google Play Music) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-08-10]
CHR Extension: (Pandora) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-04-01]
CHR Extension: (Google Sheets) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Sublimes collection : island paradise) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hidjlkfgfcjpljccpeekkkafgaogmpmi [2015-04-01]
CHR Extension: (Social Fixer for Facebook) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2015-04-01]
CHR Extension: (Webroot Filtering Extension) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-04-01]
CHR Extension: (Google Maps) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-04-01]
CHR Extension: (Google Play Books) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-04-01]
CHR Extension: (Bing) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2015-06-16]
CHR Extension: (Autofill) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2015-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-01]
CHR Extension: (Webroot Password Manager) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-04-01]
CHR Extension: (Gmail) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - <no Path/update_url>
CHR HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\herbalgirl\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\herbalgirl\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-04-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-14] (Dropbox, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2473296 2013-10-30] () <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [834544 2015-10-14] (Webroot)
S2 RoxioNow Service; no ImagePath
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S2 MCSTRM; no ImagePath
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-11-04] (CACE Technologies, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [43600 2015-09-24] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-20 12:26 - 2015-10-20 12:26 - 02196992 _____ (Farbar) C:\Users\herbalgirl\Downloads\FRST64.exe
2015-10-20 12:26 - 2015-10-20 12:26 - 00043581 _____ C:\Users\herbalgirl\Downloads\FRST.txt
2015-10-20 12:26 - 2015-10-20 12:26 - 00000000 ____D C:\FRST
2015-10-20 12:25 - 2015-10-20 12:25 - 01700864 _____ (Farbar) C:\Users\herbalgirl\Downloads\FRST.exe
2015-10-19 22:44 - 2015-10-20 12:19 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-19 22:44 - 2015-10-19 22:44 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-19 22:44 - 2015-10-19 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-19 22:44 - 2015-10-19 22:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-19 22:44 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-19 22:44 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-19 22:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-10-19 22:43 - 2015-10-19 22:43 - 22908888 _____ (Malwarebytes ) C:\Users\herbalgirl\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-19 22:39 - 2015-10-19 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-19 11:55 - 2015-10-19 11:56 - 01199856 _____ ( ) C:\Users\herbalgirl\Downloads\hwmonitor_1.28.exe
2015-10-08 14:20 - 2015-10-08 14:20 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-10-08 14:20 - 2015-10-08 14:20 - 00000000 ___SD C:\windows\system32\GWX
2015-09-25 18:03 - 2015-10-01 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-20 12:26 - 2014-04-29 14:27 - 00000000 ____D C:\ProgramData\WRData
2015-10-20 12:26 - 2009-07-13 22:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-20 12:26 - 2009-07-13 22:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-20 12:25 - 2015-08-14 20:20 - 00000916 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-20 12:22 - 2011-04-19 19:34 - 01837947 _____ C:\windows\WindowsUpdate.log
2015-10-20 12:19 - 2012-12-19 16:23 - 00000000 ____D C:\Users\herbalgirl\AppData\Roaming\Dropbox
2015-10-20 12:19 - 2012-11-24 12:38 - 00000000 ___RD C:\Users\herbalgirl\Dropbox
2015-10-20 12:18 - 2015-08-14 20:20 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-20 12:18 - 2010-10-27 19:36 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-20 12:17 - 2015-03-31 00:04 - 00000869 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-10-20 12:17 - 2013-08-26 18:13 - 00045774 _____ C:\windows\setupact.log
2015-10-20 12:17 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-20 10:52 - 2012-01-15 07:49 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001UA.job
2015-10-20 01:31 - 2012-04-01 08:40 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-19 22:49 - 2013-08-26 18:24 - 00180988 _____ C:\windows\PFRO.log
2015-10-19 22:44 - 2013-08-28 23:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-19 22:40 - 2015-08-14 20:20 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-19 12:13 - 2013-10-28 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-19 12:13 - 2010-10-27 19:36 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-18 14:31 - 2012-04-01 08:40 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-18 14:31 - 2012-04-01 08:40 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-18 14:31 - 2011-09-04 12:55 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-18 07:16 - 2015-05-26 19:16 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-18 07:15 - 2015-05-26 19:15 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-14 13:49 - 2014-04-29 15:19 - 00169168 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2015-10-14 13:49 - 2014-04-29 15:19 - 00117728 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2015-10-14 13:49 - 2014-04-29 15:19 - 00106880 _____ (Webroot) C:\windows\system32\WRusr.dll
2015-10-11 11:51 - 2012-01-15 07:49 - 00000876 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001Core.job
2015-10-07 23:40 - 2011-09-06 18:56 - 00000000 ____D C:\Users\herbalgirl\AppData\Local\CrashDumps
2015-10-06 22:00 - 2013-10-28 13:11 - 00000000 ___RD C:\Users\herbalgirl\Google Drive
2015-10-01 15:22 - 2011-11-30 14:45 - 00000000 ____D C:\Users\herbalgirl\AppData\Roaming\Skype
2015-10-01 14:09 - 2009-07-13 23:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-01 12:45 - 2011-08-26 15:43 - 00000000 ____D C:\Users\herbalgirl
2015-10-01 12:43 - 2014-04-29 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-10-01 12:43 - 2014-04-29 15:19 - 00000000 ____D C:\Program Files (x86)\Webroot
2015-10-01 12:43 - 2013-02-04 11:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-01 12:43 - 2012-12-03 20:39 - 00000000 ____D C:\Users\herbalgirl\AppData\Local\NETGEARGenie
2015-10-01 12:43 - 2011-11-30 14:45 - 00000000 ____D C:\ProgramData\Skype
2015-10-01 12:43 - 2010-10-27 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-01 12:43 - 2009-07-13 21:20 - 00000000 ____D C:\windows\registration
2015-09-24 11:10 - 2015-02-27 18:38 - 00043600 ____T (Webroot) C:\windows\system32\Drivers\wrUrlFlt.sys
 
==================== Files in the root of some directories =======
 
2013-08-12 17:17 - 2014-04-29 20:54 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2011-09-06 18:20 - 2012-12-19 19:11 - 0000004 _____ () C:\Users\herbalgirl\AppData\Roaming\C5116E
2011-09-06 18:20 - 2012-12-19 19:11 - 0870128 _____ () C:\Users\herbalgirl\AppData\Roaming\mcs.rma
2012-02-24 11:55 - 2012-02-24 11:55 - 0006656 _____ () C:\Users\herbalgirl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-20 06:56 - 2012-02-20 06:56 - 0000017 _____ () C:\Users\herbalgirl\AppData\Local\resmon.resmoncfg
2014-04-01 18:09 - 2014-04-01 18:09 - 0741477 _____ () C:\ProgramData\1396396790.bdinstall.bin
2014-04-11 10:10 - 2014-04-11 10:10 - 0250730 _____ () C:\ProgramData\1397232433.bdinstall.bin
2012-07-22 14:29 - 2012-07-22 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-09-24 14:19 - 2011-09-24 14:25 - 0000745 _____ () C:\ProgramData\hpzinstall.log
2012-09-09 16:35 - 2012-10-19 12:47 - 0000024 _____ () C:\ProgramData\RNowSvc.ini
 
Some files in TEMP:
====================
C:\Users\herbalgirl\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\herbalgirl\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\herbalgirl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplsrhnt.dll
C:\Users\herbalgirl\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\herbalgirl\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\herbalgirl\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\herbalgirl\AppData\Local\Temp\SkypeSetup.exe
C:\Users\herbalgirl\AppData\Local\Temp\WRupdate338007.exe
C:\Users\herbalgirl\AppData\Local\Temp\WRupdate339286.exe
C:\Users\herbalgirl\AppData\Local\Temp\WRupdate340940.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-30 09:53
 
==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by herbalgirl (2015-10-20 12:27:17)
Running from C:\Users\herbalgirl\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-26 21:43:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3512542795-3224472316-1624659645-500 - Administrator - Disabled)
Guest (S-1-5-21-3512542795-3224472316-1624659645-501 - Limited - Disabled)
herbalgirl (S-1-5-21-3512542795-3224472316-1624659645-1001 - Administrator - Enabled) => C:\Users\herbalgirl
HomeGroupUser$ (S-1-5-21-3512542795-3224472316-1624659645-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Calisto DFU Driver (x64) (HKLM\...\{1C20E609-768A-4FDC-AC75-2CE466D81506}) (Version: 2.4.49092.0 - Plantronics, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Compass 2.0 (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\abbdd7e03279b26e) (Version: 2.0.22.2 - ZYTO)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{894C8589-3C0D-4DFD-A755-6746E30E80CA}) (Version: 9.3.0112 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{AC8EE58C-72DB-4B0B-ABE5-5669A176CDF5}) (Version: 9.5.0408 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iLumina Gold Premium (HKLM-x32\...\iLuminaPremium) (Version: 2.80 - Tyndale House Publishers)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mappic Travel Photos (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Mappic Travel Photos) (Version:  - Vegard Strenes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message+ (HKLM-x32\...\{e81287bb-3cf1-409f-abb0-f046c5df16cc}) (Version: 1.0.16.0 - Verizon)
Message+ (x32 Version: 1.0.16.0 - Verizon) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Music Manager (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\MusicManager) (Version:  - Google, Inc.)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
SmartPCFixer 5.2 (HKLM-x32\...\{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1) (Version: 5.2 - LionSea Software co., ltd) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Typing Tutor For Dummies (HKLM-x32\...\Typing Tutor For Dummies) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.5.8 - Webroot)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZYTOTouchV2 (HKLM-x32\...\{8468382B-1469-4A3A-BDC6-F4861CA6BD0E}) (Version: 1.00.00 - ZYTO)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1216\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath
 
==================== Restore Points =========================
 
28-08-2015 17:51:01 Windows Update
01-09-2015 15:26:01 Windows Update
04-09-2015 19:15:36 Windows Update
11-09-2015 10:53:20 Windows Update
13-09-2015 15:20:34 Windows Update
25-09-2015 19:09:03 Windows Update
01-10-2015 12:36:39 Removed Skype Click to Call
01-10-2015 12:38:47 Removed Skype™ 7.12
01-10-2015 12:40:48 Restore Operation
01-10-2015 13:36:42 Windows Update
08-10-2015 14:19:47 Windows Update
15-10-2015 12:43:50 Removed Skype Click to Call
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-05-23 10:27 - 2013-08-12 19:59 - 00000864 ____A C:\windows\system32\Drivers\etc\hosts
 
‣潃祰楲桧⁴挨
㤱㌹㈭〰‹楍牣獯景⁴潃灲മ⌊਍‣桔獩椠⁳⁡慳灭敬䠠协協映汩⁥獵摥戠⁹楍牣獯景⁴䍔⽐偉映牯圠湩潤獷മ⌊਍‣桔獩映汩⁥潣瑮楡獮琠敨洠灡楰杮⁳景䤠⁐摡牤獥敳⁳潴栠獯⁴慮敭⹳䔠捡൨⌊攠瑮祲猠潨汵⁤敢欠灥⁴湯愠湩楤楶畤污氠湩⹥吠敨䤠⁐摡牤獥⁳桳畯摬਍‣敢瀠慬散⁤湩琠敨映物瑳挠汯浵潦汬睯摥戠⁹桴⁥潣牲獥潰摮湩⁧潨瑳渠浡⹥਍‣桔⁥偉愠摤敲獳愠摮琠敨栠獯⁴慮敭猠潨汵⁤敢猠灥牡瑡摥戠⁹瑡氠慥瑳漠敮਍‣灳捡⹥਍ണ⌊䄠摤瑩潩慮汬ⱹ挠浯敭瑮⁳猨捵⁨獡琠敨敳
慭⁹敢椠獮牥整⁤湯椠摮癩摩慵൬⌊氠湩獥漠⁲潦汬睯湩⁧桴⁥慭档湩⁥慮敭搠湥瑯摥戠⁹⁡⌧‧祳扭汯മ⌊਍‣潆⁲硥浡汰㩥਍ണ⌊†††〱⸲㐵㤮⸴㜹††爠楨潮愮浣⹥潣††††⌠猠畯捲⁥敳癲牥਍‣†††㠳㈮⸵㌶ㄮ‰††⹸捡敭挮浯†††††††‣⁸汣敩瑮栠獯൴ഊ⌊氠捯污潨瑳渠浡⁥敲潳畬楴湯椠⁳慨摮敬⁤楷桴湩䐠华椠獴汥⹦਍ण㈱⸷⸰⸰‱†††潬慣桬獯൴⌊㨉ㄺ††††††氠捯污潨瑳਍਍਍〱ㄮ⸶㠱ㄮ㤵†椠桮畯敳灡獰栮湳渮瑥
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0EDD27D3-F0F9-489C-9208-8F7B82C46B3E} - System32\Tasks\{299FD240-7DA3-4714-9C2E-6DF963D59020} => Chrome.exe 
Task: {1EBCB68D-AC3B-48B5-B3C4-4E8C12B46411} - System32\Tasks\{1C20BA17-A931-4829-839A-9316C51A40DD} => pcalua.exe -a C:\Users\herbalgirl\Downloads\g2m_codec.exe -d C:\Users\herbalgirl\Downloads
Task: {249A38C5-8FA7-4A55-B2C1-6BA662432C6C} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {284CDD5B-F99B-4EDE-9D54-059974F36062} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3761EEA2-76F0-430E-9F42-5ACB6E5E9616} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-14] (Dropbox, Inc.)
Task: {39AC1700-2504-48FB-A1C4-A070B6A1D9E5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)
Task: {51D4044F-3E5D-4124-A5B9-041D764A75CF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-14] (Dropbox, Inc.)
Task: {66541B8F-619C-4CDB-ADB3-04564E4BDAB7} - System32\Tasks\{F874B6F7-C8AA-4CA6-B1D1-05A4CD3274E1} => pcalua.exe -a "C:\Users\herbalgirl\Downloads\Synaptics_v15_2_20_C_XP32_Vista32_Win7-32_Signed_Marketing_SGS94_UI-Scrybe (1).exe" -d C:\Users\herbalgirl\Downloads
Task: {68D50CD4-739C-4CC5-8EC6-48A51262729F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {699A3359-7C6D-418E-A3D7-09EF784F8127} - System32\Tasks\{7D46DC9E-F0A5-4D0F-9DCA-5DA3A6365E08} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {69C3E8E8-4BE1-4BED-A0C4-CE8E23BCA9ED} - System32\Tasks\{8FAF87CB-2FBF-423B-94C3-7F5354F41DEC} => pcalua.exe -a D:\LaunchCD.exe -d D:\
Task: {70DE7DF9-DC26-4F44-B63D-7B63CE1F0597} - System32\Tasks\{EAAB0770-63BF-43FA-999F-10B82C9273BC} => pcalua.exe -a "C:\Users\herbalgirl\Downloads\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All (1).exe" -d C:\Users\herbalgirl\Downloads
Task: {7F08871C-C336-4C66-9345-8E8243599B2F} - System32\Tasks\{AB10F7FF-8876-4FC8-A5B5-7781BA56AA9C} => pcalua.exe -a "C:\Users\herbalgirl\AppData\Local\Temp\Temp1_Synaptics_v16_3_15_1_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Signed_Acme_Inc (1).zip\Setup.exe"
Task: {8CF288BC-B276-46E1-ACCF-3B0BA338112D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001Core => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BE29DB60-3FB0-4E5C-86B9-F54088D9868F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001UA => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C280591B-3261-4E89-AD90-78ED0C5BF298} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe
Task: {CD4D0A68-A65D-4303-B7E1-08670BE0C3F9} - System32\Tasks\{373A3F3E-D7A8-4A00-B778-A00CFF0B2FED} => pcalua.exe -a "C:\Program Files (x86)\CounterPath\eyeBeam 1.5\unins000.exe"
Task: {D0308825-3F77-4D77-B011-025724894A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D5488325-0790-4F2D-9F10-52C0BE1C42F6} - System32\Tasks\{624B11A4-D3DF-47FF-80E4-FE8E8EFCABA6} => pcalua.exe -a D:\setup.exe -d D:\
Task: {DA8B5EF5-7293-4C7D-A968-9D536B206CA6} - System32\Tasks\{3498C2F3-CFF7-42FE-AF89-23E04F8679EC} => pcalua.exe -a C:\Users\herbalgirl\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {E0CF8A99-E9BC-4B71-B43C-52356E439C76} - System32\Tasks\{AF673448-2D05-461E-9975-8B37395604B8} => pcalua.exe -a "C:\Program Files (x86)\iLuminaPremium\Uninstall.exe"
Task: {F329D756-E3F6-46B3-9525-BC685F7737E9} - System32\Tasks\{055A480E-5767-4EA4-907A-73C29E1E2050} => C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001Core.job => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001UA.job => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-06-11 01:40 - 2014-06-11 01:40 - 00098816 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2013-09-28 19:14 - 2013-09-28 19:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-06-11 01:40 - 2014-06-11 01:40 - 00523776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-06-11 01:09 - 2014-06-11 01:09 - 01554944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-06-11 01:10 - 2014-06-11 01:10 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-06-11 01:11 - 2014-06-11 01:11 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-06-11 01:59 - 2014-06-11 01:59 - 05992960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-03-23 21:33 - 2014-03-23 21:33 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-11 01:30 - 2014-06-11 01:30 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-03-23 21:33 - 2014-03-23 21:33 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-06-11 01:29 - 2014-06-11 01:29 - 01175552 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-06-11 01:31 - 2014-06-11 01:31 - 10063872 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-06-13 01:39 - 2014-06-13 01:39 - 01361920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-06-11 01:35 - 2014-06-11 01:35 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-06-11 01:36 - 2014-06-11 01:36 - 00885248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-06-11 01:38 - 2014-06-11 01:38 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-04-08 02:07 - 2014-04-08 02:07 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-04-08 02:06 - 2014-04-08 02:06 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 03:56 - 2012-11-29 03:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-03-23 21:31 - 2014-03-23 21:31 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-03-23 21:31 - 2014-03-23 21:31 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-03-23 21:31 - 2014-03-23 21:31 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2014-06-11 01:36 - 2014-06-11 01:36 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-06-11 01:38 - 2014-06-11 01:38 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-03-23 22:08 - 2014-03-23 22:08 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-03-23 21:31 - 2014-03-23 21:31 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2015-02-20 12:25 - 2015-02-20 12:25 - 00612152 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\sqlite3.DLL
2015-02-24 15:16 - 2015-02-24 15:16 - 01654272 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\VzMessagingClientLib.dll
2015-08-13 14:33 - 2015-08-13 14:33 - 00117248 _____ () C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 00234496 _____ () C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 00253440 _____ () C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-08-13 14:33 - 2015-08-13 14:33 - 00344064 _____ () C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2015-10-20 12:18 - 2015-10-20 12:18 - 00071168 _____ () c:\Users\herbalgirl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplsrhnt.dll
2015-08-14 20:22 - 2015-09-23 17:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-08-14 20:22 - 2015-09-23 17:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-14 20:22 - 2015-09-23 17:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-14 20:22 - 2015-09-23 17:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-10-15 13:12 - 2015-10-08 18:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-15 13:12 - 2015-10-08 18:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\herbalgirl\Downloads\Fwd Essay.msg.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\hsn.net -> hxxps://inhouseapps.hsn.net
IE trusted site: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\outboxoffice.com -> hxxps://prodarmbo.outboxoffice.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\herbalgirl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot FF RunOnce.lnk => C:\Windows\pss\Install Webroot FF RunOnce.lnkCommon Startup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot IE RunOnce.lnk => C:\Windows\pss\Install Webroot IE RunOnce.lnkCommon Startup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnkCommon Startup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZYTOTouchV2.lnk => C:\Windows\pss\ZYTOTouchV2.lnkCommon Startup
MSCONFIG\startupfolder: C:^Users^herbalgirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnkStartup
MSCONFIG\startupfolder: C:^Users^herbalgirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 6700 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 6700 (Network).lnkStartup
MSCONFIG\startupfolder: C:^Users^herbalgirl^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: 00TCrdMain => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Best Buy pc app => C:\Users\herbalgirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: ConnectionCenter => 
MSCONFIG\startupreg: Google Update => "C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: googletalk => 
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Officejet 6700 (NET) => "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN25N3G0NV05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: ISTray => 
MSCONFIG\startupreg: iTunesHelper => 
MSCONFIG\startupreg: MusicManager => "C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: PlantronicsBatteryStatus.exe => 
MSCONFIG\startupreg: PlantronicsURE.exe => 
MSCONFIG\startupreg: QuickTime Task => 
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RoxioNowMediaManagerApp => 
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SmartFaceVWatcher => 
MSCONFIG\startupreg: SmoothView => 
MSCONFIG\startupreg: Spotify Web Helper => 
MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => 
MSCONFIG\startupreg: TosReelTimeMonitor => 
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => 
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: WRSVC => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{13BB094D-CE28-42A1-86F4-69D77E373713}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0E6634E2-38CB-4D92-96EE-417635887B9C}] => (Allow) LPort=2869
FirewallRules: [{ECD5FDDF-98E5-46A8-9F9C-57EF8F04EADE}] => (Allow) LPort=1900
FirewallRules: [{54E3BF77-1E5C-4F4E-9935-650BF831BF14}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AE1A8A71-8A16-43E7-842F-129D7377F791}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D182F1D8-2DFB-4A0F-B9DB-E9F12D11C658}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{70AD5ABF-8D6E-4150-A2C3-DA6C0FFA6309}C:\users\herbalgirl\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\herbalgirl\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{31706B16-74A5-4269-8E82-901FA6452B1D}C:\users\herbalgirl\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\herbalgirl\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5B8FF3E5-2E6F-498F-B5A8-2DF32E7B5D0D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [uDP Query User{6EA78049-AA99-4317-87E0-42538E6552F7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{E10965ED-7A53-480A-88B9-4D51C5F68198}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [uDP Query User{04452C1E-F968-4B58-A1D1-A75F5853E1E0}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{5036FB97-365C-47C9-A8B4-B3E4FD8E0B37}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{EA174B38-BF12-4CA9-B3AB-74A097890B01}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{D1AA5047-533C-4716-BF77-872F319FF5D4}C:\users\herbalgirl\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herbalgirl\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{4160AF93-F027-4855-A1AE-80F5E921D66F}C:\users\herbalgirl\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herbalgirl\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0CE390FA-860E-4840-959C-D864736597A3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{88B270BE-8D5D-4B6A-AB9E-CC0F5145D714}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{DC7F0CF9-C801-4CFF-A143-C272A988C316}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{E99DFE8E-301F-46BB-81F8-33580251881A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{7EAC128B-81E0-4D34-968E-8F34ECA29254}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{50B66157-8DA0-4A2C-8E08-53CDBA12D81B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{816BA522-DDDE-4DD5-84FC-A6B3A188A2C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B43B4C04-551B-4CDC-B9F7-C87C6CA875A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EA1750C-D370-4405-AE8C-1AA6FEA4A460}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{34F2C146-46B0-4A5D-B024-A7D19511FCFB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
Link to post
Share on other sites

  • Staff

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


Please run FRST again, check Addition.txt, press Scan and attach both reports.


Link to post
Share on other sites

Ok here is the latest scan  
 

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



Please run FRST again, check Addition.txt, press Scan and attach both reports.


 

Addition102115.txt

FRST102115.txt

Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

 

Fixlog.txt

Link to post
Share on other sites

 

FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

 

 

Hi  Ok this must have worked I was able to scan my laptop without it shutting itself off and remove all threats which there were over 500   I appreciate the help very much.  I hope the log looks better.

Link to post
Share on other sites

Excellent :)

Is everything working fine again?

Yes  everything is fine now except the laptop is still shutting down and overheating.   I suspect the fans may not be working but I have a friend who is an engineer that said he can open it up and replace if they are no longer working.   

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.