my lapttop shuts down before malware bytes finishes scanning

fattire · October 20, 2015

When I scan I see 13 threats in the registry then goes to 14 when scanning files but computer always shuts down before finishing scan I even tried it in safe mode and still shuts down. Not sure what to do nowScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015

Ran by herbalgirl (administrator) on SALLY-PC (20-10-2015 12:26:37)

Running from C:\Users\herbalgirl\Downloads

Loaded Profiles: herbalgirl (Available Profiles: herbalgirl)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe

HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12899840 2015-02-24] (Verizon)

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [MusicManager] => C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Run: [Google Update] => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\system: [DisableCMD]

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoInstrumentation]

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)

HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

HKU\S-1-5-18\...\Run: [bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard

HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)

ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)

ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)

ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [_WrSyncExcl] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)

ShellIconOverlayIdentifiers: [_WrSyncGreen] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)

ShellIconOverlayIdentifiers: [_WrSyncRed] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)

ShellIconOverlayIdentifiers: [_WrSyncYellow] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\windows\system32\WRusr.dll [2015-10-14] (Webroot)

ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-19]

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-19]

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{1D74C9FA-BE71-4253-9669-902040F4EF34}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{CC192957-A1AF-4F57-A905-21586F7519E7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.xfinity.com/?cid=customer

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/

URLSearchHook: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File

SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=5244151340554421&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=5244151340554421&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKLM -> {EE319D40-EE59-4B71-B118-7FFF6254A3F2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKLM-x32 -> DefaultScope {08445E86-D7C8-4B81-B812-87DF49914139} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {8857D548-A27B-4797-A04A-82B5773510ED} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=5244151340554421&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468

SearchScopes: HKU\.DEFAULT -> DefaultScope {8857D548-A27B-4797-A04A-82B5773510ED} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKU\.DEFAULT -> {8857D548-A27B-4797-A04A-82B5773510ED} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> DefaultScope {FA5336FD-EEF3-4B16-BF47-3D67DC8AF615} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=081713&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> {8857D548-A27B-4797-A04A-82B5773510ED} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =

SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> {EE319D40-EE59-4B71-B118-7FFF6254A3F2} URL =

SearchScopes: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> {FA5336FD-EEF3-4B16-BF47-3D67DC8AF615} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=081713&q={searchTerms}&src=IE-SearchBox

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-04-29] (Webroot)

BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-09-24] (Webroot)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-04-29] (Webroot)

BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-09-24] (Webroot)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] (<TOSHIBA>)

Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-04-29] (Webroot)

Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin64-0.98.70.dll [2015-05-20] (getfireshot.com)

Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.98.70.dll [2015-05-20] (getfireshot.com)

Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-04-29] (Webroot)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

Toolbar: HKU\.DEFAULT -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

Toolbar: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File

DPF: HKLM-x32 {98A52828-A5D6-11D3-82B8-00104B39A31D} hxxps://prodarmbo.outboxoffice.com/prodarmbo/OnyxMaskEdit2Dual.cab

Handler: livecall - No CLSID Value

Handler: msnim - No CLSID Value

FireFox:

========

FF ProfilePath: C:\Users\herbalgirl\AppData\Roaming\Mozilla\Firefox\Profiles\7isepdrw.default-1442338425969

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]

FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll [2007-03-09] (Yahoo! Inc.)

FF Plugin HKU\S-1-5-21-3512542795-3224472316-1624659645-1001: @citrixonline.com/appdetectorplugin -> C:\Users\herbalgirl\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-13] (Citrix Online)

FF Plugin HKU\S-1-5-21-3512542795-3224472316-1624659645-1001: @tools.google.com/Google Update;version=3 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin HKU\S-1-5-21-3512542795-3224472316-1624659645-1001: @tools.google.com/Google Update;version=9 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-03] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-03] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-03] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-03] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-03] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll [2007-03-09] (Yahoo! Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\herbalgirl\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-02-21] (Cisco WebEx LLC)

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-09-15] [not signed]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-09-15] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-22] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer

FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-04-29]

Chrome:

=======

CHR HomePage: Profile 1 -> bing.com/?mkt=en-US&pc=__PARAM__

CHR StartupUrls: Profile 1 -> "hxxp://xfinity.comcast.net/"

CHR DefaultSearchURL: Profile 1 -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN

CHR DefaultSearchKeyword: Profile 1 -> bing.com_

CHR DefaultNewTabURL: Profile 1 -> hxxps://www.bing.com/chrome/newtab

CHR DefaultSuggestURL: Profile 1 -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316

CHR Profile: C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-13]

CHR Extension: (YouTube) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-13]

CHR Extension: (Google Calendar) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-13]

CHR Extension: (Pandora) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-11-13]

CHR Extension: (Sublimes collection : island paradise) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidjlkfgfcjpljccpeekkkafgaogmpmi [2013-11-13]

CHR Extension: (Social Fixer for Facebook) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-01-18]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]

CHR Extension: (Google Maps) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-01-15]

CHR Extension: (Google Play Books) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-10-30]

CHR Extension: (Autofill) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2013-09-11]

CHR Extension: (Google Wallet) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Webroot Password Manager) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-04-30]

CHR Extension: (Gmail) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]

CHR Profile: C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]

CHR Extension: (Google Docs) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]

CHR Extension: (Google Drive) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-01]

CHR Extension: (YouTube) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-01]

CHR Extension: (Google Search) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]

CHR Extension: (Google Calendar) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-04-01]

CHR Extension: (Google Play Music) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-08-10]

CHR Extension: (Pandora) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-04-01]

CHR Extension: (Google Sheets) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]

CHR Extension: (Google Docs Offline) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]

CHR Extension: (Sublimes collection : island paradise) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hidjlkfgfcjpljccpeekkkafgaogmpmi [2015-04-01]

CHR Extension: (Social Fixer for Facebook) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2015-04-01]

CHR Extension: (Webroot Filtering Extension) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-04-01]

CHR Extension: (Google Maps) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-04-01]

CHR Extension: (Google Play Books) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-04-01]

CHR Extension: (Bing) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2015-06-16]

CHR Extension: (Autofill) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2015-05-09]

CHR Extension: (Chrome Web Store Payments) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-01]

CHR Extension: (Webroot Password Manager) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-04-01]

CHR Extension: (Gmail) - C:\Users\herbalgirl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]

CHR HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - <no Path/update_url>

CHR HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\herbalgirl\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-08-07]

CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - <no Path/update_url>

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - <no Path/update_url>

CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\herbalgirl\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-08-07]

CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-04-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-14] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-14] (Dropbox, Inc.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]

S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2473296 2013-10-30] () <==== ATTENTION

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [834544 2015-10-14] (Webroot)

S2 RoxioNow Service; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-20] (Malwarebytes)

R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

S2 MCSTRM; no ImagePath

R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-11-04] (CACE Technologies, Inc.)

S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)

S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [43600 2015-09-24] (Webroot)

U0 SR; no ImagePath

U2 srservice; no ImagePath

S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-20 12:26 - 2015-10-20 12:26 - 02196992 _____ (Farbar) C:\Users\herbalgirl\Downloads\FRST64.exe

2015-10-20 12:26 - 2015-10-20 12:26 - 00043581 _____ C:\Users\herbalgirl\Downloads\FRST.txt

2015-10-20 12:26 - 2015-10-20 12:26 - 00000000 ____D C:\FRST

2015-10-20 12:25 - 2015-10-20 12:25 - 01700864 _____ (Farbar) C:\Users\herbalgirl\Downloads\FRST.exe

2015-10-19 22:44 - 2015-10-20 12:19 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-10-19 22:44 - 2015-10-19 22:44 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-19 22:44 - 2015-10-19 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-19 22:44 - 2015-10-19 22:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-19 22:44 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys

2015-10-19 22:44 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2015-10-19 22:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys

2015-10-19 22:43 - 2015-10-19 22:43 - 22908888 _____ (Malwarebytes ) C:\Users\herbalgirl\Downloads\mbam-setup-2.2.0.1024.exe

2015-10-19 22:39 - 2015-10-19 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-10-19 11:55 - 2015-10-19 11:56 - 01199856 _____ ( ) C:\Users\herbalgirl\Downloads\hwmonitor_1.28.exe

2015-10-08 14:20 - 2015-10-08 14:20 - 00000000 ___SD C:\windows\SysWOW64\GWX

2015-10-08 14:20 - 2015-10-08 14:20 - 00000000 ___SD C:\windows\system32\GWX

2015-09-25 18:03 - 2015-10-01 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-20 12:26 - 2014-04-29 14:27 - 00000000 ____D C:\ProgramData\WRData

2015-10-20 12:26 - 2009-07-13 22:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-20 12:26 - 2009-07-13 22:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-20 12:25 - 2015-08-14 20:20 - 00000916 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job

2015-10-20 12:22 - 2011-04-19 19:34 - 01837947 _____ C:\windows\WindowsUpdate.log

2015-10-20 12:19 - 2012-12-19 16:23 - 00000000 ____D C:\Users\herbalgirl\AppData\Roaming\Dropbox

2015-10-20 12:19 - 2012-11-24 12:38 - 00000000 ___RD C:\Users\herbalgirl\Dropbox

2015-10-20 12:18 - 2015-08-14 20:20 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job

2015-10-20 12:18 - 2010-10-27 19:36 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-20 12:17 - 2015-03-31 00:04 - 00000869 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk

2015-10-20 12:17 - 2013-08-26 18:13 - 00045774 _____ C:\windows\setupact.log

2015-10-20 12:17 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2015-10-20 10:52 - 2012-01-15 07:49 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001UA.job

2015-10-20 01:31 - 2012-04-01 08:40 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2015-10-19 22:49 - 2013-08-26 18:24 - 00180988 _____ C:\windows\PFRO.log

2015-10-19 22:44 - 2013-08-28 23:30 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-19 22:40 - 2015-08-14 20:20 - 00000000 ____D C:\Program Files (x86)\Dropbox

2015-10-19 12:13 - 2013-10-28 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-10-19 12:13 - 2010-10-27 19:36 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-18 14:31 - 2012-04-01 08:40 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2015-10-18 14:31 - 2012-04-01 08:40 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-10-18 14:31 - 2011-09-04 12:55 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-18 07:16 - 2015-05-26 19:16 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

2015-10-18 07:15 - 2015-05-26 19:15 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2015-10-14 13:49 - 2014-04-29 15:19 - 00169168 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll

2015-10-14 13:49 - 2014-04-29 15:19 - 00117728 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys

2015-10-14 13:49 - 2014-04-29 15:19 - 00106880 _____ (Webroot) C:\windows\system32\WRusr.dll

2015-10-11 11:51 - 2012-01-15 07:49 - 00000876 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001Core.job

2015-10-07 23:40 - 2011-09-06 18:56 - 00000000 ____D C:\Users\herbalgirl\AppData\Local\CrashDumps

2015-10-06 22:00 - 2013-10-28 13:11 - 00000000 ___RD C:\Users\herbalgirl\Google Drive

2015-10-01 15:22 - 2011-11-30 14:45 - 00000000 ____D C:\Users\herbalgirl\AppData\Roaming\Skype

2015-10-01 14:09 - 2009-07-13 23:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI

2015-10-01 12:45 - 2011-08-26 15:43 - 00000000 ____D C:\Users\herbalgirl

2015-10-01 12:43 - 2014-04-29 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere

2015-10-01 12:43 - 2014-04-29 15:19 - 00000000 ____D C:\Program Files (x86)\Webroot

2015-10-01 12:43 - 2013-02-04 11:56 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-10-01 12:43 - 2012-12-03 20:39 - 00000000 ____D C:\Users\herbalgirl\AppData\Local\NETGEARGenie

2015-10-01 12:43 - 2011-11-30 14:45 - 00000000 ____D C:\ProgramData\Skype

2015-10-01 12:43 - 2010-10-27 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-10-01 12:43 - 2009-07-13 21:20 - 00000000 ____D C:\windows\registration

2015-09-24 11:10 - 2015-02-27 18:38 - 00043600 ____T (Webroot) C:\windows\system32\Drivers\wrUrlFlt.sys

==================== Files in the root of some directories =======

2013-08-12 17:17 - 2014-04-29 20:54 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe

2011-09-06 18:20 - 2012-12-19 19:11 - 0000004 _____ () C:\Users\herbalgirl\AppData\Roaming\C5116E

2011-09-06 18:20 - 2012-12-19 19:11 - 0870128 _____ () C:\Users\herbalgirl\AppData\Roaming\mcs.rma

2012-02-24 11:55 - 2012-02-24 11:55 - 0006656 _____ () C:\Users\herbalgirl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-02-20 06:56 - 2012-02-20 06:56 - 0000017 _____ () C:\Users\herbalgirl\AppData\Local\resmon.resmoncfg

2014-04-01 18:09 - 2014-04-01 18:09 - 0741477 _____ () C:\ProgramData\1396396790.bdinstall.bin

2014-04-11 10:10 - 2014-04-11 10:10 - 0250730 _____ () C:\ProgramData\1397232433.bdinstall.bin

2012-07-22 14:29 - 2012-07-22 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini

2011-09-24 14:19 - 2011-09-24 14:25 - 0000745 _____ () C:\ProgramData\hpzinstall.log

2012-09-09 16:35 - 2012-10-19 12:47 - 0000024 _____ () C:\ProgramData\RNowSvc.ini

Some files in TEMP:

====================

C:\Users\herbalgirl\AppData\Local\Temp\BSvcProcessor.exe

C:\Users\herbalgirl\AppData\Local\Temp\BSvcUpdater.exe

C:\Users\herbalgirl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplsrhnt.dll

C:\Users\herbalgirl\AppData\Local\Temp\jre-8u45-windows-au.exe

C:\Users\herbalgirl\AppData\Local\Temp\jre-8u51-windows-au.exe

C:\Users\herbalgirl\AppData\Local\Temp\jre-8u60-windows-au.exe

C:\Users\herbalgirl\AppData\Local\Temp\SkypeSetup.exe

C:\Users\herbalgirl\AppData\Local\Temp\WRupdate338007.exe

C:\Users\herbalgirl\AppData\Local\Temp\WRupdate339286.exe

C:\Users\herbalgirl\AppData\Local\Temp\WRupdate340940.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\SysWOW64\wininit.exe => File is digitally signed

C:\windows\explorer.exe => File is digitally signed

C:\windows\SysWOW64\explorer.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\SysWOW64\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\SysWOW64\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\SysWOW64\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-30 09:53

==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015

Ran by herbalgirl (2015-10-20 12:27:17)

Running from C:\Users\herbalgirl\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2011-08-26 21:43:52)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3512542795-3224472316-1624659645-500 - Administrator - Disabled)

Guest (S-1-5-21-3512542795-3224472316-1624659645-501 - Limited - Disabled)

herbalgirl (S-1-5-21-3512542795-3224472316-1624659645-1001 - Administrator - Enabled) => C:\Users\herbalgirl

HomeGroupUser$ (S-1-5-21-3512542795-3224472316-1624659645-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}

AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)

Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden

Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)

Calisto DFU Driver (x64) (HKLM\...\{1C20E609-768A-4FDC-AC75-2CE466D81506}) (Version: 2.4.49092.0 - Plantronics, Inc.)

Cisco WebEx Meetings (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

Citrix Online Launcher (HKLM-x32\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)

Compass 2.0 (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\abbdd7e03279b26e) (Version: 2.0.22.2 - ZYTO)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)

Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)

Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

GoToMeeting 5.9.0.1216 (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP MyRoom (HKLM-x32\...\{894C8589-3C0D-4DFD-A755-6746E30E80CA}) (Version: 9.3.0112 - Hewlett-Packard)

HP MyRoom (HKLM-x32\...\{AC8EE58C-72DB-4B0B-ABE5-5669A176CDF5}) (Version: 9.5.0408 - Hewlett-Packard)

HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)

HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)

HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

iLumina Gold Premium (HKLM-x32\...\iLuminaPremium) (Version: 2.80 - Tyndale House Publishers)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)

InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )

Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)

Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)

LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Mappic Travel Photos (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\Mappic Travel Photos) (Version: - Vegard Strenes)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Message+ (HKLM-x32\...\{e81287bb-3cf1-409f-abb0-f046c5df16cc}) (Version: 1.0.16.0 - Verizon)

Message+ (x32 Version: 1.0.16.0 - Verizon) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)

Music Manager (HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\MusicManager) (Version: - Google, Inc.)

Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)

NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)

Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)

SmartPCFixer 5.2 (HKLM-x32\...\{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1) (Version: 5.2 - LionSea Software co., ltd) <==== ATTENTION

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)

TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)

Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)

TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)

TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)

TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)

TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)

TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)

TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)

ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)

Typing Tutor For Dummies (HKLM-x32\...\Typing Tutor For Dummies) (Version: 1.0 - )

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.5.8 - Webroot)

Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

ZYTOTouchV2 (HKLM-x32\...\{8468382B-1469-4A3A-BDC6-F4861CA6BD0E}) (Version: 1.00.00 - ZYTO)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1216\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\herbalgirl\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath

==================== Restore Points =========================

28-08-2015 17:51:01 Windows Update

01-09-2015 15:26:01 Windows Update

04-09-2015 19:15:36 Windows Update

11-09-2015 10:53:20 Windows Update

13-09-2015 15:20:34 Windows Update

25-09-2015 19:09:03 Windows Update

01-10-2015 12:36:39 Removed Skype Click to Call

01-10-2015 12:38:47 Removed Skype™ 7.12

01-10-2015 12:40:48 Restore Operation

01-10-2015 13:36:42 Windows Update

08-10-2015 14:19:47 Windows Update

15-10-2015 12:43:50 Removed Skype Click to Call

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-05-23 10:27 - 2013-08-12 19:59 - 00000864 ____A C:\windows\system32\Drivers\etc\hosts

‣潃祰楲桧⁴挨 㤱㌹㈭〰‹楍牣獯景⁴潃灲മ⌊਍‣桔獩椠⁳⁡慳灭敬䠠协協映汩⁥獵摥戠⁹楍牣獯景⁴䍔⽐偉映牯圠湩潤獷മ⌊਍‣桔獩映汩⁥潣瑮楡獮琠敨洠灡楰杮⁳景䤠⁐摡牤獥敳⁳潴栠獯⁴慮敭⹳䔠捡൨⌊攠瑮祲猠潨汵⁤敢欠灥⁴湯愠⁮湩楤楶畤污氠湩⹥吠敨䤠⁐摡牤獥⁳桳畯摬਍‣敢瀠慬散⁤湩琠敨映物瑳挠汯浵⁮潦汬睯摥戠⁹桴⁥潣牲獥潰摮湩⁧潨瑳渠浡⹥਍‣桔⁥偉愠摤敲獳愠摮琠敨栠獯⁴慮敭猠潨汵⁤敢猠灥牡瑡摥戠⁹瑡氠慥瑳漠敮਍‣灳捡⹥਍ണ⌊䄠摤瑩潩慮汬ⱹ挠浯敭瑮⁳猨捵⁨獡琠敨敳 慭⁹敢椠獮牥整⁤湯椠摮癩摩慵൬⌊氠湩獥漠⁲潦汬睯湩⁧桴⁥慭档湩⁥慮敭搠湥瑯摥戠⁹⁡⌧‧祳扭汯മ⌊਍‣潆⁲硥浡汰㩥਍ണ⌊†††〱⸲㐵㤮⸴㜹††爠楨潮愮浣⹥潣⁭††††⌠猠畯捲⁥敳癲牥਍‣†††㠳㈮⸵㌶ㄮ‰††⹸捡敭挮浯†††††††‣⁸汣敩瑮栠獯൴ഊ⌊氠捯污潨瑳渠浡⁥敲潳畬楴湯椠⁳慨摮敬⁤楷桴湩䐠华椠獴汥⹦਍ण㈱⸷⸰⸰‱†††潬慣桬獯൴⌊㨉ㄺ††††††氠捯污潨瑳਍਍਍〱ㄮ⸶㠱ㄮ㤵†椠桮畯敳灡獰栮湳渮瑥

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EDD27D3-F0F9-489C-9208-8F7B82C46B3E} - System32\Tasks\{299FD240-7DA3-4714-9C2E-6DF963D59020} => Chrome.exe

Task: {1EBCB68D-AC3B-48B5-B3C4-4E8C12B46411} - System32\Tasks\{1C20BA17-A931-4829-839A-9316C51A40DD} => pcalua.exe -a C:\Users\herbalgirl\Downloads\g2m_codec.exe -d C:\Users\herbalgirl\Downloads

Task: {249A38C5-8FA7-4A55-B2C1-6BA662432C6C} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {284CDD5B-F99B-4EDE-9D54-059974F36062} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {3761EEA2-76F0-430E-9F42-5ACB6E5E9616} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-14] (Dropbox, Inc.)

Task: {39AC1700-2504-48FB-A1C4-A070B6A1D9E5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)

Task: {51D4044F-3E5D-4124-A5B9-041D764A75CF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-14] (Dropbox, Inc.)

Task: {66541B8F-619C-4CDB-ADB3-04564E4BDAB7} - System32\Tasks\{F874B6F7-C8AA-4CA6-B1D1-05A4CD3274E1} => pcalua.exe -a "C:\Users\herbalgirl\Downloads\Synaptics_v15_2_20_C_XP32_Vista32_Win7-32_Signed_Marketing_SGS94_UI-Scrybe (1).exe" -d C:\Users\herbalgirl\Downloads

Task: {68D50CD4-739C-4CC5-8EC6-48A51262729F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

Task: {699A3359-7C6D-418E-A3D7-09EF784F8127} - System32\Tasks\{7D46DC9E-F0A5-4D0F-9DCA-5DA3A6365E08} => pcalua.exe -a D:\Setup.exe -d D:\

Task: {69C3E8E8-4BE1-4BED-A0C4-CE8E23BCA9ED} - System32\Tasks\{8FAF87CB-2FBF-423B-94C3-7F5354F41DEC} => pcalua.exe -a D:\LaunchCD.exe -d D:\

Task: {70DE7DF9-DC26-4F44-B63D-7B63CE1F0597} - System32\Tasks\{EAAB0770-63BF-43FA-999F-10B82C9273BC} => pcalua.exe -a "C:\Users\herbalgirl\Downloads\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All (1).exe" -d C:\Users\herbalgirl\Downloads

Task: {7F08871C-C336-4C66-9345-8E8243599B2F} - System32\Tasks\{AB10F7FF-8876-4FC8-A5B5-7781BA56AA9C} => pcalua.exe -a "C:\Users\herbalgirl\AppData\Local\Temp\Temp1_Synaptics_v16_3_15_1_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Signed_Acme_Inc (1).zip\Setup.exe"

Task: {8CF288BC-B276-46E1-ACCF-3B0BA338112D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001Core => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {BE29DB60-3FB0-4E5C-86B9-F54088D9868F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001UA => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {C280591B-3261-4E89-AD90-78ED0C5BF298} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe

Task: {CD4D0A68-A65D-4303-B7E1-08670BE0C3F9} - System32\Tasks\{373A3F3E-D7A8-4A00-B778-A00CFF0B2FED} => pcalua.exe -a "C:\Program Files (x86)\CounterPath\eyeBeam 1.5\unins000.exe"

Task: {D0308825-3F77-4D77-B011-025724894A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {D5488325-0790-4F2D-9F10-52C0BE1C42F6} - System32\Tasks\{624B11A4-D3DF-47FF-80E4-FE8E8EFCABA6} => pcalua.exe -a D:\setup.exe -d D:\

Task: {DA8B5EF5-7293-4C7D-A968-9D536B206CA6} - System32\Tasks\{3498C2F3-CFF7-42FE-AF89-23E04F8679EC} => pcalua.exe -a C:\Users\herbalgirl\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"

Task: {E0CF8A99-E9BC-4B71-B43C-52356E439C76} - System32\Tasks\{AF673448-2D05-461E-9975-8B37395604B8} => pcalua.exe -a "C:\Program Files (x86)\iLuminaPremium\Uninstall.exe"

Task: {F329D756-E3F6-46B3-9525-BC685F7737E9} - System32\Tasks\{055A480E-5767-4EA4-907A-73C29E1E2050} => C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001Core.job => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3512542795-3224472316-1624659645-1001UA.job => C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-06-11 01:40 - 2014-06-11 01:40 - 00098816 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

2013-09-28 19:14 - 2013-09-28 19:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll

2013-09-28 19:13 - 2013-09-28 19:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll

2013-09-28 19:13 - 2013-09-28 19:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll

2013-09-28 19:14 - 2013-09-28 19:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll

2013-09-28 19:14 - 2013-09-28 19:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll

2013-09-28 19:14 - 2013-09-28 19:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll

2014-06-11 01:40 - 2014-06-11 01:40 - 00523776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll

2014-06-11 01:09 - 2014-06-11 01:09 - 01554944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll

2014-06-11 01:10 - 2014-06-11 01:10 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll

2014-06-11 01:11 - 2014-06-11 01:11 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll

2014-06-11 01:59 - 2014-06-11 01:59 - 05992960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll

2014-03-23 21:33 - 2014-03-23 21:33 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll

2014-06-11 01:30 - 2014-06-11 01:30 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll

2014-03-23 21:33 - 2014-03-23 21:33 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll

2014-06-11 01:29 - 2014-06-11 01:29 - 01175552 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll

2014-06-11 01:31 - 2014-06-11 01:31 - 10063872 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll

2014-06-13 01:39 - 2014-06-13 01:39 - 01361920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll

2014-06-11 01:35 - 2014-06-11 01:35 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll

2014-06-11 01:36 - 2014-06-11 01:36 - 00885248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll

2014-06-11 01:38 - 2014-06-11 01:38 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll

2013-09-28 19:13 - 2013-09-28 19:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll

2013-09-28 19:13 - 2013-09-28 19:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll

2013-09-28 19:13 - 2013-09-28 19:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll

2013-09-28 19:13 - 2013-09-28 19:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll

2014-04-08 02:07 - 2014-04-08 02:07 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll

2014-04-08 02:06 - 2014-04-08 02:06 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll

2012-11-29 03:56 - 2012-11-29 03:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll

2014-03-23 21:31 - 2014-03-23 21:31 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll

2014-03-23 21:31 - 2014-03-23 21:31 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll

2014-03-23 21:31 - 2014-03-23 21:31 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll

2014-06-11 01:36 - 2014-06-11 01:36 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll

2014-06-11 01:38 - 2014-06-11 01:38 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll

2014-03-23 22:08 - 2014-03-23 22:08 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll

2014-03-23 21:31 - 2014-03-23 21:31 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll

2013-09-28 19:13 - 2013-09-28 19:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll

2015-02-20 12:25 - 2015-02-20 12:25 - 00612152 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\sqlite3.DLL

2015-02-24 15:16 - 2015-02-24 15:16 - 01654272 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\VzMessagingClientLib.dll

2015-08-13 14:33 - 2015-08-13 14:33 - 00117248 _____ () C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\libaacdec.dll

2015-08-13 14:34 - 2015-08-13 14:34 - 00234496 _____ () C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll

2015-08-13 14:34 - 2015-08-13 14:34 - 00253440 _____ () C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\libid3tag.dll

2015-08-13 14:33 - 2015-08-13 14:33 - 00344064 _____ () C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll

2015-10-20 12:18 - 2015-10-20 12:18 - 00071168 _____ () c:\Users\herbalgirl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplsrhnt.dll

2015-08-14 20:22 - 2015-09-23 17:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll

2015-08-14 20:22 - 2015-09-23 17:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-08-14 20:22 - 2015-09-23 17:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-08-14 20:22 - 2015-09-23 17:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

2015-10-15 13:12 - 2015-10-08 18:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll

2015-10-15 13:12 - 2015-10-08 18:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

AlternateDataStreams: C:\Users\herbalgirl\Downloads\Fwd Essay.msg.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION

HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\hsn.net -> hxxps://inhouseapps.hsn.net

IE trusted site: HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\...\outboxoffice.com -> hxxps://prodarmbo.outboxoffice.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3512542795-3224472316-1624659645-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\herbalgirl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot FF RunOnce.lnk => C:\Windows\pss\Install Webroot FF RunOnce.lnkCommon Startup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot IE RunOnce.lnk => C:\Windows\pss\Install Webroot IE RunOnce.lnkCommon Startup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnkCommon Startup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZYTOTouchV2.lnk => C:\Windows\pss\ZYTOTouchV2.lnkCommon Startup

MSCONFIG\startupfolder: C:^Users^herbalgirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnkStartup

MSCONFIG\startupfolder: C:^Users^herbalgirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 6700 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 6700 (Network).lnkStartup

MSCONFIG\startupfolder: C:^Users^herbalgirl^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnkStartup

MSCONFIG\startupreg: 00TCrdMain =>

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: Best Buy pc app => C:\Users\herbalgirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms

MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

MSCONFIG\startupreg: ConnectionCenter =>

MSCONFIG\startupreg: Google Update => "C:\Users\herbalgirl\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

MSCONFIG\startupreg: googletalk =>

MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe

MSCONFIG\startupreg: HP Officejet 6700 (NET) => "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN25N3G0NV05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe

MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"

MSCONFIG\startupreg: ISTray =>

MSCONFIG\startupreg: iTunesHelper =>

MSCONFIG\startupreg: MusicManager => "C:\Users\herbalgirl\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe

MSCONFIG\startupreg: PlantronicsBatteryStatus.exe =>

MSCONFIG\startupreg: PlantronicsURE.exe =>

MSCONFIG\startupreg: QuickTime Task =>

MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe

MSCONFIG\startupreg: RoxioNowMediaManagerApp =>

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

MSCONFIG\startupreg: SmartFaceVWatcher =>

MSCONFIG\startupreg: SmoothView =>

MSCONFIG\startupreg: Spotify Web Helper =>

MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

MSCONFIG\startupreg: TosNC =>

MSCONFIG\startupreg: TosReelTimeMonitor =>

MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

MSCONFIG\startupreg: TPwrMain =>

MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

MSCONFIG\startupreg: WRSVC =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{13BB094D-CE28-42A1-86F4-69D77E373713}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{0E6634E2-38CB-4D92-96EE-417635887B9C}] => (Allow) LPort=2869

FirewallRules: [{ECD5FDDF-98E5-46A8-9F9C-57EF8F04EADE}] => (Allow) LPort=1900

FirewallRules: [{54E3BF77-1E5C-4F4E-9935-650BF831BF14}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{AE1A8A71-8A16-43E7-842F-129D7377F791}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{D182F1D8-2DFB-4A0F-B9DB-E9F12D11C658}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{70AD5ABF-8D6E-4150-A2C3-DA6C0FFA6309}C:\users\herbalgirl\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\herbalgirl\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{31706B16-74A5-4269-8E82-901FA6452B1D}C:\users\herbalgirl\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\herbalgirl\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{5B8FF3E5-2E6F-498F-B5A8-2DF32E7B5D0D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{6EA78049-AA99-4317-87E0-42538E6552F7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [TCP Query User{E10965ED-7A53-480A-88B9-4D51C5F68198}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [uDP Query User{04452C1E-F968-4B58-A1D1-A75F5853E1E0}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [{5036FB97-365C-47C9-A8B4-B3E4FD8E0B37}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [{EA174B38-BF12-4CA9-B3AB-74A097890B01}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [TCP Query User{D1AA5047-533C-4716-BF77-872F319FF5D4}C:\users\herbalgirl\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herbalgirl\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [uDP Query User{4160AF93-F027-4855-A1AE-80F5E921D66F}C:\users\herbalgirl\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herbalgirl\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{0CE390FA-860E-4840-959C-D864736597A3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe

FirewallRules: [{88B270BE-8D5D-4B6A-AB9E-CC0F5145D714}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe

FirewallRules: [{DC7F0CF9-C801-4CFF-A143-C272A988C316}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe

FirewallRules: [{E99DFE8E-301F-46BB-81F8-33580251881A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe

FirewallRules: [{7EAC128B-81E0-4D34-968E-8F34ECA29254}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe

FirewallRules: [{50B66157-8DA0-4A2C-8E08-53CDBA12D81B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{816BA522-DDDE-4DD5-84FC-A6B3A188A2C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B43B4C04-551B-4CDC-B9F7-C87C6CA875A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{2EA1750C-D370-4405-AE8C-1AA6FEA4A460}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{34F2C146-46B0-4A5D-B024-A7D19511FCFB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

TwinHeadedEagle · October 20, 2015

Hello,

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

Before we start please read and note the following:

We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Please run FRST again, check Addition.txt, press Scan and attach both reports.

fattire · October 21, 2015

Ok I read all you said and will not use my laptop for anything unless its to try to fix this. I really dont care if browser history is wiped since I wipe it on a regular basis. I will get on my laptop to attach both reports.

fattire · October 21, 2015

Ok here is the latest scan

Hello,

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

Before we start please read and note the following:
We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Please run FRST again, check Addition.txt, press Scan and attach both reports.

Addition102115.txt

FRST102115.txt

fattire · October 21, 2015

If you look below your post I was able to attach both files.

TwinHeadedEagle · October 22, 2015

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

fattire · October 24, 2015

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

Fixlog.txt

fattire · October 24, 2015

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

Hi Ok this must have worked I was able to scan my laptop without it shutting itself off and remove all threats which there were over 500 I appreciate the help very much. I hope the log looks better.

TwinHeadedEagle · October 24, 2015

Excellent

Is everything working fine again?

fattire · October 24, 2015

Excellent
Is everything working fine again?

Yes everything is fine now except the laptop is still shutting down and overheating. I suspect the fans may not be working but I have a friend who is an engineer that said he can open it up and replace if they are no longer working.

TwinHeadedEagle · October 25, 2015

Yes, this is a fine idea to clean dust and check temperatures.

AdvancedSetup · November 5, 2015

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

my lapttop shuts down before malware bytes finishes scanning

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information