1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Firefox Mozilla Load Times Suspect infection?!?

Discussion in 'Virus & Other Malware Removal' started by dino7, Aug 24, 2016.

Thread Status:
Not open for further replies.
Advertisement
  1. dino7

    dino7 Thread Starter

    Joined:
    May 27, 2011
    Messages:
    521
    Dear Friends,

    Hope all is well...

    This is basically a copy of a thread in the VISTA Forum. There is a "theory" that the computer might be infected. Rootkits was mentioned. I did run MWB with Rootkits selected and found nothing. We thought of running MWB anti-rootkit beta and tdsskiller.

    It seems like it takes an extreme amount of time when I start my computer for the first time. Or if I restart it for everything to load and operate properly.

    The last thing in the taskbar that loads is AVIRA..it takes a long time to get there though.

    Also please note the "odd" icon [red arrows] I get every so often.. Just one of these came with a website today . And there are icons on the bottom of that same page that should indicate Facebook, Twitter, Youtube, Instagram, etc...don't appear properly. icon odd2.jpg Rocktape bottom odd icons1.jpg

    Any help or suggestions greatly appreciated.

    Sincerely, Raphael




    ** Running Mozilla 48.0.1
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz, x64 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 2037 Mb
    Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
    Hard Drives: C: Total - 102547 MB, Free - 46223 MB; D: Total - 11923 MB, Free - 1034 MB;
    Motherboard: Hewlett-Packard, 30D9
    Antivirus: Trend Micro AntiVirus, Updated and Enabled
     
    Last edited: Aug 24, 2016
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Hi dino7,
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Avira

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  3. dino7

    dino7 Thread Starter

    Joined:
    May 27, 2011
    Messages:
    521
    Here it is! should I close everything out? and what about being w/o Avira running?
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
    Ran by owner (24-08-2016 17:50:22)
    Running from C:\Users\owner\Downloads
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-01-21 12:28:13)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-377907422-106691936-1309279334-500 - Administrator - Disabled)
    Guest (S-1-5-21-377907422-106691936-1309279334-501 - Limited - Disabled)
    owner (S-1-5-21-377907422-106691936-1309279334-1000 - Administrator - Enabled) => C:\Users\owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Trend Micro AntiVirus (Enabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
    AS: Trend Micro AntiVirus (Enabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
    Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
    Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.42.0.50 - Conexant)
    ESU for Microsoft Vista (HKLM\...\{865DB1C9-D5E4-408B-B37D-9927E605BD2D}) (Version: 2.0.11.1 - Hewlett-Packard)
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
    Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
    Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
    HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
    HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
    HP Help and Support (HKLM\...\{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}) (Version: 1.5.1 - Hewlett-Packard)
    HP User Guides 0093 (HKLM\...\{D7358B07-4F10-4014-9869-7999578BE8ED}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H3 - Hewlett-Packard)
    HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
    Inpaint 6.2 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
    LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2223 - CyberLink Corp.)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 48.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.1.6073 - Mozilla)
    MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.9 - Hewlett-Packard)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0000 - Realtek)
    Should I Remove It (HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
    SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
    WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {130B969F-BB8E-41B7-89CC-CBC1F3B66E22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-29] (Adobe Systems Incorporated)
    Task: {1B836BDA-4B46-46AD-A306-D2672F2C64B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
    Task: {27DAD09A-3B76-48EF-9DD0-778B9759DE64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
    Task: {403783C4-9EBD-452F-94FB-669089BF18B4} - System32\Tasks\DVGQF => Rundll32.exe "C:\Windows\system32\winbrando.dll",Ofpqsavaz
    Task: {CCC22D18-726D-4303-B887-D6813B820811} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DVGQF.job =>
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\User_Feed_Synchronization-{9FD47F41-ACDD-4B76-862B-3890A34F3851}.job => C:\Windows\system32\msfeedssync.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2007-05-16 14:43 - 2007-05-16 14:43 - 00677432 ____R () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\driversupport.com -> hxxp://apps.driversupport.com
    IE trusted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\driversupport.com -> hxxps://apps.driversupport.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\1001movie.com -> 1001movie.com

    There are 6091 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 06:23 - 2009-01-11 13:23 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-377907422-106691936-1309279334-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: HP Health Check Service => 2
    MSCONFIG\Services: WinDefend => 2
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    MSCONFIG\startupreg: HP Software Update => "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
    MSCONFIG\startupreg: hpqSRMon => "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
    MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{FF474905-9776-4B53-B8A4-052E3CC84284}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{CFC3E763-6F9C-4A1F-AB3A-C289D4FA0A98}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{E3CD7F8B-13AD-46BA-A142-7CC4C51F1166}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{DDB741A2-817C-420D-9440-C0194567D49A}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{96BA7409-4F24-4808-AE89-500A8910A762}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{7FCFED6C-0C4E-4096-A4DB-CBD2EAAC799E}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{50789C6E-2968-4795-B1A5-CB0903F58867}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{95E2F717-F762-45CD-97AD-77C9E5591DF6}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{5FBE01FC-77A2-4E5D-9765-B24AAAB869E3}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{070A3482-CCAF-4F83-BEA4-27398AFC036E}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{08C5884B-1827-4A80-952B-3EBA04791173}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{06148C8F-DD43-4FE8-8E0B-BA4CEA945061}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{B604C096-F53F-48B1-A344-0BC10DD578D9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{93115587-0BBD-4C3E-89A4-519CDED3C478}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [TCP Query User{C72B6B3E-1C5C-468B-8D1F-8CCDB0F24BC3}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{4804DC59-7305-45E9-B121-66F0589113FB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{F58248D9-6910-49F5-B805-CEACF7E290DC}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
    FirewallRules: [UDP Query User{5159DA00-A81B-47BE-ABE4-D78C2B3CB34D}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
    FirewallRules: [{A19E6877-F330-4EE6-95F4-80BC148657BF}] => (Allow) LPort=2869
    FirewallRules: [{C2C55EFF-A7F5-4198-88B1-4481A6B12498}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{B3C96965-DAF1-4D03-9B10-DD2C8FD9D408}C:\program files\ea games\dead space 2\deadspace2.exe] => (Block) C:\program files\ea games\dead space 2\deadspace2.exe
    FirewallRules: [UDP Query User{038F0DB6-2282-48C7-A627-FD7E380BF873}C:\program files\ea games\dead space 2\deadspace2.exe] => (Block) C:\program files\ea games\dead space 2\deadspace2.exe
    FirewallRules: [{58D878A7-5998-4F44-AE34-0C45133DB27D}] => (Allow) LPort=80
    FirewallRules: [{5D1328DE-B905-4456-99A1-540B5955BD14}] => (Allow) LPort=80
    FirewallRules: [{2CADC4C1-C576-4DE4-9561-9303D91095AA}] => (Allow) LPort=80
    FirewallRules: [TCP Query User{C6BEFC01-3BCB-450A-8C84-982F849E6D64}C:\users\owner\appdata\local\temp\123.exe] => (Allow) C:\users\owner\appdata\local\temp\123.exe
    FirewallRules: [UDP Query User{7F185C28-1D3B-49CF-A589-DC1BF17F71B5}C:\users\owner\appdata\local\temp\123.exe] => (Allow) C:\users\owner\appdata\local\temp\123.exe
    FirewallRules: [{81B19B32-563C-4979-A740-6FDFE25C68B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C59EA48A-81F6-4E0E-BE29-CBF4B26B7F1A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C9C51F47-5950-416F-AB6B-F1EC9CF2956A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4A55D8C6-8FD0-415A-9CC8-CC47B9DED652}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{0D81297C-8A48-4C28-B683-37B013E66436}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6E69EB6A-29C3-42A7-B3F2-CCA4728E195F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{1F32C421-A157-413D-AFBF-9B62F1F5B81D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{493221FD-D893-4B80-B499-C4BBE6FBA852}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

    ==================== Restore Points =========================

    10-08-2016 12:02:40 Installed Adobe Reader XI.
    13-08-2016 12:46:06 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/24/2016 05:18:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/24/2016 05:18:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/23/2016 05:08:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/22/2016 02:05:26 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/22/2016 02:05:26 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/21/2016 12:37:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/21/2016 11:57:37 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/21/2016 11:01:52 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/21/2016 03:46:26 AM) (Source: ESENT) (EventID: 489) (User: )
    Description: avguard (2460) GaviDB_0: An attempt to open the file "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).

    Error: (08/20/2016 08:21:02 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\213JARXZ.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)


    System errors:
    =============
    Error: (08/24/2016 05:36:26 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (08/24/2016 05:24:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Windows\system32\athihvs.dll126

    Error: (08/24/2016 11:06:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Windows\system32\athihvs.dll126

    Error: (08/23/2016 12:21:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Windows\system32\athihvs.dll126

    Error: (08/21/2016 09:11:48 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Windows\system32\athihvs.dll126

    Error: (08/21/2016 03:46:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Windows\system32\athihvs.dll126

    Error: (08/20/2016 08:54:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Windows\system32\athihvs.dll126

    Error: (08/20/2016 11:04:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Windows\system32\athihvs.dll126

    Error: (08/20/2016 10:58:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Windows\system32\athihvs.dll126

    Error: (08/18/2016 05:15:26 PM) (Source: BROWSER) (EventID: 8032) (User: )
    Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{674E9B53-9BE3-4DE6-A6A1-B7219AA9EF5B}.
    The backup browser is stopping.


    CodeIntegrity:
    ===================================
    Date: 2016-08-24 17:50:13.306
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 17:50:12.495
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 17:50:11.668
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 17:50:10.826
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 17:50:09.687
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 17:50:08.845
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 17:50:07.987
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 17:50:07.144
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 12:20:45.638
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 12:20:44.733
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
    Percentage of memory in use: 64%
    Total physical RAM: 2037.27 MB
    Available physical RAM: 718.4 MB
    Total Virtual: 4317.81 MB
    Available Virtual: 2957.97 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:100.14 GB) (Free:45.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (PRESARIO_RP) (Fixed) (Total:11.64 GB) (Free:1.01 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 111.8 GB) (Disk ID: 1B181B18)
    Partition 1: (Active) - (Size=100.1 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=11.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Your Sysinfo post showed Trend Micro Updated and running.
    Where is it? Do you know?

    I need to see the log frst.txt
    Please post when you can.
     
  5. dino7

    dino7 Thread Starter

    Joined:
    May 27, 2011
    Messages:
    521
    Trend Micro RegEdit.jpg Thank YOU! I can't locate anything related to Trend Micro?!

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2016 01
    Ran by owner (administrator) on OWNER-PC (24-08-2016 17:48:00)
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available Profiles: owner)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2007-12-21] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
    HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2010-03-09] ()
    Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2010-03-09] ()
    GroupPolicy: Restriction - Chrome <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{674E9B53-9BE3-4DE6-A6A1-B7219AA9EF5B}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{7A2A46D8-8540-4942-B4A1-E4CA61785A7E}: [NameServer] 4.2.2.2,4.2.2.1,10.0.0.1
    Tcpip\..\Interfaces\{7A2A46D8-8540-4942-B4A1-E4CA61785A7E}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
    SearchScopes: HKLM -> {2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    SearchScopes: HKLM -> {7638F40E-6DD0-42B2-A953-26B5A65C45A9} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    SearchScopes: HKU\.DEFAULT -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
    SearchScopes: HKU\.DEFAULT -> {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {547EEAAC-3665-4e6c-B326-C622D698543A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {5ECAF5C4-4FC6-4629-9580-1FB0C625B813} URL = hxxp://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {7638F40E-6DD0-42B2-A953-26B5A65C45A9} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {C879DD44-560E-4107-B580-D4F7FC34FDC7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: WhiteSmoke Toolbar -> {52794457-af6c-4c50-9def-f2e24f4c8889} -> C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll [2010-08-15] ()
    BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
    BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-06-30] (Oracle Corporation)
    Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKLM - WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll [2010-08-15] ()
    Toolbar: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_79-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0079-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_79-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_79-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\213jarxz.default
    FF Homepage: www.google.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-29] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Extension: WOT - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\213jarxz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-08-06]
    FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\213jarxz.default\Extensions\[email protected] [2016-08-20]
    FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\213jarxz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-01]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-26] [not signed]
    FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
    FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-24] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-29]
    CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-29]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-29]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-14]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-29]
    CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-29]
    CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-29]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-29]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
    R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
    S4 FastUserSwitchingCompatibility; [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-10-11] (Conexant Systems Inc.)
    S3 RtlWlanu; C:\Windows\System32\DRIVERS\RTWlanu_Vista.sys [2573000 2014-09-04] (Realtek Semiconductor Corporation )
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-05-10] (Apple, Inc.) [File not signed]
    S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 SymIM; system32\DRIVERS\SymIM.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-24 17:48 - 2016-08-24 17:49 - 00014066 _____ C:\Users\owner\Downloads\FRST.txt
    2016-08-24 17:47 - 2016-08-24 17:48 - 00000000 ____D C:\FRST
    2016-08-24 17:46 - 2016-08-24 17:46 - 01746432 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
    2016-08-24 12:09 - 2016-08-24 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-08-24 12:07 - 2016-08-24 12:36 - 00000000 ____D C:\Users\owner\Desktop\mbar
    2016-08-24 12:01 - 2016-08-24 12:05 - 16563352 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.09.3.1001.exe
    2016-08-23 13:36 - 2016-08-23 13:36 - 00509440 _____ (Tech Support Guy System) C:\Users\owner\Downloads\SysInfo(2).exe
    2016-08-23 13:01 - 2016-08-24 11:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-08-17 17:31 - 2016-08-17 17:31 - 08227032 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup521.exe
    2016-08-17 17:29 - 2016-08-17 17:29 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Adobe
    2016-08-17 16:49 - 2016-08-17 17:04 - 00000000 ____D C:\Users\owner\Downloads\driverview
    2016-08-17 16:48 - 2016-08-17 16:59 - 00000022 _____ C:\Users\owner\Downloads\driverview.zip
    2016-08-17 16:06 - 2016-08-17 17:28 - 00000883 _____ C:\Users\owner\Desktop\notepad SOUND.txt
    2016-08-17 16:03 - 2016-08-17 16:03 - 17868248 _____ (Lenovo Group Limited ) C:\Users\owner\Downloads\6ea118ww.exe
    2016-08-13 13:04 - 2015-11-20 10:15 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-08-13 13:04 - 2015-11-20 10:15 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-08-13 13:04 - 2015-09-02 17:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2016-08-13 12:50 - 2016-03-17 13:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
    2016-08-13 12:50 - 2016-03-17 13:45 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-08-13 12:50 - 2016-03-10 13:07 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-08-13 12:48 - 2012-06-02 10:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2016-08-13 12:47 - 2012-07-25 23:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2016-08-13 12:47 - 2012-07-25 23:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2016-08-13 12:47 - 2012-07-25 23:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2016-08-13 12:47 - 2012-07-25 23:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2016-08-13 12:47 - 2012-07-25 23:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2016-08-13 12:47 - 2012-07-25 22:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2016-08-13 12:47 - 2012-07-25 22:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2016-08-13 12:47 - 2009-07-14 08:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
    2016-08-13 12:46 - 2012-11-21 23:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
    2016-08-13 12:45 - 2013-04-17 08:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2016-08-10 12:39 - 2016-08-10 12:39 - 00509440 _____ (Tech Support Guy System) C:\Users\owner\Downloads\SysInfo(1).exe
    2016-08-10 12:22 - 2016-08-10 12:22 - 00666894 _____ C:\Users\owner\Downloads\acrobat_ittools_cleaner_p2_061713.zip
    2016-08-10 12:22 - 2016-08-10 12:22 - 00000000 ____D C:\Users\owner\Downloads\acrobat_ittools_cleaner_p2_061713
    2016-08-10 12:04 - 2016-08-10 12:04 - 00001852 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2016-08-10 12:04 - 2016-08-10 12:04 - 00001804 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2016-08-10 12:04 - 2016-08-10 12:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2016-08-10 12:04 - 2016-08-10 12:04 - 00000000 ____D C:\Program Files\Adobe
    2016-08-10 12:00 - 2016-08-10 12:01 - 48461312 _____ C:\Users\owner\Downloads\AdbeRdr11000_en_US.msi
    2016-08-10 11:27 - 2016-08-10 11:27 - 00000000 ____D C:\Users\owner\AppData\Local\{A414DF16-A537-4D8E-9870-9FB280DC42F5}
    2016-08-08 21:29 - 2016-08-08 21:29 - 00987728 _____ (Google Inc.) C:\Users\owner\Downloads\ChromeSetup.exe
    2016-08-08 16:22 - 2016-08-08 16:22 - 05776144 _____ (Adobe Systems Inc.) C:\Users\owner\Downloads\Shockwave_Installer_Slim.exe
    2016-08-06 11:48 - 2016-08-06 11:48 - 00000836 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
    2016-08-06 11:48 - 2016-08-06 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2016-08-06 11:48 - 2016-08-06 11:48 - 00000000 ____D C:\Program Files\SpywareBlaster
    2016-08-06 11:48 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX
    2016-08-06 11:48 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
    2016-08-06 11:47 - 2016-08-06 11:47 - 04291320 _____ (BrightFort LLC ) C:\Users\owner\Downloads\spywareblastersetup55.exe
    2016-08-05 01:01 - 2016-08-05 01:02 - 00000000 ____D C:\ProgramData\AOL
    2016-08-04 22:00 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2016-08-04 21:55 - 2016-01-29 23:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2016-08-04 21:55 - 2016-01-29 23:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
    2016-08-04 21:55 - 2016-01-29 23:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
    2016-08-04 21:55 - 2016-01-29 23:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
    2016-08-04 21:55 - 2016-01-29 23:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
    2016-08-04 21:55 - 2016-01-29 23:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
    2016-08-04 21:55 - 2016-01-29 23:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
    2016-08-04 21:55 - 2016-01-29 23:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
    2016-08-04 21:55 - 2016-01-29 23:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
    2016-08-04 21:55 - 2016-01-29 23:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
    2016-08-04 21:55 - 2016-01-29 23:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
    2016-08-04 21:55 - 2016-01-29 23:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
    2016-08-04 21:55 - 2016-01-29 21:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
    2016-08-04 21:53 - 2015-07-21 12:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
    2016-08-04 21:53 - 2015-07-21 12:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2016-08-04 21:53 - 2015-07-21 12:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
    2016-08-04 21:53 - 2015-07-21 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2016-08-04 21:46 - 2016-03-04 12:52 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2016-08-04 21:43 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2016-08-04 21:43 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2016-08-04 21:43 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2016-08-04 21:43 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2016-08-04 21:41 - 2016-05-18 11:33 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-08-04 21:41 - 2015-07-31 15:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-08-04 21:39 - 2016-03-18 13:10 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2016-08-04 21:39 - 2016-03-18 13:10 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2016-08-04 21:37 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2016-08-04 21:37 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2016-08-04 21:37 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2016-08-04 21:35 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-08-04 21:35 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-08-04 21:35 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-08-04 21:35 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-08-04 21:35 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-08-04 21:35 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-08-04 21:33 - 2014-10-09 21:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2016-08-04 21:33 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-08-04 21:33 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-08-04 21:31 - 2016-04-09 17:17 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2016-08-04 21:19 - 2015-12-05 13:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2016-08-04 21:19 - 2015-12-05 13:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-08-04 21:19 - 2015-12-05 13:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
    2016-08-04 21:19 - 2015-12-05 13:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-08-04 21:19 - 2015-12-05 13:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2016-08-04 21:19 - 2015-12-05 13:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
    2016-08-04 21:19 - 2015-12-05 13:02 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
    2016-08-04 21:19 - 2015-12-05 13:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-08-04 21:19 - 2015-12-05 13:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2016-08-04 21:19 - 2015-12-05 13:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2016-08-04 21:19 - 2015-12-05 13:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2016-08-04 21:19 - 2015-12-05 13:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2016-08-04 21:19 - 2015-12-05 12:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2016-08-04 21:19 - 2013-10-29 22:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2016-08-04 21:19 - 2013-10-29 20:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2016-08-04 21:18 - 2015-12-05 13:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2016-08-04 21:18 - 2015-12-05 13:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2016-08-04 21:17 - 2016-02-05 22:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
    2016-08-04 21:16 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2016-08-04 21:14 - 2015-07-10 15:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2016-08-04 20:56 - 2015-03-04 22:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2016-08-04 20:56 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2016-08-04 20:54 - 2016-04-09 17:22 - 00638184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2016-08-04 20:54 - 2016-04-09 17:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2016-08-04 20:54 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2016-08-04 20:51 - 2015-11-13 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
    2016-08-04 20:51 - 2015-11-13 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
    2016-08-04 20:51 - 2015-11-13 11:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
    2016-08-04 20:45 - 2015-10-13 10:31 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2016-08-04 20:45 - 2015-10-13 10:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2016-08-04 20:40 - 2016-05-10 11:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2016-08-04 20:40 - 2016-05-10 11:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2016-08-04 20:40 - 2016-05-10 11:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
    2016-08-04 20:40 - 2016-05-10 10:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2016-08-04 20:40 - 2016-05-10 10:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
    2016-08-04 20:35 - 2016-05-12 11:34 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2016-08-04 20:35 - 2016-05-12 11:34 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
    2016-08-04 20:35 - 2016-05-12 11:34 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
    2016-08-04 20:35 - 2016-05-12 11:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
    2016-08-04 20:35 - 2016-05-12 11:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
    2016-08-04 20:35 - 2016-05-12 11:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
    2016-08-04 20:33 - 2015-11-02 13:04 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
    2016-08-04 20:31 - 2016-05-12 10:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-08-04 20:30 - 2016-02-02 11:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2016-08-04 20:23 - 2015-07-18 12:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2016-08-04 20:23 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2016-08-04 20:22 - 2016-02-03 13:06 - 00564736 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-08-04 20:22 - 2016-02-03 13:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
    2016-08-04 20:22 - 2016-02-03 13:05 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-08-04 20:21 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2016-08-04 20:11 - 2015-08-05 11:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2016-08-04 20:06 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2016-08-04 20:06 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2016-08-04 20:06 - 2014-10-02 21:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2016-08-04 20:06 - 2014-10-02 21:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2016-08-04 20:05 - 2015-07-28 20:46 - 11588096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-08-04 20:04 - 2014-12-05 23:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2016-08-04 20:04 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2016-08-04 20:04 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2016-08-04 20:03 - 2016-03-18 13:10 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-08-04 20:03 - 2016-03-18 13:09 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-08-04 20:02 - 2016-08-04 20:02 - 00000000 ____D C:\Users\owner\AppData\Local\Microsoft Help
    2016-08-04 19:54 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2016-08-04 19:54 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2016-08-04 19:54 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2016-08-04 19:54 - 2016-06-25 11:37 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2016-08-04 19:54 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
    2016-08-04 19:54 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2016-08-04 19:54 - 2013-05-02 00:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
    2016-08-04 19:53 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2016-08-04 19:49 - 2016-05-14 11:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-08-04 19:49 - 2016-05-14 11:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
    2016-08-04 19:49 - 2016-05-14 10:19 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-08-04 19:49 - 2016-05-14 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-08-04 19:49 - 2016-05-14 10:18 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-08-04 19:49 - 2016-05-11 09:09 - 00440552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-08-04 19:49 - 2016-03-18 13:10 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-08-04 19:49 - 2016-03-18 13:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-08-04 19:49 - 2016-03-18 13:09 - 01259520 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-08-04 19:49 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2016-08-04 19:29 - 2016-08-04 19:37 - 00000000 ____D C:\Windows\system32\MRT
    2016-08-04 19:28 - 2016-01-07 11:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-08-04 19:28 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
    2016-08-04 19:24 - 2015-10-10 12:02 - 00526272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2016-08-04 19:19 - 2016-02-05 22:11 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-08-04 19:18 - 2016-04-09 16:37 - 03608808 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2016-08-04 19:18 - 2016-04-09 16:37 - 03556584 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-08-04 19:18 - 2016-03-21 18:57 - 01208568 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-08-04 19:18 - 2016-02-05 22:12 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-08-04 19:18 - 2016-02-05 22:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-08-04 19:18 - 2016-02-05 20:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-08-04 19:18 - 2015-11-10 13:03 - 01208832 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2016-08-04 19:18 - 2015-11-10 13:03 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2016-08-04 19:18 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
    2016-08-04 19:18 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
    2016-08-04 19:18 - 2015-07-01 11:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2016-08-04 19:18 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2016-08-04 19:17 - 2015-11-05 03:34 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2016-08-04 19:17 - 2015-05-04 18:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-08-04 19:17 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2016-08-04 19:17 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2016-08-04 19:17 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2016-08-04 19:17 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2016-08-04 19:08 - 2016-04-09 15:07 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2016-08-04 19:08 - 2015-09-26 12:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-08-04 19:08 - 2015-09-26 09:21 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2016-08-04 19:08 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-08-04 19:08 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-08-04 19:08 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-08-04 19:08 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-08-04 19:08 - 2014-12-05 23:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2016-08-04 19:01 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2016-08-04 19:01 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2016-08-04 19:01 - 2013-06-15 09:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2016-08-04 19:01 - 2013-06-15 07:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2016-08-04 19:01 - 2012-11-02 06:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
    2016-08-04 19:01 - 2012-11-02 04:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
    2016-08-04 19:01 - 2012-09-25 12:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
    2016-08-04 19:00 - 2016-06-20 13:50 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-08-04 19:00 - 2016-06-20 13:48 - 12842496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-08-04 19:00 - 2016-06-20 13:46 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-08-04 19:00 - 2016-06-20 13:45 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-08-04 19:00 - 2016-06-20 13:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-08-04 19:00 - 2016-06-20 13:44 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-08-04 19:00 - 2016-06-20 13:43 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-08-04 19:00 - 2016-06-20 13:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-08-04 19:00 - 2016-06-20 13:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-08-04 19:00 - 2016-06-20 13:43 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-08-04 19:00 - 2016-06-20 13:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2016-08-04 19:00 - 2016-06-20 13:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-08-04 19:00 - 2016-06-20 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-08-04 19:00 - 2016-06-20 13:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-08-04 19:00 - 2016-06-20 13:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-08-04 19:00 - 2016-06-20 13:42 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-08-04 19:00 - 2016-06-20 13:42 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-08-04 19:00 - 2016-06-20 13:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-08-04 19:00 - 2016-06-20 13:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-08-04 19:00 - 2016-06-20 13:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2016-08-04 19:00 - 2016-06-20 13:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2016-08-04 19:00 - 2016-06-20 13:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2016-08-04 19:00 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2016-08-04 19:00 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2016-08-04 19:00 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2016-08-04 19:00 - 2013-03-03 15:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2016-08-04 19:00 - 2012-08-21 07:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2016-08-04 19:00 - 2012-06-29 12:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
    2016-08-04 19:00 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2016-08-04 19:00 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2016-08-04 18:59 - 2013-10-10 22:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2016-08-04 18:59 - 2013-10-10 22:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2016-08-04 18:59 - 2013-10-10 22:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2016-08-04 18:59 - 2013-10-10 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
    2016-08-04 18:59 - 2013-10-10 22:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2016-08-04 18:59 - 2013-10-10 20:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
    2016-08-04 18:59 - 2013-10-10 20:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2016-08-04 18:59 - 2013-10-10 20:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2016-08-04 18:59 - 2013-10-03 08:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-08-04 18:59 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
    2016-08-04 18:59 - 2013-06-26 19:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
    2016-08-04 18:59 - 2013-06-26 19:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
    2016-08-04 18:59 - 2013-04-24 00:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
    2016-08-04 18:59 - 2013-04-23 21:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
    2016-08-04 18:58 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2016-08-04 18:58 - 2013-10-22 03:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2016-08-04 18:58 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
    2016-08-04 18:58 - 2013-07-08 00:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-08-04 18:58 - 2013-07-08 00:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-08-04 18:58 - 2013-07-08 00:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-08-04 18:58 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
    2016-08-04 18:58 - 2013-03-07 23:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-08-04 18:58 - 2013-02-11 21:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
    2016-08-04 18:58 - 2012-05-01 10:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2016-08-04 16:43 - 2016-06-10 10:19 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-08-04 16:21 - 2016-05-14 11:47 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-08-04 16:21 - 2016-05-14 11:41 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-08-04 16:09 - 2015-11-06 13:05 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-08-04 16:09 - 2015-11-06 12:32 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2016-08-04 16:09 - 2015-11-06 12:32 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2016-08-04 16:09 - 2015-11-06 12:32 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2016-08-04 16:09 - 2015-11-06 12:32 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2016-08-04 16:09 - 2015-11-06 11:27 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2016-08-04 16:09 - 2015-11-06 11:20 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2016-08-04 16:09 - 2015-11-06 11:20 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2016-08-04 16:09 - 2015-11-06 11:19 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2016-08-04 15:30 - 2016-08-04 15:30 - 00000000 ____D C:\49c2b4c5dfcc30a097f4
    2016-08-04 14:39 - 2016-08-04 14:39 - 00000000 ____D C:\6c9f6841fa4a6b0926ce52e08b
    2016-08-04 13:36 - 2016-08-04 13:36 - 00000000 ____D C:\cbbcab1f344c64d0aa48e87e
    2016-08-04 13:12 - 2016-08-04 13:12 - 00000000 ____D C:\5ab62ede5c284703ad687a
    2016-08-04 12:17 - 2016-08-23 12:17 - 00004829 _____ C:\Users\owner\Desktop\NOTEpad.txt
    2016-08-04 12:09 - 2016-08-04 12:09 - 00000000 ____D C:\3577d1e33e4ce99a6ceb6e3c7e82
    2016-08-03 14:01 - 2016-08-03 14:01 - 00000000 ____D C:\9b1757b72dfffe4ef5c36da1
    2016-08-03 13:53 - 2016-08-03 13:53 - 00000000 ____D C:\Users\owner\Desktop\wsusoffline1071
    2016-08-03 13:52 - 2016-08-03 13:52 - 02055344 _____ C:\Users\owner\Desktop\wsusoffline1071.zip
    2016-08-03 13:20 - 2016-08-03 13:20 - 01229954 _____ C:\Users\owner\Desktop\Windows6.0-KB3153199-x86.msu
    2016-08-02 18:21 - 2012-06-02 18:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-08-02 18:21 - 2012-06-02 18:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-08-02 18:21 - 2012-06-02 18:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-08-02 18:21 - 2012-06-02 18:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2016-08-02 18:21 - 2012-06-02 18:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2016-08-02 18:21 - 2012-06-02 18:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-08-02 18:21 - 2012-06-02 18:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-08-02 18:20 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-08-02 18:20 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-08-02 17:41 - 2012-04-07 19:13 - 00000000 ____D C:\Users\owner\Desktop\Net_Atheros_XPVSW7_3264_9.2.0.480
    2016-08-02 00:31 - 2016-08-02 00:31 - 00000767 _____ C:\Users\owner\Desktop\IrfanView.lnk
    2016-08-02 00:31 - 2016-08-02 00:31 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
    2016-08-02 00:31 - 2016-08-02 00:31 - 00000000 ____D C:\Program Files\IrfanView
    2016-08-02 00:30 - 2016-08-02 00:30 - 02131936 _____ (Irfan Skiljan) C:\Users\owner\Downloads\iview442_setup.exe
    2016-08-02 00:27 - 2016-08-02 00:27 - 00000000 ____D C:\Users\owner\AppData\Local\{B77AF858-572B-4CA3-B1F8-8409CC6A2681}
    2016-08-01 15:39 - 2016-08-01 15:39 - 00004429 _____ C:\Users\owner\network.txt
    2016-08-01 11:52 - 2016-08-03 00:51 - 00001032 _____ C:\Users\owner\Desktop\notepad FF.txt
    2016-07-30 18:19 - 2014-09-04 13:41 - 02573000 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanu_Vista.sys
    2016-07-30 18:18 - 2016-07-30 18:18 - 00000000 ____D C:\Users\owner\Downloads\NETGEAR
    2016-07-30 14:47 - 2016-08-21 03:42 - 00002271 _____ C:\Users\owner\Desktop\Download info C700.txt
    2016-07-30 13:52 - 2016-07-30 13:53 - 43455304 _____ (HP Inc. ) C:\Users\owner\Downloads\sp76302.exe
    2016-07-30 13:20 - 2016-07-30 13:20 - 00000000 ____D C:\Users\owner\Documents\8521edac9a87e7ae5b351987f9c1f8fabf5b55c7
    2016-07-30 12:50 - 2016-07-30 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint
    2016-07-30 12:50 - 2016-07-30 12:50 - 00000000 ____D C:\Program Files\Inpaint
    2016-07-30 12:48 - 2016-08-02 00:31 - 00000000 ____D C:\Users\owner\AppData\Roaming\IrfanView
    2016-07-29 19:08 - 2016-07-29 19:08 - 00509440 _____ (Tech Support Guy System) C:\Users\owner\Downloads\SysInfo.exe
    2016-07-29 18:28 - 2016-07-29 18:28 - 00001384 _____ C:\Users\owner\Desktop\R-HP - Shortcut.lnk
    2016-07-29 17:47 - 2012-01-10 20:44 - 02231808 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
    2016-07-29 17:42 - 2016-07-29 17:43 - 76326632 _____ (Hewlett-Packard Company ) C:\Users\owner\Downloads\sp54972.exe
    2016-07-29 17:22 - 2016-07-29 17:23 - 08404720 _____ (Hewlett-Packard ) C:\Users\owner\Downloads\sp38629.exe
    2016-07-29 12:54 - 2016-07-29 12:54 - 00001062 _____ C:\Users\owner\Desktop\Should I Remove It.lnk
    2016-07-29 12:54 - 2016-07-29 12:54 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
    2016-07-29 12:54 - 2016-07-29 12:54 - 00000000 ____D C:\Program Files\Reason
    2016-07-29 12:52 - 2016-07-29 12:52 - 02178872 _____ (Reason Software Company Inc.) C:\Users\owner\Downloads\ShouldIRemoveIt_Setup.exe
    2016-07-29 12:13 - 2016-07-29 12:13 - 00000000 ____D C:\Users\owner\AppData\Local\Macromedia
    2016-07-29 12:11 - 2016-07-29 12:11 - 00000000 ____D C:\Users\owner\AppData\Roaming\Mozilla
    2016-07-29 12:11 - 2016-07-29 12:11 - 00000000 ____D C:\Users\owner\AppData\Local\Mozilla
    2016-07-29 12:10 - 2016-08-24 11:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-07-29 12:10 - 2016-07-29 12:10 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-07-29 12:10 - 2016-07-29 12:10 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-07-29 12:09 - 2016-07-29 12:09 - 43179592 _____ C:\Users\owner\Downloads\Firefox Setup 42.0.exe
    2016-07-29 11:15 - 2016-07-29 11:15 - 00000000 ____D C:\Users\owner\Downloads\DnsJumper
    2016-07-29 03:52 - 2016-07-29 03:52 - 00000000 ____D C:\Windows\system32\Adobe
    2016-07-29 03:37 - 2016-08-24 17:35 - 00000000 ____D C:\Users\owner\AppData\Roaming\Avira
    2016-07-29 03:34 - 2016-08-24 17:44 - 00000000 ____D C:\ProgramData\Avira
    2016-07-29 03:23 - 2016-07-29 03:23 - 00000796 _____ C:\Users\owner\Desktop\DnsJumper - Shortcut.lnk
    2016-07-29 03:20 - 2016-07-29 03:20 - 00649120 _____ C:\Users\owner\Downloads\DnsJumper.zip
    2016-07-29 02:32 - 2016-08-24 12:09 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-07-29 02:31 - 2016-08-24 12:07 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-07-29 02:31 - 2016-07-29 02:31 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-07-29 02:31 - 2016-07-29 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-07-29 02:31 - 2016-07-29 02:31 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2016-07-29 02:31 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-07-29 02:31 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-07-29 02:26 - 2016-08-17 17:32 - 00000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-07-29 02:26 - 2016-07-29 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-07-29 02:26 - 2016-07-29 02:26 - 00000000 ____D C:\Program Files\CCleaner
    2016-07-29 01:26 - 2016-07-29 01:26 - 00000000 ____D C:\Users\owner\AppData\Local\Microsoft Corporation
    2016-07-29 01:25 - 2016-07-29 01:25 - 08669472 _____ (Microsoft Corporation) C:\Users\owner\Downloads\Windows7UpgradeAdvisorSetup.exe
    2016-07-29 01:25 - 2016-07-29 01:25 - 02549112 _____ (Microsoft Corporation) C:\Users\owner\Downloads\DefaultPack.EXE

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-24 17:42 - 2011-03-06 14:11 - 00000314 ___SH C:\Windows\Tasks\DVGQF.job
    2016-08-24 17:42 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-24 17:42 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-24 17:42 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-24 17:36 - 2006-11-02 09:01 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-08-24 17:35 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
    2016-08-24 17:18 - 2016-06-30 17:00 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-08-24 17:17 - 2012-06-05 11:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-08-17 17:29 - 2008-06-12 22:31 - 00000000 ____D C:\Users\owner\AppData\Roaming\Adobe
    2016-08-14 13:20 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
    2016-08-13 13:00 - 2006-11-02 06:33 - 00774814 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-08-12 01:44 - 2008-05-16 21:18 - 00000909 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-08-10 12:04 - 2007-11-12 04:41 - 00000000 ____D C:\ProgramData\Adobe
    2016-08-10 11:34 - 2006-11-02 07:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-08-08 21:30 - 2016-06-30 17:03 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-08-08 21:30 - 2016-06-30 17:03 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-08-06 11:48 - 2011-02-11 11:56 - 00000000 ____D C:\ProgramData\TEMP
    2016-08-06 11:48 - 2008-05-17 07:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-08-06 09:57 - 2006-11-02 08:47 - 00302704 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-08-05 11:34 - 2007-11-12 02:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2016-08-05 11:34 - 2007-11-12 02:51 - 00000000 ____D C:\Program Files\Hewlett-Packard
    2016-08-05 11:33 - 2008-05-16 21:17 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
    2016-08-05 11:33 - 2007-11-12 04:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
    2016-08-05 11:33 - 2007-11-12 04:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
    2016-08-05 11:33 - 2007-11-12 04:41 - 00000000 ____D C:\Program Files\CyberLink
    2016-08-05 11:32 - 2008-05-16 21:16 - 00000000 ____D C:\Users\owner
    2016-08-05 11:25 - 2008-05-16 21:19 - 00072392 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-08-05 11:04 - 2007-11-12 04:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2016-08-05 11:04 - 2007-11-12 04:14 - 00000000 ____D C:\Program Files\Microsoft Office
    2016-08-05 11:02 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\ShellNew
    2016-08-05 10:59 - 2008-01-21 08:54 - 00000000 ____D C:\ProgramData\CyberLink
    2016-08-05 10:59 - 2007-11-12 04:39 - 00000000 ____D C:\Program Files\HP
    2016-08-05 10:55 - 2007-11-12 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2016-08-05 10:35 - 2011-01-06 12:54 - 00000000 ____D C:\Program Files\Winamp
    2016-08-05 10:07 - 2008-01-21 08:55 - 00000164 _____ C:\Users\Public\Documents\hpqp.ini
    2016-08-05 01:01 - 2006-11-02 07:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
    2016-08-05 00:49 - 2008-01-21 09:01 - 00000000 ____D C:\ProgramData\WildTangent
    2016-08-04 22:09 - 2010-03-16 11:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-08-04 22:05 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal
    2016-08-04 22:05 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Collaboration
    2016-08-04 22:05 - 2006-11-02 07:18 - 00000000 ____D C:\Program Files\Common Files\System
    2016-08-04 22:04 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
    2016-08-04 20:56 - 2010-06-07 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-08-04 20:11 - 2007-11-12 04:13 - 00000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
    2016-08-04 20:11 - 2007-11-12 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
    2016-08-04 20:11 - 2007-11-12 04:13 - 00000000 ____D C:\Program Files\Microsoft Works
    2016-08-04 19:29 - 2006-11-02 06:24 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2016-08-02 17:45 - 2008-01-21 08:40 - 00000000 ____D C:\Program Files\Atheros
    2016-08-02 00:27 - 2016-06-30 16:50 - 00000000 ____D C:\Users\owner\AppData\Local\Windows Live Writer
    2016-08-01 11:40 - 2008-01-21 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games
    2016-08-01 11:20 - 2010-01-14 04:22 - 00005972 _____ C:\Users\owner\AppData\Local\d3d9caps.dat
    2016-07-30 18:55 - 2007-11-12 04:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
    2016-07-30 18:01 - 2007-11-12 04:53 - 00000000 ____D C:\Program Files\Vongo
    2016-07-30 17:59 - 2010-08-28 10:51 - 00000000 ____D C:\ProgramData\Electronic Arts
    2016-07-30 13:53 - 2006-11-09 17:04 - 00000000 ____D C:\SwSetup
    2016-07-29 17:55 - 2008-01-21 08:42 - 00000000 ____D C:\Program Files\Apoint2K
    2016-07-29 17:48 - 2008-01-21 08:40 - 00000000 ____D C:\ProgramData\Atheros
    2016-07-29 12:44 - 2011-01-21 17:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\WhiteSmokeTranslator
    2016-07-29 11:54 - 2010-08-11 00:03 - 00000000 ____D C:\Users\owner\AppData\Local\Google
    2016-07-29 04:15 - 2010-08-11 00:04 - 00000000 ____D C:\ProgramData\WinZip
    2016-07-29 02:40 - 2012-06-05 11:13 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-07-29 02:40 - 2012-06-05 11:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-07-29 02:31 - 2010-03-09 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-07-29 02:27 - 2008-12-03 13:07 - 00000000 ____D C:\Windows\Minidump
    2016-07-29 02:27 - 2007-11-12 02:34 - 00000000 ____D C:\Windows\panther
    2016-07-29 01:40 - 2007-11-12 04:12 - 00000000 ____D C:\Windows\system32\Macromed
    2016-07-29 01:10 - 2016-06-30 17:00 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-29 00:35 - 2011-09-19 21:52 - 00000000 ____D C:\Users\owner\Desktop\dzenta party
    2016-07-28 19:44 - 2011-01-26 11:05 - 00000000 ____D C:\Program Files\QuickTime
    2016-07-28 18:46 - 2008-05-16 21:40 - 00000000 ____D C:\Program Files\Yahoo!
    2016-07-28 18:28 - 2007-11-12 05:08 - 00000000 ____D C:\Program Files\Java

    ==================== Files in the root of some directories =======

    2008-05-16 21:19 - 2008-05-16 21:19 - 0000000 _____ () C:\Users\owner\AppData\Local\AtStart.txt
    2010-01-14 04:22 - 2016-08-01 11:20 - 0005972 _____ () C:\Users\owner\AppData\Local\d3d9caps.dat
    2008-09-30 14:33 - 2011-09-19 21:54 - 0045568 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-05-16 21:19 - 2008-05-16 21:19 - 0000000 _____ () C:\Users\owner\AppData\Local\DSwitch.txt
    2008-05-16 21:19 - 2008-05-16 21:19 - 0000000 _____ () C:\Users\owner\AppData\Local\QSwitch.txt
    2007-11-12 04:39 - 2016-08-01 11:41 - 0001733 _____ () C:\ProgramData\hpzinstall.log

    Some files in TEMP:
    ====================
    C:\Users\owner\AppData\Local\Temp\avgnt.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-24 17:52

    ==================== End of FRST.txt ============================
     
    Last edited: Aug 24, 2016
  6. dino7

    dino7 Thread Starter

    Joined:
    May 27, 2011
    Messages:
    521
    Good morning!
    A little history:
    regarding Trend Micro..when I first received this laptop. If my memory serves me correctly?! I think there might have been a Trend Micro in the Add/Remove programs or the Desktop or I may have used the "Should I Remove It" app to remove/delete it from the computer.
    After running MalwareBytes (MWB) there were several different items that appeared. I do not recall the specifics of these items that were found? I know there was a Trojan and perhaps some PUPS.? As far as I know those were Quarantined by MWB and removed safely and completely from the computer. Like I normally had done and I believe successfully done in the past with other computers/situations where some form of infection was indicated.
    The computer was from a close friend of mine and had not been operated for an extended period of time. In retrospect I should have copied what those items were that MWB had found.
    Is it okay to close out the Farbar Scan Tool? and what about Avira and having an anti-virus program running?
    I hope this helps!
    Sincerely, Raphael
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    dano7,
    We will get it fixed up.
    From now on, please don't Install, Uninstall or scan with anything unless I ask.
    Thanks.

    Please DO Install your AVIRA once again now.
    Since your Sysinfo log showed Trend Micro installed, I had you remove Avira to avoid having two antivirus apps running at the same time.
    Evidently the Trend Micro entry in the log was erroneous.

    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    SpywareBlaster 5.5

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  8. dino7

    dino7 Thread Starter

    Joined:
    May 27, 2011
    Messages:
    521
    I believe this is it!?
    There is a Fixlist (1) and Fixlist(2) in the Downloads and also a Fixlog

    Fix result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
    Ran by owner (25-08-2016 11:33:53) Run:1
    Running from C:\Users\owner\Downloads
    Loaded Profiles: owner (Available Profiles: owner)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************

    IE trusted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\driversupport.com -> hxxp://apps.driversupport.com
    IE trusted site: HKU\S-1-5-21-377907422-106691936-1309279334-1000\...\driversupport.com -> hxxps://apps.driversupport.com
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    SearchScopes: HKLM -> {2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    SearchScopes: HKLM -> {7638F40E-6DD0-42B2-A953-26B5A65C45A9} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    SearchScopes: HKU\.DEFAULT -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {7638F40E-6DD0-42B2-A953-26B5A65C45A9} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {C879DD44-560E-4107-B580-D4F7FC34FDC7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: WhiteSmoke Toolbar -> {52794457-af6c-4c50-9def-f2e24f4c8889} -> C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll [2010-08-15] ()
    Toolbar: HKLM - No Name - {7FEBEFE3-6B19-43)
    S4 FastUserSwitchingCompatibility; [X]49-98D2-FFB09D4B49CA} - No File
    Toolbar: HKLM - WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll [2010-08-15] ()
    Toolbar: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    2016-08-06 11:48 - 2016-08-06 11:48 - 00000836 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
    2016-08-06 11:48 - 2016-08-06 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2016-08-06 11:48 - 2016-08-06 11:48 - 00000000 ____D C:\Program Files\SpywareBlaster
    2016-08-06 11:47 - 2016-08-06 11:47 - 04291320 _____ (BrightFort LLC ) C:\Users\owner\Downloads\spywareblastersetup55.exe
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    SearchScopes: HKLM -> {2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    SearchScopes: HKLM -> {7638F40E-6DD0-42B2-A953-26B5A65C45A9} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    SearchScopes: HKLM -> {2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    SearchScopes: HKLM -> {7638F40E-6DD0-42B2-A953-26B5A65C45A9} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {7638F40E-6DD0-42B2-A953-26B5A65C45A9} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {C879DD44-560E-4107-B580-D4F7FC34FDC7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    SearchScopes: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: WhiteSmoke Toolbar -> {52794457-af6c-4c50-9def-f2e24f4c8889} -> C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll [2010-08-15] ()
    Toolbar: HKLM - WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll [2010-08-15] ()
    Toolbar: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-377907422-106691936-1309279334-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    2016-07-29 12:44 - 2011-01-21 17:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\WhiteSmokeTranslator
    2016-07-28 18:46 - 2008-05-16 21:40 - 00000000 ____D C:\Program Files\Yahoo!

    *****************

    "HKU\S-1-5-21-377907422-106691936-1309279334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com" => key removed successfully.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com => key not found.
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4}" => key removed successfully.
    HKCR\CLSID\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7638F40E-6DD0-42B2-A953-26B5A65C45A9}" => key removed successfully.
    HKCR\CLSID\{7638F40E-6DD0-42B2-A953-26B5A65C45A9} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" => key removed successfully.
    HKCR\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    "HKU\S-1-5-21-377907422-106691936-1309279334-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4}" => key removed successfully.
    HKCR\CLSID\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} => key not found.
    "HKU\S-1-5-21-377907422-106691936-1309279334-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7638F40E-6DD0-42B2-A953-26B5A65C45A9}" => key removed successfully.
    HKCR\CLSID\{7638F40E-6DD0-42B2-A953-26B5A65C45A9} => key not found.
    "HKU\S-1-5-21-377907422-106691936-1309279334-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C879DD44-560E-4107-B580-D4F7FC34FDC7}" => key removed successfully.
    HKCR\CLSID\{C879DD44-560E-4107-B580-D4F7FC34FDC7} => key not found.
    "HKU\S-1-5-21-377907422-106691936-1309279334-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" => key removed successfully.
    HKCR\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
    HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}" => key removed successfully.
    "HKCR\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\Toolbar: HKLM - No Name - {7FEBEFE3-6B19-43) => value not found.
    HKCR\CLSID\Toolbar: HKLM - No Name - {7FEBEFE3-6B19-43) => key not found.
    FastUserSwitchingCompatibility => service removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} => value removed successfully.
    HKCR\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} => key not found.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully.
    HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    "C:\Users\Public\Desktop\SpywareBlaster.lnk" => not found.
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster" => not found.
    "C:\Program Files\SpywareBlaster" => not found.
    C:\Users\owner\Downloads\spywareblastersetup55.exe => moved successfully
    "C:\Windows\system32\GroupPolicy\Machine" => not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} => key not found.
    HKCR\CLSID\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7638F40E-6DD0-42B2-A953-26B5A65C45A9} => key not found.
    HKCR\CLSID\{7638F40E-6DD0-42B2-A953-26B5A65C45A9} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => key not found.
    HKCR\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => key not found.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} => key not found.
    HKCR\CLSID\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7638F40E-6DD0-42B2-A953-26B5A65C45A9} => key not found.
    HKCR\CLSID\{7638F40E-6DD0-42B2-A953-26B5A65C45A9} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => key not found.
    HKCR\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => key not found.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} => key not found.
    HKCR\CLSID\{2C55072A-FAC7-4F0C-8BFF-9A438F819BF4} => key not found.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7638F40E-6DD0-42B2-A953-26B5A65C45A9} => key not found.
    HKCR\CLSID\{7638F40E-6DD0-42B2-A953-26B5A65C45A9} => key not found.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C879DD44-560E-4107-B580-D4F7FC34FDC7} => key not found.
    HKCR\CLSID\{C879DD44-560E-4107-B580-D4F7FC34FDC7} => key not found.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => key not found.
    HKCR\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
    HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889} => key not found.
    HKCR\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} => value not found.
    HKCR\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} => key not found.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value not found.
    HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
    HKU\S-1-5-21-377907422-106691936-1309279334-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    C:\Users\owner\AppData\Roaming\WhiteSmokeTranslator => moved successfully
    C:\Program Files\Yahoo! => moved successfully


    The system needed a reboot.

    ==== End of Fixlog 11:34:26 ====
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    If you use CCleaner, that's fine, but don't ever use the Registry section.

    For that matter steer clear of all Registry Cleaners, Helpers, Optimizers, etc.
    The risk of breaking the machine far outweighs any small gains in speed.

    Open CCleaner and click Run Cleaner.
    When it's finished :
    -------------------------------------------------------------
    Download MyDefrag from here and Install it : http://filehippo.com/download_mydefrag/
    After Installation, run MyDefrag in System Disk Monthly Mode on the C: drive
    (Click System Disk Monthly and then check C: drive, click Run)
    Wait for it. It goes through 6 Zones. It may take an hour or two, depending on how badly the HD is scrambled.
    The Window will be labeled Finished at the top when it is done.
    Then tell me how it's running.

    Going forward, you can run MyDefrag in System Disk Daily mode, but once every week or two is sufficient. It will finish a lot faster in the ensuing runs.
     
  10. dino7

    dino7 Thread Starter

    Joined:
    May 27, 2011
    Messages:
    521
    In the Setup>Select Components do I leave all those checked? there's five items there. MyDefrag script interpreter, Standard scripts,Screensaver,Manual,Example scripts? Won't proceed until I get the Okay.
    Tx, ralph

    I'm going to run it with those itchecked..you would of said not to if I wasn't okay.
    I'll let you know as soon as it's finished. Thank You!
     
    Last edited: Aug 25, 2016
  11. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    You don't need the screensaver or the example scripts.
    You can leave the rest checked.
     
  12. dino7

    dino7 Thread Starter

    Joined:
    May 27, 2011
    Messages:
    521
    I'm on Stage 5 and I left them ALL checked. I hope i didn't gum up the works? I didn't think I'd hear anything more from you today.
    Moving forward...I don't know what the interface on the MyDefrag looks like? But, I assume you can reset it per your most recent post for the next DeFrag and settings!?
    I'm curious to see if those odd icons and misrepresented icons will appear correctly now? I showed them in the "original" post?! I don't see those a lot, but they pop up every so often..like when I visited Tumblr today. I don't believe I've seen them using my Windows 7 computers.
    Sincerely, Raphael
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    You didn't Gum Up The Works !
    We can run another scan to clean out leftovers, if you want.
    Tell me what you think.
    I'll bet it's still faster, with fewer intrusions..

    If you can, tell me what browser you use when you click an internet site. (what is the default?)
    Is it Firefox?
     
    Last edited: Aug 25, 2016
  14. dino7

    dino7 Thread Starter

    Joined:
    May 27, 2011
    Messages:
    521
    There is no question it runs faster. I haven't put it through it's paces yet.
    Because of discontinued support from Google Chrome updates for Vista I switched to Mozilla. So Mozilla is the main browser. I might use IE once in a while.
    What about those "foolish icons" not appear as they do on my Windows 7 computers?
    The icon in the far upper left corner of the original Post should appear as a baseball and not a square like this ⚾. What the heck is that thing? Enlarged odd icon.jpg
    Is this MyDeFrag something I should use on my other computers?
    Sometimes as I'm typing their seems to be a little lag/if there is a correction involved or if I backspace?
    Have I forgot anything? Am I expecting to much?

    Thanks again...
    Sincerely, Ralph

    basball icon Windows 7.jpg Icons as they appear Windows 7.jpg Rocktape bottom odd icons.jpg
     
  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    dino7,
    MyDefrag is designed for Vista and Windows 7.
    It is far better than the built-in defragmenters.
    I wouldn't recommend it for Win8 or Win 10.
    --------------------------------------------------------------------
    I'm sure you are aware Vista will lose support early next year and will not really be safe after that.
    If this machine were mine, I would consider installing Linux Mint at that time.
    You can try out what it looks like by making (or buying) a Live DVD.
    You can boot up with the DVD and checck it out without making any changes to your machine.
    Here is one edition: https://www.linuxmint.com/edition.php?id=205
    This is an .iso file to burn a disc. It's about 1.4Gb (big download)
    --------------------------------------------------------------------
    Let's go ahead and run one more scan with FRST.
    First please delete the leftover logs, frst.txt and addition.txt
    Then start Frst.exe.
    This time, check the box for addition.txt (It usually is unchecked for the second scan)
    Then run the scan and post both log files.
    askey127
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1176815

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice