1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

proxy error

Discussion in 'Virus & Other Malware Removal' started by obie1, May 1, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. obie1

    obie1 Thread Starter

    Joined:
    May 1, 2015
    Messages:
    6
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz, Intel64 Family 6 Model 69 Stepping 1
    Processor Count: 4
    RAM: 6024 Mb
    Graphics Card: Intel(R) HD Graphics Family, 1024 Mb
    Hard Drives: C: Total - 467750 MB, Free - 394460 MB;
    Motherboard: Dell Inc., 0RXJTY
    Antivirus: Norton Security, Updated and Enabled


    Hi I am having a similar problem as some one else here my wifes computer got infected with malware now we are having proxy errors and I found this in her manual proxy settings and cannot change or delete it
    http=127.0.0.1:8877;http what can I do?
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome :)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
     
  3. obie1

    obie1 Thread Starter

    Joined:
    May 1, 2015
    Messages:
    6
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
    Ran by dober_000 (administrator) on LISAS-LAPTOP on 01-05-2015 20:06:06
    Running from C:\Users\dober_000\Desktop
    Loaded Profiles: dober_000 (Available profiles: Lisa & dober_000)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    () C:\a\internetport3.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393480 2015-03-19] ()
    HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
    HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [interpee] => C:\a\internetport3.exe [10752 2015-03-17] ()
    HKLM\...\Run: [autoauto] => 5507171.bat
    HKLM-x32\...\Run: [interpee] => C:\a\internetport3.exe [10752 2015-03-17] ()
    HKLM-x32\...\Run: [autoauto] => 5507171.bat
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
    Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-06-03]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Policy Restriction on ProxySettings)
    ProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
    ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyEnable: [S-1-5-21-2808001785-3049627236-3382631767-1004] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-2808001785-3049627236-3382631767-1004] => http=127.0.0.1:8877;https=127.0.0.1:8877
    HKU\S-1-5-21-2808001785-3049627236-3382631767-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.optimum.net/
    HKU\S-1-5-21-2808001785-3049627236-3382631767-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2808001785-3049627236-3382631767-1004 -> DefaultScope {AA1590E3-E7DA-4420-AD80-D586DE9292E1} URL =
    SearchScopes: HKU\S-1-5-21-2808001785-3049627236-3382631767-1004 -> {AA1590E3-E7DA-4420-AD80-D586DE9292E1} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> No File
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> No File
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{55F6B826-BBE2-4FE2-8697-C2C8E3B370DE}: [NameServer] 31.168.228.251,82.166.96.251
    Tcpip\..\Interfaces\{5BE8E89F-F42C-4C4D-89EA-2E36518D3A14}: [NameServer] 31.168.228.251,82.166.96.251
    Tcpip\..\Interfaces\{E1CFE84D-B6B3-4380-8CB5-40CFC976228C}: [NameServer] 31.168.228.251,82.166.96.251
    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-28] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-28] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-18] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-05-01]
    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\Exts\Chrome.crx [2015-04-25]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\Exts\Chrome.crx [2015-04-25]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
    R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
    R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
    S2 noetureh; "C:\ProgramData\websmartapp\1.1.0.30\loxmwvi.exe" -scm [X]
    S2 sagrhuukok; "C:\ProgramData\websmartapp\1.1.0.30\loxmavi.exe" /ts2=1 [X]
    S2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150418.001\BHDrvx64.sys [1639128 2015-04-17] (Symantec Corporation)
    S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
    S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys [165080 2015-03-26] (Symantec Corporation)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150430.001\IDSvia64.sys [671448 2015-04-24] (Symantec Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150430.036\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150430.036\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated)
    R3 SRTSP; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSP64.SYS [916184 2015-03-26] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSPX64.SYS [42200 2015-03-26] (Symantec Corporation)
    S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2014-10-06] (support.com, Inc)
    R0 SymDS; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMDS64.SYS [490712 2015-03-26] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMEFA64.SYS [1151704 2015-03-26] (Symantec Corporation)
    S0 SymELAM; C:\Windows\System32\drivers\NSx64\1602000.01F\SymELAM.sys [23568 2015-03-26] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-04-25] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS [271576 2015-03-26] (Symantec Corporation)
    R1 SymNetS; C:\Windows\system32\drivers\NSx64\1602000.01F\SYMNETS.SYS [565464 2015-03-26] (Symantec Corporation)
    R1 tammgF119; C:\Windows\system32\Drivers\tammgF119.sys [34960 2015-04-25] ()
    R1 tammgR119; C:\Windows\system32\Drivers\tammgR119.sys [34960 2015-04-25] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S1 cherimoya; system32\drivers\cherimoya.sys [X]
    S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-01 20:06 - 2015-05-01 20:07 - 00018283 _____ () C:\Users\dober_000\Desktop\FRST.txt
    2015-05-01 20:05 - 2015-05-01 20:06 - 00000000 ____D () C:\FRST
    2015-05-01 20:04 - 2015-05-01 20:04 - 02101248 _____ (Farbar) C:\Users\dober_000\Desktop\FRST64.exe
    2015-05-01 19:55 - 2015-05-01 19:55 - 00000112 _____ () C:\Users\dober_000\Desktop\optimum.url
    2015-05-01 14:05 - 2015-05-01 14:55 - 00509440 _____ (Tech Support Guy System) C:\Users\dober_000\Downloads\SysInfo.exe
    2015-05-01 13:28 - 2015-05-01 13:28 - 00000118 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2015-05-01 13:04 - 2015-05-01 13:04 - 00000000 __SHD () C:\Users\dober_000\AppData\Local\EmieUserList
    2015-05-01 13:04 - 2015-05-01 13:04 - 00000000 __SHD () C:\Users\dober_000\AppData\Local\EmieSiteList
    2015-05-01 13:04 - 2015-05-01 13:04 - 00000000 __SHD () C:\Users\dober_000\AppData\Local\EmieBrowserModeList
    2015-05-01 11:53 - 2007-02-02 11:28 - 00130048 _____ (Hewlett-Packard Company) C:\Windows\system32\hpz3l4v2.dll
    2015-05-01 11:50 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
    2015-05-01 11:50 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
    2015-05-01 11:50 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
    2015-05-01 11:50 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
    2015-05-01 11:50 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
    2015-05-01 11:50 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
    2015-05-01 11:49 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
    2015-05-01 11:49 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
    2015-05-01 11:49 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
    2015-05-01 11:49 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
    2015-05-01 11:49 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2015-05-01 11:49 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
    2015-05-01 11:49 - 2015-03-12 22:49 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-05-01 11:49 - 2015-03-12 22:28 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-05-01 11:49 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
    2015-05-01 11:49 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
    2015-05-01 11:49 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
    2015-05-01 11:49 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2015-05-01 11:48 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
    2015-05-01 11:48 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
    2015-05-01 11:48 - 2015-03-13 22:03 - 04179968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-01 11:48 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
    2015-05-01 11:48 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
    2015-05-01 11:48 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
    2015-05-01 11:48 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
    2015-05-01 11:47 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
    2015-05-01 11:47 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
    2015-05-01 11:47 - 2015-03-12 22:59 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-01 11:47 - 2015-03-12 22:38 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-01 11:47 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-01 11:47 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-01 11:47 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
    2015-05-01 11:47 - 2015-02-12 22:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-01 11:47 - 2015-02-12 21:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-01 11:47 - 2014-11-17 16:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
    2015-05-01 11:47 - 2014-11-17 16:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2015-05-01 11:47 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
    2015-05-01 11:47 - 2014-11-14 02:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
    2015-05-01 11:47 - 2014-11-14 02:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2015-05-01 11:46 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-05-01 11:46 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-05-01 11:46 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
    2015-05-01 11:46 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2015-05-01 11:46 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-05-01 11:46 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2015-05-01 11:46 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-05-01 11:46 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
    2015-05-01 11:46 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
    2015-05-01 11:46 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2015-05-01 11:46 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2015-05-01 11:46 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2015-05-01 11:46 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
    2015-05-01 11:46 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2015-05-01 11:46 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
    2015-05-01 11:46 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2015-05-01 11:46 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
    2015-05-01 11:46 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2015-05-01 11:46 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
    2015-05-01 11:46 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
    2015-05-01 11:46 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
    2015-05-01 11:46 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
    2015-05-01 11:46 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
    2015-05-01 11:46 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
    2015-05-01 11:46 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
    2015-05-01 11:46 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
    2015-05-01 11:46 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
    2015-05-01 11:46 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
    2015-05-01 11:46 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
    2015-05-01 11:46 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
    2015-05-01 11:46 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
    2015-05-01 11:46 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
    2015-05-01 11:46 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
    2015-05-01 11:46 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
    2015-05-01 11:46 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
    2015-05-01 11:46 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
    2015-05-01 11:46 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
    2015-05-01 11:46 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
    2015-05-01 11:46 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
    2015-05-01 11:46 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
    2015-05-01 11:46 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
    2015-05-01 11:46 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
    2015-05-01 11:46 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
    2015-05-01 11:46 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
    2015-05-01 11:46 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
    2015-05-01 11:46 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
    2015-05-01 11:46 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
    2015-05-01 11:46 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
    2015-05-01 11:46 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
    2015-05-01 11:46 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
    2015-05-01 11:46 - 2014-11-04 15:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
    2015-05-01 11:46 - 2014-11-04 15:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
    2015-05-01 11:46 - 2014-11-04 02:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
    2015-05-01 11:46 - 2014-11-04 02:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
    2015-05-01 11:46 - 2014-11-04 02:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
    2015-05-01 11:46 - 2014-11-04 02:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
    2015-05-01 11:46 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
    2015-05-01 11:46 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2015-05-01 11:46 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2015-05-01 11:46 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2015-05-01 11:46 - 2014-10-28 23:05 - 00551232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2015-05-01 11:46 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
    2015-05-01 11:46 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
    2015-05-01 11:46 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
    2015-05-01 11:46 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
    2015-05-01 11:46 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
    2015-05-01 11:46 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
    2015-05-01 11:46 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
    2015-05-01 11:46 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2015-05-01 11:46 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
    2015-05-01 11:46 - 2014-10-17 00:56 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
    2015-05-01 11:46 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
    2015-05-01 11:45 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-01 11:45 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-01 11:44 - 2015-03-12 20:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-05-01 11:44 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-04-29 17:51 - 2015-05-01 19:59 - 01502611 _____ () C:\Windows\WindowsUpdate.log
    2015-04-29 17:50 - 2015-05-01 19:58 - 00002346 _____ () C:\Windows\setupact.log
    2015-04-29 17:50 - 2015-04-29 17:50 - 00000000 _____ () C:\Windows\setuperr.log
    2015-04-29 17:49 - 2015-05-01 12:05 - 00023350 _____ () C:\Windows\PFRO.log
    2015-04-29 17:38 - 2015-04-29 17:38 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\supportdotcom
    2015-04-29 17:14 - 2015-04-29 23:32 - 00000585 _____ () C:\Windows\Tasks\RegClinic_sch_B7938552-EEB4-11E4-82AD-645A04285122.job
    2015-04-29 17:14 - 2015-04-29 18:00 - 00000500 _____ () C:\Windows\Tasks\Regclinic LLC Registration3.job
    2015-04-29 17:14 - 2015-04-29 17:50 - 00000464 _____ () C:\Windows\Tasks\Regclinic LLC Update3_triggeronce.job
    2015-04-29 17:14 - 2015-04-29 17:50 - 00000464 _____ () C:\Windows\Tasks\Regclinic LLC Update3.job
    2015-04-29 17:14 - 2015-04-29 17:25 - 00001207 _____ () C:\Users\Lisa\Desktop\RegClinic.lnk
    2015-04-29 17:14 - 2015-04-29 17:14 - 00004004 _____ () C:\Windows\System32\Tasks\RegClinic_sch_B7938552-EEB4-11E4-82AD-645A04285122
    2015-04-29 17:14 - 2015-04-29 17:14 - 00003252 _____ () C:\Windows\System32\Tasks\Regclinic LLC Update3
    2015-04-29 17:14 - 2015-04-29 17:14 - 00003142 _____ () C:\Windows\System32\Tasks\Regclinic LLC Registration3
    2015-04-29 17:14 - 2015-04-29 17:14 - 00002920 _____ () C:\Windows\System32\Tasks\Regclinic LLC Update3_triggeronce
    2015-04-29 17:14 - 2015-04-29 17:14 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Regclinic LLC
    2015-04-29 17:14 - 2015-04-29 17:14 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Regclinic LLC
    2015-04-29 17:14 - 2015-04-29 17:14 - 00000000 ____D () C:\ProgramData\Regclinic LLC
    2015-04-29 17:14 - 2015-04-29 17:14 - 00000000 ____D () C:\Program Files (x86)\Regclinic LLC
    2015-04-26 22:17 - 2015-04-26 22:17 - 00000000 _____ () C:\Recovery.txt
    2015-04-26 22:13 - 2015-04-26 22:13 - 00000000 ____D () C:\$WINDOWS.~BT
    2015-04-26 20:26 - 2015-04-26 20:26 - 00002790 _____ () C:\Windows\System32\Tasks\Tempo Runner loxm3vi
    2015-04-26 20:26 - 2015-04-26 20:26 - 00000466 _____ () C:\Windows\Tasks\Tempo Runner loxm3vi.job
    2015-04-26 20:21 - 2015-04-29 18:16 - 00000000 ____D () C:\NPE
    2015-04-26 18:51 - 2015-04-26 18:51 - 03215762 _____ () C:\Windows\shost.bin
    2015-04-25 20:33 - 2015-04-29 18:18 - 00000000 ____D () C:\Users\Lisa\AppData\Local\NPE
    2015-04-25 19:22 - 2015-04-25 19:22 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security
    2015-04-25 19:19 - 2015-04-25 19:19 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2015-04-25 19:19 - 2015-04-25 19:19 - 00008214 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2015-04-25 19:19 - 2015-04-25 19:19 - 00003216 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2015-04-25 19:19 - 2015-04-25 19:19 - 00002484 _____ () C:\Users\Public\Desktop\Norton Security.lnk
    2015-04-25 19:19 - 2015-04-25 19:19 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2015-04-25 19:18 - 2015-04-25 19:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2015-04-25 19:18 - 2015-04-25 19:18 - 00000000 ____D () C:\Windows\system32\Drivers\NSx64
    2015-04-25 19:18 - 2015-04-25 19:18 - 00000000 ____D () C:\Program Files (x86)\Norton Security
    2015-04-25 19:17 - 2015-04-26 20:19 - 00000000 ____D () C:\ProgramData\Norton
    2015-04-25 19:17 - 2015-04-25 19:17 - 00001310 _____ () C:\Users\Lisa\Desktop\Norton Installation Files.lnk
    2015-04-25 19:17 - 2015-04-25 19:17 - 00000000 ____D () C:\Users\Public\Downloads\Norton
    2015-04-25 14:31 - 2015-04-25 14:31 - 00000000 ____D () C:\Program Files (x86)\Exploremedia
    2015-04-25 14:14 - 2015-04-25 19:53 - 00000000 ____D () C:\Program Files (x86)\FastInternet
    2015-04-25 14:14 - 2015-04-25 19:52 - 00000000 ___HD () C:\a
    2015-04-25 14:14 - 2015-04-25 19:47 - 00000000 ____D () C:\Users\Lisa\AppData\Local\yuntnani
    2015-04-25 14:12 - 2015-04-25 14:32 - 00000000 ____D () C:\Program Files (x86)\CloudScout Parental Control
    2015-04-25 13:47 - 2015-04-29 17:48 - 00000000 ____D () C:\ProgramData\68ff5de400003ccb
    2015-04-25 13:40 - 2015-04-25 13:40 - 00000046 _____ () C:\Windows\wininit.ini
    2015-04-25 13:40 - 2015-04-25 13:40 - 00000000 ____D () C:\Program Files (x86)\predm
    2015-04-25 13:30 - 2015-04-25 13:30 - 00000000 __SHD () C:\Users\Lisa\AppData\Roaming\AnyProtectEx
    2015-04-25 13:28 - 2015-04-29 17:48 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\4C4C4544-1429982924-3910-8034-C8C04F363032
    2015-04-25 13:26 - 2015-04-25 13:29 - 00001655 _____ () C:\Windows\SysWOW64\${LOGFILE}
    2015-04-25 13:22 - 2015-04-25 14:25 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-04-25 13:19 - 2015-04-25 13:22 - 00002178 _____ () C:\Windows\patsearch.bin
    2015-04-25 13:19 - 2015-04-25 13:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
    2015-04-25 13:17 - 2015-04-25 19:56 - 00000000 ____D () C:\Users\Lisa\AppData\Local\SmartWeb
    2015-04-25 13:15 - 2015-04-25 19:23 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    2015-04-25 13:15 - 2015-04-25 13:19 - 00003110 _____ () C:\Windows\System32\Tasks\Crossbrowse
    2015-04-25 13:15 - 2015-04-25 13:19 - 00001080 _____ () C:\Windows\Tasks\Crossbrowse.job
    2015-04-25 13:15 - 2015-04-25 13:15 - 00000000 ____D () C:\Users\Lisa\AppData\Local\globalUpdate
    2015-04-25 13:15 - 2015-04-25 13:15 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Crossbrowse
    2015-04-25 13:10 - 2015-04-29 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
    2015-04-25 13:09 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
    2015-04-25 13:09 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
    2015-04-25 13:07 - 2015-04-29 17:48 - 00000000 ____D () C:\Users\Lisa\AppData\Local\4C4C4544-1429967269-3910-8034-C8C04F363032
    2015-04-25 13:06 - 2015-04-25 14:15 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\WTools
    2015-04-25 13:06 - 2015-04-25 13:45 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Store
    2015-04-25 13:06 - 2015-04-25 13:06 - 00000000 ____D () C:\ProgramData\COMODO
    2015-04-25 13:06 - 2015-04-25 13:06 - 00000000 ____D () C:\Program Files\COMODO
    2015-04-25 13:05 - 2015-04-25 13:29 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Nosibay
    2015-04-25 13:04 - 2015-04-29 18:06 - 00000000 ____D () C:\Program Files (x86)\StormWatch
    2015-04-25 13:04 - 2015-04-25 19:33 - 00000000 ____D () C:\ProgramData\{e1b44dba-77a6-f50b-e1b4-44dba77a36e9}
    2015-04-25 13:04 - 2015-04-25 13:04 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Weather_Protector_LLC
    2015-04-25 13:03 - 2015-04-25 21:00 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\4C4C4544-1429981439-3910-8034-C8C04F363032
    2015-04-25 13:02 - 2015-04-26 20:27 - 00000000 ____D () C:\ProgramData\websmartapp
    2015-04-25 13:02 - 2015-04-25 13:02 - 00034960 _____ () C:\Windows\system32\Drivers\tammgR119.sys
    2015-04-25 13:02 - 2015-04-25 13:02 - 00034960 _____ () C:\Windows\system32\Drivers\tammgF119.sys
    2015-04-20 23:53 - 2015-04-20 23:53 - 00000000 ____D () C:\Windows\SysWOW64\sda
    2015-04-20 23:52 - 2015-04-20 23:52 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2015-04-17 19:11 - 2015-05-01 12:01 - 00000000 ____D () C:\Program Files (x86)\Dell Update
    2015-04-14 22:16 - 2015-04-14 22:16 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-04-14 19:00 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-14 19:00 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-14 19:00 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-04-14 19:00 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-04-14 19:00 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-04-14 19:00 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-04-14 19:00 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-04-14 19:00 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-04-14 19:00 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-04-14 19:00 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-04-14 19:00 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-04-14 19:00 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-04-14 19:00 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2015-04-14 19:00 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-04-14 19:00 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-04-14 19:00 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-04-14 19:00 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-04-14 19:00 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-04-14 19:00 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-04-14 19:00 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-14 19:00 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-04-14 19:00 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-04-14 19:00 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-14 19:00 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-14 19:00 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-14 19:00 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-14 19:00 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-04-14 19:00 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-14 19:00 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-14 19:00 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-14 19:00 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2015-04-14 19:00 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-04-14 19:00 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-14 19:00 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-14 19:00 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-14 19:00 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-04-14 19:00 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-04-14 19:00 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-04-14 19:00 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-04-14 19:00 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-14 19:00 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-14 19:00 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-14 19:00 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-04-14 19:00 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-14 19:00 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-04-14 19:00 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-04-14 19:00 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-14 19:00 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-04-14 19:00 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-04-14 19:00 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-04-14 19:00 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-04-14 19:00 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-14 19:00 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-14 19:00 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-04-14 19:00 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-04-14 19:00 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-04-14 19:00 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-14 19:00 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-04-14 19:00 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-04-14 19:00 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-04-14 19:00 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-14 19:00 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-04-14 19:00 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-04-14 19:00 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-04-14 19:00 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-04-14 19:00 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
    2015-04-14 19:00 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-14 19:00 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-14 19:00 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-04-14 19:00 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
    2015-04-14 19:00 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-04-14 12:28 - 2015-04-14 12:28 - 00004387 _____ () C:\Users\Lisa\AppData\Roaming\MI5q0XmuNpdwiC
    2015-04-14 12:28 - 2015-04-14 12:28 - 00004387 _____ () C:\Users\Lisa\AppData\Roaming\KGCMgqLv2STPlTi
    2015-04-13 19:54 - 2015-04-13 19:54 - 00000000 ____D () C:\Users\Lisa\Desktop\2015
    2015-04-12 18:55 - 2015-04-12 18:56 - 00000200 _____ () C:\Users\Lisa\Desktop\face.url
    2015-04-06 21:30 - 2015-04-11 00:34 - 00057344 ___SH () C:\Users\Lisa\Downloads\Thumbs.db
    2015-04-06 13:09 - 2015-04-06 13:10 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-06 13:09 - 2015-04-06 13:09 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-05 11:50 - 2015-04-05 11:55 - 00000000 ____D () C:\Users\Lisa\Desktop\Easter Eggs
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-01 20:06 - 2014-02-21 12:35 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2015-05-01 20:03 - 2014-03-14 14:17 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2808001785-3049627236-3382631767-1004
    2015-05-01 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-05-01 19:59 - 2014-03-14 14:13 - 00000000 ___DO () C:\Users\dober_000\SkyDrive
    2015-05-01 19:58 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-01 19:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
    2015-05-01 15:03 - 2014-03-13 21:08 - 00000000 ___DO () C:\Users\Lisa\SkyDrive
    2015-05-01 14:59 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-05-01 13:42 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-05-01 12:55 - 2014-03-14 14:04 - 00000000 ____D () C:\Users\dober_000
    2015-05-01 12:48 - 2014-03-09 21:21 - 00000000 ____D () C:\Users\Lisa\Documents\Bluetooth Folder
    2015-05-01 12:08 - 2014-03-09 21:19 - 00000000 ____D () C:\Users\Lisa
    2015-05-01 12:08 - 2014-02-21 12:16 - 00000000 ____D () C:\Intel
    2015-05-01 12:05 - 2013-08-22 10:44 - 00381256 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-01 12:01 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
    2015-05-01 12:01 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
    2015-05-01 12:01 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
    2015-05-01 12:01 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2015-05-01 11:58 - 2014-03-09 21:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2808001785-3049627236-3382631767-1001
    2015-05-01 11:56 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-04-29 22:24 - 2015-01-29 21:27 - 00315392 ___SH () C:\Users\Lisa\Desktop\Thumbs.db
    2015-04-29 17:48 - 2015-03-18 11:33 - 00000000 ____D () C:\Windows\Minidump
    2015-04-29 17:48 - 2014-04-23 11:28 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps
    2015-04-29 17:48 - 2014-02-21 12:27 - 00000000 ____D () C:\ProgramData\install_clap
    2015-04-29 17:48 - 2014-02-21 11:30 - 00000000 ____D () C:\ProgramData\Dell
    2015-04-29 17:48 - 2014-02-21 11:06 - 00000000 ____D () C:\Windows\Panther
    2015-04-26 19:16 - 2014-02-21 12:31 - 00000000 ____D () C:\ProgramData\PCDr
    2015-04-25 19:21 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-04-25 19:19 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
    2015-04-25 14:36 - 2014-02-21 12:26 - 00000000 ____D () C:\ProgramData\CyberLink
    2015-04-25 14:36 - 2014-02-21 12:26 - 00000000 ____D () C:\ProgramData\CLSK
    2015-04-25 14:36 - 2014-02-21 12:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-25 14:35 - 2014-02-21 12:30 - 00000000 ____D () C:\Users\Public\CyberLink
    2015-04-25 13:39 - 2014-02-21 12:10 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-25 13:03 - 2013-08-22 09:25 - 00000226 _____ () C:\Windows\win.ini
    2015-04-21 17:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-20 23:52 - 2014-02-21 10:57 - 00000000 ____D () C:\dell
    2015-04-20 18:22 - 2014-03-09 21:34 - 00000000 ____D () C:\ProgramData\softthinks
    2015-04-17 19:11 - 2014-02-21 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2015-04-15 23:20 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
    2015-04-14 22:16 - 2015-03-13 14:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-04-14 21:51 - 2014-03-18 19:31 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-14 21:48 - 2014-03-18 19:31 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-14 19:00 - 2014-11-12 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
    2015-04-13 19:24 - 2015-03-13 14:40 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-13 19:24 - 2015-03-13 14:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-12 17:46 - 2014-03-14 14:40 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Adobe
    ==================== Files in the root of some directories =======
    2014-02-21 11:57 - 2014-02-21 11:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-04-29 22:03
    ==================== End Of Log ============================
     

    Attached Files:

  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Please remove the following program:

    RegClinic

    Please download the attached file and save it in the same directory as FRST.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Download AdwCleaner from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    [​IMG]
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be deleted.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    [​IMG]
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

    [​IMG] Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      1. Enable free trial of Malwarebytes Anti-Malware Premium
      2. Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.
     

    Attached Files:

  5. obie1

    obie1 Thread Starter

    Joined:
    May 1, 2015
    Messages:
    6
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01
    Ran by dober_000 at 2015-05-02 15:02:38 Run:1
    Running from C:\Users\dober_000\Desktop
    Loaded Profiles: dober_000 (Available profiles: Lisa & dober_000)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    Start
    HKLM\...\Run: [interpee] => C:\a\internetport3.exe [10752 2015-03-17] ()
    HKLM\...\Run: [autoauto] => 5507171.bat
    HKLM-x32\...\Run: [interpee] => C:\a\internetport3.exe [10752 2015-03-17] ()
    HKLM-x32\...\Run: [autoauto] => 5507171.bat
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Policy Restriction on ProxySettings)
    ProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
    ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyEnable: [S-1-5-21-2808001785-3049627236-3382631767-1004] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-2808001785-3049627236-3382631767-1004] => http=127.0.0.1:8877;https=127.0.0.1:8877
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2808001785-3049627236-3382631767-1004 -> DefaultScope {AA1590E3-E7DA-4420-AD80-D586DE9292E1} URL =
    SearchScopes: HKU\S-1-5-21-2808001785-3049627236-3382631767-1004 -> {AA1590E3-E7DA-4420-AD80-D586DE9292E1} URL =
    FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    Task: {EAA9434E-9957-4900-8458-B0EA58A72623} - System32\Tasks\Regclinic LLC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\Regclinic LLC\UUS3\UUS3.dll" RunUns
    Task: {EF608F4B-C7B5-4627-B3D6-A27BA1B055D3} - System32\Tasks\RegClinic_sch_B7938552-EEB4-11E4-82AD-645A04285122 => C:\Program Files (x86)\Regclinic LLC\RegClinic\RegClinic.exe [2015-01-05] (Regclinic LLC) <==== ATTENTION
    Task: {F9F4BC3C-F6A7-4B18-961D-1232CA378770} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Regclinic LLC Registration3.job => C:\Windows\system32\rundll32.exeIC:\Program Files (x86)\Common Files\Regclinic LLC\UUS3\UUS3.dll
    Task: C:\Windows\Tasks\Regclinic LLC Update3.job => c:\program files (x86)\common files\regclinic llc\uus3\Update3.exe
    Task: C:\Windows\Tasks\Regclinic LLC Update3_triggeronce.job => c:\program files (x86)\common files\regclinic llc\uus3\Update3.exe
    Task: C:\Windows\Tasks\RegClinic_sch_B7938552-EEB4-11E4-82AD-645A04285122.job => C:\Program Files (x86)\Regclinic LLC\RegClinic\RegClinic.exe <==== ATTENTION
    Task: {8AB41ED1-232B-4D6E-82F5-88D237142A8D} - System32\Tasks\PocketCloudUpdater => C:\Program
    Task: {A46EAEB5-60B3-404E-B763-ED1EB8D81B29} - System32\Tasks\Regclinic LLC Update3 => c:\program files (x86)\common files\regclinic llc\uus3\Update3.exe [2015-01-05] (Regclinic LLC)
    FirewallRules: [{6FB86FE1-64E9-4A1B-A038-BFA6C7D5576C}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{E5B09143-C09F-4A68-B46F-73E2AB318141}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{F6DBF18E-207A-40CD-AB11-8787D996AEB8}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{A7BE1948-A870-4254-9C53-E9A8BB0EFB6E}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{86CB4AA0-2914-4577-A965-DC691DB58804}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{5D4D80CC-BE68-4007-B179-4F55901D92B5}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{F8EA56B5-A7CD-4B4D-9EB5-37ACD6F056EF}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{BAAF0A81-D926-4DF1-B4C8-A74412EAFD63}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{AF3D8576-2948-41E3-8F86-597718E1F62C}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{0A891233-B4A2-4DAC-981F-32DCBCBBC147}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{E57CD73A-3567-4E85-9281-835F9A1CEF86}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{B058B48F-6D5D-4FA6-8D76-35C3DA020FCE}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{A980E90D-305C-4B07-9BEA-523D7614BDDB}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{4E14695D-5CE6-4778-984A-90B211BF226D}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{38E97343-563C-4741-A6E4-D2842653208D}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{2B4A0CA5-81F2-4364-A950-F5AAD5B7FFAE}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{AD6DA21B-5583-48C7-8B38-7C0EF4956D6F}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{51434D60-457F-4120-A0E3-B9C7878911F8}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{555ED17D-EF14-4F0F-A143-4833F1CB18DF}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{71C91E55-384C-42A2-9FA0-160AD6E6EE59}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{B744A2D7-04BC-4660-AB47-C0BD1AA46D26}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{9E13EA86-3D82-4519-9144-44152AD4DC9F}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{741ECD6A-E730-40C9-BE02-1A310D65FE65}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{31A694FA-2F6A-4454-98E9-F3AC49F90094}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{EAB2CDF1-28F0-447B-8D7E-EE17A50603E3}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{F0CF28D6-4815-4DDC-A388-EBBDE531C878}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{9504716D-836E-469B-92D2-F0B4091D7BA8}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{1B334B45-8982-4FFB-B0FA-CAA170927BD1}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{DC39A896-5495-4CB8-934C-56CE3EB14BA0}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{892E2E48-9507-4D7C-96FF-1415B4DE98F4}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{F9A949E0-A2AB-4F9B-A3FC-F8BB1D7E977F}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{A419ED1A-B6FD-40FA-B84E-050DF3E4873E}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{9E1EC55D-3BD1-4384-852F-E9AF91DE47A0}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{5E7B8363-1921-42BB-8B3A-92B133037847}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{18BE8A60-651A-4E34-99DE-903C6243033B}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{3330E8E7-B8CD-4634-B2E1-2A3150233FA1}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{10C5B8E9-073F-4907-A782-A8ACB8D4FD1E}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{643AAA38-9D46-49DA-95E2-5D4117AA05D9}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{16D86891-5D9F-4F1D-A1C5-F82BD40169AE}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{20971453-D600-4FCC-A86D-7AA9B0813BD1}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{C8EED797-2EB4-462C-B460-94CF028AC8E0}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{65083879-903B-4B58-A08D-3DFAD0535AD3}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{B0291EFD-2D66-48C9-AC26-F9A2881002C6}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{94D36E4A-E59A-497F-ACA9-9B59D53EBDCD}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{A242FDFD-56E8-444E-944B-0F630AFE28BF}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{BA818EA9-682E-4E04-83A2-D17C702E99F3}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{76EB9F14-8904-4D28-BB03-921DB86719EB}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{B0AFFB21-BD93-4511-80F5-40336A37982D}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{078EDA2A-63B7-4CFF-9479-ABEE7603E2A3}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{E8F3820B-8467-4A55-A2D7-CF81E5FD4829}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{C68ED0F3-72D0-4F15-9C11-B2932CBCA097}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{5A9E1713-AF49-4AA5-9A66-7B30303E2CB6}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{045012EC-E7CE-40AE-99E4-B871B633DA0F}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{F4664FAB-720B-4E1F-8F7E-0F8688635A4F}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{DA4BC830-5DB9-43B5-B8BC-0D89395252F7}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{1E754A38-D12B-4D10-96F4-63148AF66CA7}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{7770725B-98A3-467A-8542-519E308D7F6B}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{F2523FB6-BEC5-465D-B213-1A6FD12169F7}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{97FED50D-6CE9-464C-AB41-9EDE16182017}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{D4713583-7F9B-4C50-98EA-1A37C5970BC7}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{9365F492-1D85-46AB-BAD5-DF2AA3C2C415}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{6C2B9715-C103-4C34-8854-C1B81AE360B7}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{BDB31E21-E48C-49A5-94A3-F463CEC6674E}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{904DF24A-A65F-40E9-9494-D5F4B7FA4824}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{EC39BC18-CAC5-4C0C-A1DE-AC393D57EC27}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{680B3DE6-DBC7-4DDC-A5CB-82D92AD33DD1}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{301BB357-94E5-49AA-A680-85FF12B62EE8}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{06087417-7F68-4B55-BA3B-BD917A818542}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{397EE1F8-8500-4C9F-9927-9C41CD3BD71C}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{6BEF9E04-61DC-4088-8928-1F7B4E59165A}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{73385391-25F7-4DEC-AA3D-20CBE6856600}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{25A0C7D6-46C8-4C38-B896-FCF825E09176}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{8C4ABD27-906F-407C-91F2-E5A68A9C4CD0}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{F3E990FE-9BA9-446E-BBAC-8B84785EBFA4}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{9D3C640B-304A-4DBC-AEDF-5DE2A8442B81}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{A190E219-6C99-4279-B523-131B7E0AFF6C}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{BD186167-92B9-42FB-BC17-E9BE35F451A4}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{4C289110-5CB9-487C-A81B-17152926655B}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{B17F0922-3B3F-4D32-B68B-466A3E2AF7F3}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{80D3660F-3221-477F-A39E-649B00805F18}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{05218D35-CF38-4F43-A981-60063F77C57B}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{A86B45CD-264C-4B81-8D06-E129B52CC383}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{EF083379-14AC-462D-A981-ECAF5D0A4ADE}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{55746B9E-F9A6-4B0A-A455-5D171EC9E39B}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{052106D5-992D-4C37-ABF4-833A3D72A666}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{5E25801F-7B86-4A30-9C9E-96F570714485}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{10A28626-1167-40A6-B4C0-8F650826E157}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{470AABC8-E322-418D-ABFB-2F5050B149D5}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{5BD60E57-3098-491B-AD04-2192214E2A0A}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{B20924CD-1BCE-4F46-BB50-C1A3227CE985}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{2C0AB7E4-BC18-48C3-915A-E49CD1D0EDA9}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{203764E9-3302-4CDC-8437-38AED6A1D5AF}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{C3101632-634B-4307-87D2-A00E34662BA0}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{3D1B2A56-7D89-4001-8598-61769C3EAA24}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{6C635BA4-1558-49F0-A76A-F875C622BA1D}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{FC8CE787-6B3F-4A68-A0D0-AD4897F0C01F}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{0F4ED5A3-F996-486D-A5D4-E33006F87E4A}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    FirewallRules: [{0D42586A-9CE9-4B4C-B20B-52B686D91DCD}] => (Allow) C:\a\27cW3F1bIPCTNU2Knw6P.exe
    C:\a
    C:\Program Files (x86)\Common Files\Regclinic LLC
    C:\Users\Lisa\AppData\Roaming\Regclinic LLC
    C:\ProgramData\Regclinic LLC
    C:\Program Files (x86)\Regclinic LLC
    EmptyTemp:
    End

    *****************
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\interpee => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\autoauto => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\interpee => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\autoauto => value deleted successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DBARFileBackuped" => Key deleted successfully.
    "HKCR\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}" => Key deleted successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DBARFileNotBackuped" => Key deleted successfully.
    "HKCR\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKU\S-1-5-21-2808001785-3049627236-3382631767-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKU\S-1-5-21-2808001785-3049627236-3382631767-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKU\S-1-5-21-2808001785-3049627236-3382631767-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-2808001785-3049627236-3382631767-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA1590E3-E7DA-4420-AD80-D586DE9292E1}" => Key deleted successfully.
    HKCR\CLSID\{AA1590E3-E7DA-4420-AD80-D586DE9292E1} => Key not found.
    HKLM\Software\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value deleted successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAA9434E-9957-4900-8458-B0EA58A72623} => Key not found.
    C:\Windows\System32\Tasks\Regclinic LLC Registration3 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Regclinic LLC Registration3 => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF608F4B-C7B5-4627-B3D6-A27BA1B055D3}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF608F4B-C7B5-4627-B3D6-A27BA1B055D3}" => Key deleted successfully.
    C:\Windows\System32\Tasks\RegClinic_sch_B7938552-EEB4-11E4-82AD-645A04285122 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClinic_sch_B7938552-EEB4-11E4-82AD-645A04285122" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9F4BC3C-F6A7-4B18-961D-1232CA378770}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9F4BC3C-F6A7-4B18-961D-1232CA378770}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Crossbrowse => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse" => Key deleted successfully.
    C:\Windows\Tasks\Crossbrowse.job => Moved successfully.
    C:\Windows\Tasks\Regclinic LLC Registration3.job not found.
    C:\Windows\Tasks\Regclinic LLC Update3.job not found.
    C:\Windows\Tasks\Regclinic LLC Update3_triggeronce.job => Moved successfully.
    C:\Windows\Tasks\RegClinic_sch_B7938552-EEB4-11E4-82AD-645A04285122.job => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AB41ED1-232B-4D6E-82F5-88D237142A8D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AB41ED1-232B-4D6E-82F5-88D237142A8D}" => Key deleted successfully.
    C:\Windows\System32\Tasks\PocketCloudUpdater => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PocketCloudUpdater" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A46EAEB5-60B3-404E-B763-ED1EB8D81B29} => Key not found.
    C:\Windows\System32\Tasks\Regclinic LLC Update3 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Regclinic LLC Update3 => Key not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6FB86FE1-64E9-4A1B-A038-BFA6C7D5576C} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5B09143-C09F-4A68-B46F-73E2AB318141} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6DBF18E-207A-40CD-AB11-8787D996AEB8} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7BE1948-A870-4254-9C53-E9A8BB0EFB6E} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{86CB4AA0-2914-4577-A965-DC691DB58804} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D4D80CC-BE68-4007-B179-4F55901D92B5} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8EA56B5-A7CD-4B4D-9EB5-37ACD6F056EF} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAAF0A81-D926-4DF1-B4C8-A74412EAFD63} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF3D8576-2948-41E3-8F86-597718E1F62C} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A891233-B4A2-4DAC-981F-32DCBCBBC147} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E57CD73A-3567-4E85-9281-835F9A1CEF86} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B058B48F-6D5D-4FA6-8D76-35C3DA020FCE} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A980E90D-305C-4B07-9BEA-523D7614BDDB} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E14695D-5CE6-4778-984A-90B211BF226D} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38E97343-563C-4741-A6E4-D2842653208D} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B4A0CA5-81F2-4364-A950-F5AAD5B7FFAE} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD6DA21B-5583-48C7-8B38-7C0EF4956D6F} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51434D60-457F-4120-A0E3-B9C7878911F8} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{555ED17D-EF14-4F0F-A143-4833F1CB18DF} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71C91E55-384C-42A2-9FA0-160AD6E6EE59} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B744A2D7-04BC-4660-AB47-C0BD1AA46D26} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E13EA86-3D82-4519-9144-44152AD4DC9F} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{741ECD6A-E730-40C9-BE02-1A310D65FE65} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31A694FA-2F6A-4454-98E9-F3AC49F90094} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAB2CDF1-28F0-447B-8D7E-EE17A50603E3} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0CF28D6-4815-4DDC-A388-EBBDE531C878} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9504716D-836E-469B-92D2-F0B4091D7BA8} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B334B45-8982-4FFB-B0FA-CAA170927BD1} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC39A896-5495-4CB8-934C-56CE3EB14BA0} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{892E2E48-9507-4D7C-96FF-1415B4DE98F4} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9A949E0-A2AB-4F9B-A3FC-F8BB1D7E977F} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A419ED1A-B6FD-40FA-B84E-050DF3E4873E} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E1EC55D-3BD1-4384-852F-E9AF91DE47A0} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E7B8363-1921-42BB-8B3A-92B133037847} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18BE8A60-651A-4E34-99DE-903C6243033B} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3330E8E7-B8CD-4634-B2E1-2A3150233FA1} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10C5B8E9-073F-4907-A782-A8ACB8D4FD1E} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{643AAA38-9D46-49DA-95E2-5D4117AA05D9} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16D86891-5D9F-4F1D-A1C5-F82BD40169AE} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20971453-D600-4FCC-A86D-7AA9B0813BD1} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8EED797-2EB4-462C-B460-94CF028AC8E0} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65083879-903B-4B58-A08D-3DFAD0535AD3} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0291EFD-2D66-48C9-AC26-F9A2881002C6} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94D36E4A-E59A-497F-ACA9-9B59D53EBDCD} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A242FDFD-56E8-444E-944B-0F630AFE28BF} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA818EA9-682E-4E04-83A2-D17C702E99F3} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76EB9F14-8904-4D28-BB03-921DB86719EB} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0AFFB21-BD93-4511-80F5-40336A37982D} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{078EDA2A-63B7-4CFF-9479-ABEE7603E2A3} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8F3820B-8467-4A55-A2D7-CF81E5FD4829} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C68ED0F3-72D0-4F15-9C11-B2932CBCA097} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A9E1713-AF49-4AA5-9A66-7B30303E2CB6} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{045012EC-E7CE-40AE-99E4-B871B633DA0F} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4664FAB-720B-4E1F-8F7E-0F8688635A4F} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA4BC830-5DB9-43B5-B8BC-0D89395252F7} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E754A38-D12B-4D10-96F4-63148AF66CA7} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7770725B-98A3-467A-8542-519E308D7F6B} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2523FB6-BEC5-465D-B213-1A6FD12169F7} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97FED50D-6CE9-464C-AB41-9EDE16182017} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4713583-7F9B-4C50-98EA-1A37C5970BC7} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9365F492-1D85-46AB-BAD5-DF2AA3C2C415} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C2B9715-C103-4C34-8854-C1B81AE360B7} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDB31E21-E48C-49A5-94A3-F463CEC6674E} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{904DF24A-A65F-40E9-9494-D5F4B7FA4824} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC39BC18-CAC5-4C0C-A1DE-AC393D57EC27} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{680B3DE6-DBC7-4DDC-A5CB-82D92AD33DD1} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{301BB357-94E5-49AA-A680-85FF12B62EE8} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06087417-7F68-4B55-BA3B-BD917A818542} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{397EE1F8-8500-4C9F-9927-9C41CD3BD71C} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BEF9E04-61DC-4088-8928-1F7B4E59165A} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73385391-25F7-4DEC-AA3D-20CBE6856600} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25A0C7D6-46C8-4C38-B896-FCF825E09176} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C4ABD27-906F-407C-91F2-E5A68A9C4CD0} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3E990FE-9BA9-446E-BBAC-8B84785EBFA4} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D3C640B-304A-4DBC-AEDF-5DE2A8442B81} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A190E219-6C99-4279-B523-131B7E0AFF6C} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD186167-92B9-42FB-BC17-E9BE35F451A4} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C289110-5CB9-487C-A81B-17152926655B} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B17F0922-3B3F-4D32-B68B-466A3E2AF7F3} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80D3660F-3221-477F-A39E-649B00805F18} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05218D35-CF38-4F43-A981-60063F77C57B} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A86B45CD-264C-4B81-8D06-E129B52CC383} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF083379-14AC-462D-A981-ECAF5D0A4ADE} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{55746B9E-F9A6-4B0A-A455-5D171EC9E39B} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{052106D5-992D-4C37-ABF4-833A3D72A666} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E25801F-7B86-4A30-9C9E-96F570714485} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10A28626-1167-40A6-B4C0-8F650826E157} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{470AABC8-E322-418D-ABFB-2F5050B149D5} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BD60E57-3098-491B-AD04-2192214E2A0A} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B20924CD-1BCE-4F46-BB50-C1A3227CE985} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C0AB7E4-BC18-48C3-915A-E49CD1D0EDA9} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{203764E9-3302-4CDC-8437-38AED6A1D5AF} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3101632-634B-4307-87D2-A00E34662BA0} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D1B2A56-7D89-4001-8598-61769C3EAA24} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C635BA4-1558-49F0-A76A-F875C622BA1D} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC8CE787-6B3F-4A68-A0D0-AD4897F0C01F} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F4ED5A3-F996-486D-A5D4-E33006F87E4A} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D42586A-9CE9-4B4C-B20B-52B686D91DCD} => value deleted successfully.
    "C:\a" directory move:
    Could not move "C:\a" directory. => Scheduled to move on reboot.
    "C:\Program Files (x86)\Common Files\Regclinic LLC" => File/Directory not found.
    C:\Users\Lisa\AppData\Roaming\Regclinic LLC => Moved successfully.
    C:\ProgramData\Regclinic LLC => Moved successfully.
    "C:\Program Files (x86)\Regclinic LLC" => File/Directory not found.
    EmptyTemp: => Removed 551.8 MB temporary data.
    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-05-02 15:05:19)<=
    C:\a => Is moved successfully.
    ==== End of Fixlog 15:05:19 ====
     
  6. obie1

    obie1 Thread Starter

    Joined:
    May 1, 2015
    Messages:
    6
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.6.7 (04.30.2015:1)
    OS: Windows 8.1 x64
    Ran by dober_000 on Sat 05/02/2015 at 15:20:54.77
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    ~~~ Services
    Successfully stopped: [Service] cherimoya
    Successfully deleted: [Service] cherimoya
    Successfully stopped: [Service] swupdater
    Successfully deleted: [Service] swupdater


    ~~~ Tasks
    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2808001785-3049627236-3382631767-1001
    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2808001785-3049627236-3382631767-1004
    Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
    Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask


    ~~~ Registry Values


    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}


    ~~~ Files
    Successfully deleted: [File] C:\Windows\patsearch.bin
    Successfully deleted: [File] C:\Windows\wininit.ini


    ~~~ Folders
    Successfully deleted: [Folder] C:\Program Files (x86)\globalupdate
    Successfully deleted: [Folder] C:\Program Files (x86)\predm
    Successfully deleted: [Folder] C:\Program Files (x86)\stormwatch
    Successfully deleted: [Folder] C:\ProgramData\pcdr




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 05/02/2015 at 15:23:36.89
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  7. obie1

    obie1 Thread Starter

    Joined:
    May 1, 2015
    Messages:
    6
    # AdwCleaner v4.203 - Logfile created 02/05/2015 at 15:35:16
    # Updated 30/04/2015 by Xplode
    # Database : 2015-05-02.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : dober_000 - LISAS-LAPTOP
    # Running from : C:\Users\dober_000\Desktop\adwcleaner_4.203.exe
    # Option : Cleaning
    ***** [ Services ] *****
    Service Deleted : tammgF119
    Service Deleted : tammgR119
    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\68ff5de400003ccb
    Folder Deleted : C:\ProgramData\{e1b44dba-77a6-f50b-e1b4-44dba77a36e9}
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
    Folder Deleted : C:\Program Files (x86)\CloudScout Parental Control
    Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
    Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch
    Folder Deleted : C:\Users\Lisa\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\Lisa\AppData\Local\Weather_Protector_LLC
    Folder Deleted : C:\Users\Lisa\AppData\Local\SmartWeb
    Folder Deleted : C:\Users\Lisa\AppData\Local\Crossbrowse
    Folder Deleted : C:\Users\Lisa\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    Folder Deleted : C:\Users\Lisa\AppData\Roaming\AnyProtectEx
    Folder Deleted : C:\Users\Lisa\AppData\Roaming\Nosibay
    Folder Deleted : C:\Users\Lisa\AppData\Roaming\Store
    Folder Deleted : C:\Users\Lisa\AppData\Roaming\WTools
    Folder Deleted : C:\Users\Lisa\AppData\Roaming\4C4C4544-1429981439-3910-8034-C8C04F363032
    Folder Deleted : C:\Users\Lisa\AppData\Roaming\4C4C4544-1429982924-3910-8034-C8C04F363032
    File Deleted : C:\Windows\shost.bin
    File Deleted : C:\Windows\System32\drivers\tammgf119.sys
    File Deleted : C:\Windows\System32\drivers\tammgr119.sys
    File Deleted : C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
    ***** [ Scheduled tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep.1
    Key Deleted : HKLM\SOFTWARE\284f34a7-1139-df25-3598-40b2acf6b5bf
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
    Key Deleted : HKLM\SOFTWARE\CompeteInc
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\Tutorials
    Key Deleted : HKLM\SOFTWARE\StormWatchApp
    Key Deleted : HKLM\SOFTWARE\StormWatch
    Key Deleted : HKLM\SOFTWARE\Crossbrowse
    Key Deleted : HKLM\SOFTWARE\YorkNewCin
    Key Deleted : HKLM\SOFTWARE\HighDefAction
    Key Deleted : HKLM\SOFTWARE\ArenaHD
    Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
    Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
    Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
    Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
    Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    ***** [ Web browsers ] *****
    -\\ Internet Explorer v11.0.9600.17416

    *************************
    AdwCleaner[R0].txt - [5535 bytes] - [02/05/2015 15:32:49]
    AdwCleaner[S0].txt - [5526 bytes] - [02/05/2015 15:35:16]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5585 bytes] ##########
     
  8. obie1

    obie1 Thread Starter

    Joined:
    May 1, 2015
    Messages:
    6
    My hats off for you guys!!! everything is fixed my network is perfect and no longer are settings for my LAN locked Many Thanks :)
     
  9. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Thanks for the feedback.

    We need to remove the tools we've used during cleaning your machine

    1. Download Delfix from here
    2. Ensure Remove disinfection tools is ticked
      Also tick:
      • Create registry backup
      • Purge system restore
      [​IMG]
    3. Click Run
    Here are some suggestions.

    1. Always keep your JAVA updated. Older versions will make your computer vulnerable.
    2. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.
    3. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    For information and guidelines you can read this article by Miekiemoes.

    Best wishes! [​IMG]
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1147568

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice