Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

IE11 This page cannot be displayed.

This is a discussion on IE11 This page cannot be displayed. within the Resolved HJT Threads forums, part of the Tech Support Forum category. IE11 on this computer abruptly stopped displaying websites with "This page canít be displayed" error. Firefox on the same machine


 
 
Thread Tools Search this Thread
Old 05-16-2015, 01:34 PM   #1
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



IE11 on this computer abruptly stopped displaying websites with "This page canít be displayed" error. Firefox on the same machine seems to function properly. No other obvious anomalies. Users software requires IE11 so it's critical to use that browser. Looks as if the virus software may be expired. Thanks in advance for any help.

Here is the DDS.txt text

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801
Run by Charlie at 15:17:24 on 2015-05-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4001.2544 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Program Files (x86)\SimpleHelpService\SimpleService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files (x86)\SimpleHelpService\jre\bin\javaw.exe
C:\Program Files (x86)\eRS\DownloadManager\ecwService.exe
C:\Program Files (x86)\SimpleHelpService\jre\bin\javaw.exe
C:\Program Files (x86)\eRS\eRSService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Active Desktop Calendar] C:\myfiles\XemiComputers\Active Desktop Calendar\ADC.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE
mRun: [tvncontrol] "C:\Program Files (x86)\eRS\TightVnc20\tvnserver.exe" -controlservice -slave
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DD-ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DD-PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} - hxxps://installers.speechmachines.org/Installer/DNInstaller2.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.mercy.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CEC59F32-7590-4FBC-9BC2-42996133D9CC} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files (x86)\eClinicalWorks\wowctl2.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\7wiytpka.default-1361762365797\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\Charlie\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-5-3 116224]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R2 ecwService;ecwService;C:\Program Files (x86)\eRS\DownloadManager\ecwService.exe [2013-1-23 82432]
R2 eRSService;eRSService;C:\Program Files (x86)\eRS\eRSService.exe [2013-1-23 30720]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2013-7-3 375872]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2013-7-3 454208]
R2 SimpleHelpSimpleGatewayService;SimpleHelp SimpleGateway Service;C:\Program Files (x86)\SimpleHelpService\SimpleService.exe [2013-3-26 96448]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-6 284696]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2015-5-16 3574624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-16 2656280]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-19 817072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-16 471144]
S1 SWIPsec;SonicWALL IPsec Driver;C:\Windows\System32\drivers\SWIPsec.sys [2013-1-23 99352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 tvnserver;TightVNC Server;C:\Program Files (x86)\eRS\TightVNC20\tvnserver.exe [2013-1-23 819200]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-11-16 158976]
S3 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2013-7-3 621632]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\System32\drivers\SWVNIC.sys [2009-3-4 24600]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-30 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2015-05-16 19:34:27 -------- d-----w- C:\Program Files (x86)\TeamViewer
2015-05-16 07:36:02 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B984BD5-1CAF-41F4-BF3F-EAD0D7A5F285}\offreg.dll
2015-05-15 22:55:20 12032440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B984BD5-1CAF-41F4-BF3F-EAD0D7A5F285}\mpengine.dll
2015-05-13 08:00:32 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:00:32 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:14:54 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-21 22:49:58 922152 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
.
==================== Find3M ====================
.
2015-05-06 04:03:24 166128 ----a-w- C:\Windows\SysWow64\WRusr.dll
2015-05-06 04:03:24 116224 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2015-05-06 04:03:24 103816 ----a-w- C:\Windows\System32\WRusr.dll
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-14 20:30:19 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-14 20:30:19 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-04-04 03:29:36 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-04 03:29:36 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-04 03:22:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-04-04 03:22:20 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-04-04 03:22:19 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-04-04 03:22:19 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-04-04 03:22:17 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-04-04 03:22:11 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-04-04 03:22:11 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-04-04 03:22:08 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-04-04 03:22:08 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-04-04 03:22:01 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-04-04 03:20:52 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-04 03:20:36 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-04 03:17:45 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-04 03:17:27 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-04 03:15:12 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-04-04 03:05:46 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-04 03:05:42 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-04 03:05:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-04 03:05:35 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-04 03:05:34 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-04 03:05:30 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-04 03:05:23 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-04 03:04:13 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-04 03:04:02 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-04 03:01:23 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-04 03:01:12 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-04 02:59:26 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-26 14:35:15 8019169 ----a-w- C:\Windows\SysWow64\an_empty_cross.Scr
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-17 05:22:37 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-03-17 05:19:37 1727904 ----a-w- C:\Windows\System32\ntdll.dll
2015-03-17 05:17:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-03-17 05:17:00 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-03-17 05:17:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-03-17 05:16:59 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-03-17 05:16:43 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-03-17 05:16:43 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-03-17 05:16:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-03-17 05:16:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2015-03-17 05:16:29 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-03-17 05:16:11 112640 ----a-w- C:\Windows\System32\smss.exe
2015-03-17 05:16:05 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-03-17 05:15:44 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-03-17 05:01:09 3976632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 15:18:11.86 ===============
Attached Files
File Type: txt attach.txt (7.3 KB, 40 views)
mrfurrypants is offline  
Sponsored Links
Advertisement
 
Old 05-19-2015, 11:18 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Have you tried resetting IE to defaults?

How to reset Internet Explorer to default settings

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-20-2015, 06:29 AM   #3
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



I did follow the instructions to reset IE to its default settings and it continues to fail to connect to any website at all. "This page can’t be displayed" is in big mean letters. I can confirm again the machine does have internet access as Firefox seems to function properly.
mrfurrypants is offline  
Sponsored Links
Advertisement
 
Old 05-20-2015, 06:19 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello mrfurrypants. I'm not seeing anything in your logs, but we'll take a look with another tool.

Did you set all those explorer/system policies?

Any idea why you only have one system restore point?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2015, 06:28 AM   #5
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



First to answer your questions.

I did not set those policies. I'm not familiar with how this PC was set up to begin with. It is my Mom's computer. She uses it to do transcription. This is a "typical user" so I can't imagine they were set that way "on purpose". They can be set to whatever will provide the best performance.

Not at all certain about the restore point settings. Those can be changed to maximize efficiency if recommended.

Here is the contents of the AdwCleaner log.
~
# AdwCleaner v4.204 - Logfile created 21/05/2015 at 07:50:38
# Updated 12/05/2015 by Xplode
# Database : 2015-05-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Charlie - CHARLIE-HP
# Running from : C:\Users\Charlie\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\MyWebSearch
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\Charlie\AppData\Local\iac
Folder Deleted : C:\Users\Charlie\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Charlie\AppData\LocalLow\MyWebSearch
File Deleted : C:\Windows\SysWOW64\p5PSSavr.scr

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-

00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-

AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-

31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-

24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-

D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-

C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-

F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-

DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-

2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-

ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-

C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-

B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-

1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-

93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

[{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

[{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-

A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-

170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-

170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-

091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-

FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-

8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-

88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-

171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-

2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-

F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-

5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-

5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-

B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-

FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-

33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-

33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-

DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-

2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-

60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-

60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-

ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-

47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-

D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-

8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-

7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-

7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-

7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-

7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-

4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-

76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-

D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-

253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-

440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-

4C90414657F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-

EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-

1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-

B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-

C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-

B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-

1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-

DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-

DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-

5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-

5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-

27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-

D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-

1371C6271785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606

-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

\{46197f3d-30e7-4905-a14b-02bee3aaeb58}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\FocusInteractive
Key Deleted : HKLM\SOFTWARE\Fun Web Products
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\MyWebSearch
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\mywebsearch bar uninstall

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)

[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.button.1363278041900_1384376985980.click", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.button.1363278041900_1384376985980.view", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.button.1363278402417_1384621189326.view", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.button.1376684812681_1384635811056.view", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.button.aol_bookmark_button_1407776385565.click", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.buttons.defaultview", 1);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.buttons.layout",

";aol_bookmark_button_1409508752204;aol_bookmark_button_1407776385565;aol_bookm

ark_button_1396990932199;aol_bookmark_button_1396981484014;1376684812681_138463

58[...]
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.calendar.displaydate", "");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.calendar.timestamp", "1424485611813");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.cookie.homepage", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.cookie.newtab", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.cookie.search", "0");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.curtain.congrats", "curtain");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.default.historybutton.num", "2");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.default.homepage.check", true);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.default.homepage.protection", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?

mtmhp=hyplogusaolp00000015");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.default.newtab.check", true);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.default.newtab.url", "hxxp://www.aol.com/?

mtmhp=hyplogusaolp00000081");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.default.search.check", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.firsttime.showwindow", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.guid", "{77D6BAE8-2573-9A56-57A3-6847C521DBBE}");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.historybutton.active", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.historybutton.enabled", true);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.historybutton.ignoreids", "23;97;1292");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.historybutton.watchids", "998");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.historybutton.watchlist", "2");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.historybutton.watchtimes", "10");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.homepageprotection.enabled", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.homepageprotection.set", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.distroid", "");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.homepage.label", "AOL.com");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.lastTbVersion", "5.74.1.10388");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.lid", "hyplognew00000010");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.mtmhp", "hyplogusaolp00000015");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.ncid", "gnavbar_toolbar_maing8");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.newtab", "hxxp://www.aol.com/?

mtmhp=hyplogusaolp00000081");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.sethomepage", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.setnewtab", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.setsearch", "0");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.install.type", "new");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.activestampdate", "21");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.activestampmonth", "4");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.activestampyear", "2015");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.log", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.originalDate", "13");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.originalHours", "6");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.originalMinutes", "0");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.originalMonth", "11");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.originalSeconds", "0");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.metrics.originalYear", "2013");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.presethomepage", "aol.com");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.presetnewtab", "about:newtab");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.presetsearch", "Bing");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.relatednews.enabled", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.remote..xml", "1432212279162");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.remote.config.js", "");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.remote.historyconfig.js", "");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.remote.publish.xml", "1432147697920");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.remote.searchterm.js", "");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.reset.flag", "2");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.reset.style", "B");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.resetprompt.daily.num", "1");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.resetprompt.daily.timestamp", "Fri Mar 14 2014 17:28:46 GMT-0500

(Central Standard Time)");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.resetprompt.display.limit", "5");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.resetprompt.skip", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.rtw.active", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.button", true);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.cid", "13-11-2013");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.instd", "77D6BAE825739A5657A36847C521DBBE");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.oid", "13-11-2013");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.placement", "right");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.populateoncomplete", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.savehistory", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.searchtype", "web");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.search.source", "aolrt");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.searchengine.label", "AOL Search");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.searchprotection.enabled", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.skin.custom", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.toolbar.langlocale", "en-US");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.toolbar.name", "AOL Toolbar");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.uninstallreset", "3");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.weather.condition", "33_n");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.weather.degc", "3");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.weather.degf", "38");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.weather.degrees", "F");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.weather.lastupdate", "");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.weather.locationid", "USNY0996");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.weather.zipcode", "10006");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.widgets.layout", "");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.widgets.log", false);
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.widgets.timestamp", "1432157505855");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.widgets.version", "5.74.1.10388");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("aol_toolbar.winamp.volume", "");
[7wiytpka.default-1361762365797\prefs.js] - Line Deleted : user_pref

("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [21161 bytes] - [21/05/2015 07:49:12]
AdwCleaner[S0].txt - [21133 bytes] - [21/05/2015 07:50:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21193 bytes] ##########

Here is the text from FRST.txt.
~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Charlie (administrator) on CHARLIE-HP on 21-05-2015 07:57:28
Running from C:\Users\Charlie\Desktop
Loaded Profiles: Charlie (Available profiles: Charlie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
() C:\Program Files (x86)\SimpleHelpService\SimpleService.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\SimpleHelpService\jre\bin\javaw.exe
(GlavSoft LLC.) C:\Program Files (x86)\eRS\TightVNC20\tvnserver.exe
(eClinicalWorks,LLC) C:\Program Files (x86)\eRS\DownloadManager\ecwService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(eClinicalWorks, LLC) C:\Program Files (x86)\eRS\eRSService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(GlavSoft LLC.) C:\Program Files (x86)\eRS\TightVNC20\tvnserver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\SimpleHelpService\jre\bin\javaw.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-05] (Webroot)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE [46080 1996-10-16] (Novell, Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\eRS\TightVnc20\tvnserver.exe [819200 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Run: [Active Desktop Calendar] => C:\myfiles\XemiComputers\Active Desktop Calendar\ADC.exe
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\MountPoints2: {42a67d6c-913f-11e1-8f44-082e5f2dd65e} - G:\DynexTransferAdapter.exe
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\MountPoints2: {42a67e31-913f-11e1-8f44-082e5f2dd65e} - G:\DynexTransferAdapter.exe
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2012-11-16]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2012-11-16]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2013-07-03]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn
SearchScopes: HKLM-x32 -> {40ABABA7-C0B0-40A4-8333-FFB79CA6F435} URL = https://www.amazon.com/exec/obidos/redirect?link_code=ur2&camp=1789&tag=connorswebguidec&creative=9325&path=https://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = https://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = https://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = https://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=https://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2013-12-11] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2014-10-23] (Webroot)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2013-12-11] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2014-10-23] (Webroot)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2013-12-11] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2013-12-11] (Webroot)
Toolbar: HKU\S-1-5-21-806574570-1135188790-3133980201-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload2.macromedia.com/ge...sh/swflash.cab
DPF: HKLM-x32 {D9E4E21E-60E0-11DA-91EB-00123F33E209} https://installers.speechmachines.or...Installer2.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.mercy.net/dana-cached...etupClient.cab
Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files (x86)\eClinicalWorks\wowctl2.dll [2011-10-18] (EzTools Software)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\7wiytpka.default-1361762365797
FF NewTab: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-806574570-1135188790-3133980201-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Charlie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-02] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: AOL Toolbar - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\7wiytpka.default-1361762365797\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2015-02-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-11-04]

Chrome:
=======
CHR Profile: C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ecwService; C:\Program Files (x86)\eRS\DownloadManager\ecwService.exe [82432 2010-07-13] (eClinicalWorks,LLC) [File not signed]
R2 eRSService; C:\Program Files (x86)\eRS\eRSService.exe [30720 2013-12-03] (eClinicalWorks, LLC) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [621632 2011-03-04] ()
R2 SimpleHelpSimpleGatewayService; C:\Program Files (x86)\SimpleHelpService\SimpleService.exe [96448 2013-03-26] ()
R2 tvnserver; C:\Program Files (x86)\eRS\TightVnc20\tvnserver.exe [819200 2010-07-08] (GlavSoft LLC.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-05] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-05] (Webroot)
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 07:57 - 2015-05-21 07:57 - 00025153 _____ () C:\Users\Charlie\Desktop\FRST.txt
2015-05-21 07:56 - 2015-05-21 07:57 - 00000000 ____D () C:\FRST
2015-05-21 07:55 - 2015-05-21 07:55 - 02107904 _____ (Farbar) C:\Users\Charlie\Desktop\FRST64.exe
2015-05-21 07:53 - 2015-05-21 07:53 - 00021466 _____ () C:\Users\Charlie\Desktop\AdwCleaner[S0].txt
2015-05-21 07:49 - 2015-05-21 07:50 - 00000000 ____D () C:\AdwCleaner
2015-05-21 07:46 - 2015-05-21 07:46 - 02209792 _____ () C:\Users\Charlie\Desktop\AdwCleaner.exe
2015-05-18 09:33 - 2015-05-18 10:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 15:18 - 2015-05-16 15:18 - 00025249 _____ () C:\Users\Charlie\Desktop\dds.txt
2015-05-16 15:18 - 2015-05-16 15:18 - 00007491 _____ () C:\Users\Charlie\Desktop\attach.txt
2015-05-16 15:12 - 2015-05-16 15:12 - 00688992 ____R (Swearware) C:\Users\Charlie\Desktop\dds.scr
2015-05-16 14:34 - 2015-05-16 16:06 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2015-05-16 14:34 - 2015-05-16 16:06 - 00001052 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2015-05-16 14:34 - 2015-05-16 14:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-13 03:00 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:00 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:15 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 01:15 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 01:15 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 01:15 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 01:15 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 01:15 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 01:15 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 01:15 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 01:15 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 01:15 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 01:15 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 01:15 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 01:15 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 01:15 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 01:15 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 01:15 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 01:15 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 01:15 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 01:15 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 01:15 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 01:15 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 01:15 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 01:15 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 01:15 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 01:15 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 01:15 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 01:15 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 01:15 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 01:15 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 01:15 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 01:15 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 01:15 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 01:15 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 01:15 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 01:15 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 01:15 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 01:15 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 01:15 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 01:15 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 01:15 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 01:15 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 01:15 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 01:15 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 01:15 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 01:15 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 01:15 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 01:15 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 01:15 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 01:15 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 01:15 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 01:15 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 01:15 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 01:15 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 01:15 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 01:15 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 01:15 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 01:15 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 01:15 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 01:15 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 01:15 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 01:15 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 01:15 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 01:15 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 01:15 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 01:15 - 2015-04-03 22:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 01:15 - 2015-04-03 22:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 01:15 - 2015-04-03 22:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 01:15 - 2015-04-03 22:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 01:15 - 2015-04-03 22:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 01:15 - 2015-04-03 22:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 01:15 - 2015-04-03 22:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 01:15 - 2015-04-03 22:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 01:15 - 2015-04-03 22:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 01:15 - 2015-04-03 22:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 01:15 - 2015-04-03 22:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 01:15 - 2015-04-03 22:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 01:15 - 2015-04-03 22:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 01:15 - 2015-04-03 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 01:15 - 2015-04-03 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 01:15 - 2015-04-03 22:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 01:15 - 2015-04-03 22:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 01:15 - 2015-04-03 22:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 01:15 - 2015-04-03 22:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 01:15 - 2015-04-03 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 01:15 - 2015-04-03 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 01:14 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 01:14 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 01:14 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 01:14 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 01:14 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 01:14 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 01:14 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 01:14 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 01:14 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 01:14 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-07 10:31 - 2015-05-07 10:31 - 40859656 _____ () C:\Users\Charlie\Downloads\Firefox Setup 37.0.2.exe
2015-05-05 14:02 - 2015-05-21 07:53 - 00000784 _____ () C:\Windows\setupact.log
2015-05-05 14:02 - 2015-05-05 14:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-04 09:06 - 2015-05-04 09:06 - 14780124 _____ () C:\Users\Charlie\Downloads\PanoramicBeaches.deskthemepack

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 07:57 - 2012-05-03 08:16 - 00000000 ____D () C:\ProgramData\WRData
2015-05-21 07:56 - 2012-04-28 09:01 - 01624835 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 07:53 - 2013-01-23 13:59 - 00000000 ____D () C:\Program Files (x86)\eRS
2015-05-21 07:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 07:43 - 2012-04-28 19:32 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-05-21 07:42 - 2014-10-07 14:55 - 00000000 ____D () C:\ProgramData\MedQuist
2015-05-21 07:23 - 2013-05-11 23:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 07:02 - 2012-04-28 09:24 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{74E16275-14F0-4CA0-AED1-1B4C2CB59974}
2015-05-20 11:08 - 2012-04-29 13:22 - 00000000 ____D () C:\myfiles
2015-05-20 08:27 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-20 08:00 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 08:00 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 07:58 - 2009-07-14 00:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 07:55 - 2013-05-11 23:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-20 07:55 - 2013-05-11 23:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-20 07:55 - 2013-05-11 23:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-20 07:55 - 2012-06-19 10:11 - 00000000 ____D () C:\Users\Charlie\AppData\Local\Adobe
2015-05-20 07:52 - 2009-07-13 23:45 - 00339720 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-20 06:30 - 2012-04-30 14:06 - 00000000 ____D () C:\Users\Charlie\AppData\Local\CrashDumps
2015-05-19 16:01 - 2012-05-26 16:29 - 00000900 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2015-05-19 10:10 - 2015-03-29 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-16 15:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-16 14:45 - 2012-04-28 15:23 - 00079528 _____ () C:\Users\Charlie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-13 04:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 03:06 - 2013-07-24 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:06 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:02 - 2012-06-29 07:10 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-05 23:03 - 2012-05-03 08:16 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-05-05 23:03 - 2012-05-03 08:16 - 00116224 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-05-05 23:03 - 2012-05-03 08:16 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-04-27 23:30 - 2012-04-29 17:49 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCharlie
2015-04-27 23:30 - 2012-04-29 17:49 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForCharlie.job
2015-04-27 07:34 - 2010-11-20 22:47 - 00776492 _____ () C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2015-01-01 10:04 - 2015-01-01 10:04 - 1054912 _____ (Adobe) C:\Program Files\install_flashplayer16x32au_mssd_aaa_aih.exe
2012-11-16 06:27 - 2013-12-11 09:23 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2012-04-28 18:07 - 2012-04-28 18:07 - 0012358 _____ () C:\Users\Charlie\AppData\Roaming\PFP120JCM.{PB
2012-04-28 18:07 - 2012-04-28 18:07 - 0061678 _____ () C:\Users\Charlie\AppData\Roaming\PFP120JPR.{PB
2012-05-04 14:25 - 2012-10-23 15:13 - 0003584 _____ () C:\Users\Charlie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-10 22:03 - 2013-05-10 22:03 - 0007626 _____ () C:\Users\Charlie\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Charlie\AppData\Local\Temp\ose00000.exe
C:\Users\Charlie\AppData\Local\Temp\ose00001.exe
C:\Users\Charlie\AppData\Local\Temp\Quarantine.exe
C:\Users\Charlie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:22

==================== End Of Log ============================

Thank you again for your assistance.
Attached Files
File Type: txt Addition.txt (34.5 KB, 38 views)
mrfurrypants is offline  
Old 05-21-2015, 10:36 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mrfurrypants. You're very welcome.

Before posting logs, please make sure 'WordWrap' is disabled under the 'Format' tab in Notepad. Thanks.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

Create a system repair disc

You can also download recovery software if you don't have an installation DVD:

Microsoft Software Recovery

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    CustomCLSID: HKU\S-1-5-21-806574570-1135188790-3133980201-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    C:\Users\Charlie\AppData\Roaming\Dropbox
    Task: {2B5494E4-C383-495D-B096-789439C59317} - System32\Tasks\{3B407046-46AD-4E15-981E-183AA159F31D} => pcalua.exe -a "C:\Users\Charlie\AppData\Local\Temp\Temp2_0PlayAll CD-4 ADPCM.zip\0PlayAll CD-4 ADPCM\setup.exe"
    Task: {C7A734DD-4BC9-46D1-AF3C-0A08F470C32C} - System32\Tasks\{C1C19312-4BEA-4DF5-9953-B479B31A1867} => pcalua.exe -a "C:\Users\Charlie\AppData\Local\Temp\Temp1_Charlie.zip\Charlie\PlayAll CD-4 ADPCM\setup.exe"
    HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\MountPoints2: {42a67d6c-913f-11e1-8f44-082e5f2dd65e} - G:\DynexTransferAdapter.exe
    HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\MountPoints2: {42a67e31-913f-11e1-8f44-082e5f2dd65e} - G:\DynexTransferAdapter.exe
    HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = https://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=https://www.ebay.com/sch/i.html?_nkw={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
    Toolbar: HKU\S-1-5-21-806574570-1135188790-3133980201-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF NewTab: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Extension: AOL Toolbar - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\7wiytpka.default-1361762365797\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2015-02-20]
    U0 SR; No ImagePath
    U2 srservice; No ImagePath
    S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
    FirewallRules: [{E61D599D-596F-490E-84B6-728AA87346B4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
    FirewallRules: [{9D186812-78E9-4B83-A645-D464C9E2D6C9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
    FirewallRules: [{8782311A-D0B7-4357-9285-93D36ECCE345}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    FirewallRules: [{F76003DA-93FD-4211-9BC5-3D101F7FBBC1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    FirewallRules: [{3341E1DE-2682-41A6-80C5-27607FF24FB1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1343657427\ee\aolsoftware.exe
    FirewallRules: [{C5794C1B-1120-4090-AC1D-56757A5E9F9D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1343657427\ee\aolsoftware.exe
    FirewallRules: [{E4267E39-9E67-417C-8C14-F8B3AD23321B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{B068C95A-B889-4C51-9E88-66D21EC5F1E2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{597F7D9C-77C7-48B5-B71F-75E3A2CB80F5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{EDFBFF30-E5AE-493C-BFCA-210EA8FDCBFD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{C8A582F0-E5F1-454F-BDF2-F0C09B7D8973}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{E9EF51D9-E1B4-4012-A86E-2882BC084EC2}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{A1C8FABA-371B-4694-9130-B7805A094F95}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{604BBDF3-3BD5-4D55-A0A5-7A4715401978}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{9A7E0384-DCE4-4761-99B2-3DCC7EA90FB3}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{09C72AB5-B11F-4C2F-A7F5-85B73F6A2AC9}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2015, 12:06 PM   #7
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



Here is the contents of fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Charlie at 2015-05-21 13:43:29 Run:1
Running from C:\Users\Charlie\Desktop
Loaded Profiles: Charlie (Available profiles: Charlie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CustomCLSID: HKU\S-1-5-21-806574570-1135188790-3133980201-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
C:\Users\Charlie\AppData\Roaming\Dropbox
Task: {2B5494E4-C383-495D-B096-789439C59317} - System32\Tasks\{3B407046-46AD-4E15-981E-183AA159F31D} => pcalua.exe -a "C:\Users\Charlie\AppData\Local\Temp\Temp2_0PlayAll CD-4 ADPCM.zip\0PlayAll CD-4 ADPCM\setup.exe"
Task: {C7A734DD-4BC9-46D1-AF3C-0A08F470C32C} - System32\Tasks\{C1C19312-4BEA-4DF5-9953-B479B31A1867} => pcalua.exe -a "C:\Users\Charlie\AppData\Local\Temp\Temp1_Charlie.zip\Charlie\PlayAll CD-4 ADPCM\setup.exe"
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\MountPoints2: {42a67d6c-913f-11e1-8f44-082e5f2dd65e} - G:\DynexTransferAdapter.exe
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\...\MountPoints2: {42a67e31-913f-11e1-8f44-082e5f2dd65e} - G:\DynexTransferAdapter.exe
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = https://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=https://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKU\S-1-5-21-806574570-1135188790-3133980201-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF NewTab: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Extension: AOL Toolbar - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\7wiytpka.default-1361762365797\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2015-02-20]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
FirewallRules: [{E61D599D-596F-490E-84B6-728AA87346B4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{9D186812-78E9-4B83-A645-D464C9E2D6C9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{8782311A-D0B7-4357-9285-93D36ECCE345}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{F76003DA-93FD-4211-9BC5-3D101F7FBBC1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{3341E1DE-2682-41A6-80C5-27607FF24FB1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1343657427\ee\aolsoftware.exe
FirewallRules: [{C5794C1B-1120-4090-AC1D-56757A5E9F9D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1343657427\ee\aolsoftware.exe
FirewallRules: [{E4267E39-9E67-417C-8C14-F8B3AD23321B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{B068C95A-B889-4C51-9E88-66D21EC5F1E2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{597F7D9C-77C7-48B5-B71F-75E3A2CB80F5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{EDFBFF30-E5AE-493C-BFCA-210EA8FDCBFD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{C8A582F0-E5F1-454F-BDF2-F0C09B7D8973}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E9EF51D9-E1B4-4012-A86E-2882BC084EC2}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A1C8FABA-371B-4694-9130-B7805A094F95}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{604BBDF3-3BD5-4D55-A0A5-7A4715401978}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{9A7E0384-DCE4-4761-99B2-3DCC7EA90FB3}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{09C72AB5-B11F-4C2F-A7F5-85B73F6A2AC9}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
EmptyTemp:
end
*****************

"HKU\S-1-5-21-806574570-1135188790-3133980201-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key Deleted successfully.
C:\Users\Charlie\AppData\Roaming\Dropbox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B5494E4-C383-495D-B096-789439C59317}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B5494E4-C383-495D-B096-789439C59317}" => Key Deleted successfully.
C:\Windows\System32\Tasks\{3B407046-46AD-4E15-981E-183AA159F31D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B407046-46AD-4E15-981E-183AA159F31D}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A734DD-4BC9-46D1-AF3C-0A08F470C32C}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A734DD-4BC9-46D1-AF3C-0A08F470C32C}" => Key Deleted successfully.
C:\Windows\System32\Tasks\{C1C19312-4BEA-4DF5-9953-B479B31A1867} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1C19312-4BEA-4DF5-9953-B479B31A1867}" => Key Deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key Deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key Deleted successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => Key Deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key Deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => Key Deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key Deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found.
"HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Classes\exefile" => Key Deleted successfully.
"HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Classes\.exe" => Key Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Classes\exefile => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value Deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value Deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value Deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value Deleted successfully.
"HKU\S-1-5-21-806574570-1135188790-3133980201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42a67d6c-913f-11e1-8f44-082e5f2dd65e}" => Key Deleted successfully.
HKCR\CLSID\{42a67d6c-913f-11e1-8f44-082e5f2dd65e} => Key not found.
"HKU\S-1-5-21-806574570-1135188790-3133980201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42a67e31-913f-11e1-8f44-082e5f2dd65e}" => Key Deleted successfully.
HKCR\CLSID\{42a67e31-913f-11e1-8f44-082e5f2dd65e} => Key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value Deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value Deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key Deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => Key Deleted successfully.
"HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => Key Deleted successfully.
HKU\S-1-5-21-806574570-1135188790-3133980201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value Deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
Firefox newtab Deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key Deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key Deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key Deleted successfully.
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\7wiytpka.default-1361762365797\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} => Moved successfully.
SR => Service Deleted successfully.
srservice => Service Deleted successfully.
wanatw => Service Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E61D599D-596F-490E-84B6-728AA87346B4} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D186812-78E9-4B83-A645-D464C9E2D6C9} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8782311A-D0B7-4357-9285-93D36ECCE345} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F76003DA-93FD-4211-9BC5-3D101F7FBBC1} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3341E1DE-2682-41A6-80C5-27607FF24FB1} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5794C1B-1120-4090-AC1D-56757A5E9F9D} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4267E39-9E67-417C-8C14-F8B3AD23321B} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B068C95A-B889-4C51-9E88-66D21EC5F1E2} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{597F7D9C-77C7-48B5-B71F-75E3A2CB80F5} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDFBFF30-E5AE-493C-BFCA-210EA8FDCBFD} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8A582F0-E5F1-454F-BDF2-F0C09B7D8973} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9EF51D9-E1B4-4012-A86E-2882BC084EC2} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1C8FABA-371B-4694-9130-B7805A094F95} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{604BBDF3-3BD5-4D55-A0A5-7A4715401978} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A7E0384-DCE4-4761-99B2-3DCC7EA90FB3} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09C72AB5-B11F-4C2F-A7F5-85B73F6A2AC9} => value Deleted successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 13:52:29 ====
mrfurrypants is offline  
Old 05-21-2015, 12:31 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mrfurrypants. If you still cannot open IE pages, follow the instructions here for re-installing IE11:

https://support.microsoft.com/en-us/kb/318378

Let me know how it went.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2015, 03:18 PM   #9
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



Sadly that got crazy.

IE 11 did not work initially, so I followed the instructions at the link you provided for uninstalling and re-installing. When I ran the executable on the installation file for IE 11 it failed to install with this error, " Internet Explorer did not finish installing " and it copied a link to the desktop to this ( https://support.microsoft.com/en-us/kb/2872074 ), the instructions of which ultimately had me uninstalling older version of IE. This cycle continued backward to IE 8. Now, IE 8 does seem to have internet access, but Windows Update fails to update to IE 9 and the installation file for IE 11 continues the same original error so I'm stuck at IE 8.

Weirdness.
mrfurrypants is offline  
Old 05-21-2015, 03:26 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Did you click the fast link, or download and run the offline installer? I meant to tell you to use the offline installer.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2015, 03:32 PM   #11
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



I did select the English version for download. "IE11-Windows6.1-x64-en-us.exe" remains on the desktop.
mrfurrypants is offline  
Old 05-21-2015, 03:38 PM   #12
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



I should clarify for you. When IE was reverted, Windows Update wants to upgrade to the next version. That happened on its own seperate from my attempt to install IE 11. That update did also fail.
mrfurrypants is offline  
Old 05-21-2015, 05:53 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mrfurrypants. Before doing anything else, please run dds again and post/attach the logs as before.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2015, 07:02 PM   #14
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



Thanks for pressing on with me! Here are the requested logs.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.18835
Run by Charlie at 20:55:48 on 2015-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4001.2138 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Program Files (x86)\SimpleHelpService\SimpleService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\SimpleHelpService\jre\bin\javaw.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\eRS\DownloadManager\ecwService.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\SimpleHelpService\jre\bin\javaw.exe
C:\Program Files (x86)\eRS\eRSService.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Active Desktop Calendar] C:\myfiles\XemiComputers\Active Desktop Calendar\ADC.exe
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE
mRun: [tvncontrol] "C:\Program Files (x86)\eRS\TightVnc20\tvnserver.exe" -controlservice -slave
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DD-ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DD-PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} - hxxps://installers.speechmachines.org/Installer/DNInstaller2.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.mercy.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CEC59F32-7590-4FBC-9BC2-42996133D9CC} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files (x86)\eClinicalWorks\wowctl2.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\7wiytpka.default-1361762365797\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Users\Charlie\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-5-3 116224]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R2 ecwService;ecwService;C:\Program Files (x86)\eRS\DownloadManager\ecwService.exe [2013-1-23 82432]
R2 eRSService;eRSService;C:\Program Files (x86)\eRS\eRSService.exe [2013-1-23 30720]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2013-7-3 375872]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2013-7-3 454208]
R2 SimpleHelpSimpleGatewayService;SimpleHelp SimpleGateway Service;C:\Program Files (x86)\SimpleHelpService\SimpleService.exe [2013-3-26 96448]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-6 284696]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2015-5-16 5095264]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-16 2656280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-16 471144]
S1 SWIPsec;SonicWALL IPsec Driver;C:\Windows\System32\drivers\SWIPsec.sys [2013-1-23 99352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 tvnserver;TightVNC Server;C:\Program Files (x86)\eRS\TightVNC20\tvnserver.exe [2013-1-23 819200]
S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-19 817072]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-11-16 158976]
S3 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2013-7-3 621632]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\System32\drivers\SWVNIC.sys [2009-3-4 24600]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-30 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2015-05-21 12:56:51 -------- d-----w- C:\FRST
2015-05-21 12:49:09 -------- d-----w- C:\AdwCleaner
2015-05-20 07:36:20 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E5B2352-5609-4E3D-83D6-553C162061C2}\offreg.4904.dll
2015-05-19 07:57:25 12214312 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E5B2352-5609-4E3D-83D6-553C162061C2}\mpengine.dll
2015-05-16 19:34:27 -------- d-----w- C:\Program Files (x86)\TeamViewer
2015-05-13 08:00:32 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:00:32 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:14:54 328704 ----a-w- C:\Windows\System32\services.exe
.
==================== Find3M ====================
.
2015-05-20 12:55:27 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-05-20 12:55:27 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-19 21:01:06 900 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2015-05-06 04:03:24 166128 ----a-w- C:\Windows\SysWow64\WRusr.dll
2015-05-06 04:03:24 116224 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2015-05-06 04:03:24 103816 ----a-w- C:\Windows\System32\WRusr.dll
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-21 18:17:25 1188864 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 18:16:48 610304 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 18:16:38 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2015-04-21 18:16:34 22528 ----a-w- C:\Windows\System32\corpol.dll
2015-04-21 18:16:06 47616 ----a-w- C:\Windows\System32\mshta.exe
2015-04-21 18:16:01 174592 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 18:15:48 1538048 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 17:58:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-21 17:57:52 428544 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 17:57:37 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2015-04-21 17:57:18 18944 ----a-w- C:\Windows\SysWow64\corpol.dll
2015-04-21 17:56:35 50176 ----a-w- C:\Windows\SysWow64\mshta.exe
2015-04-21 17:56:32 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 17:56:22 1466368 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 17:44:37 483328 ----a-w- C:\Windows\System32\html.iec
2015-04-21 17:29:43 386560 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 17:22:32 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:11:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-04-04 03:29:36 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-04 03:29:36 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-04 03:22:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-04-04 03:22:20 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-04-04 03:22:19 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-04-04 03:22:19 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-04-04 03:22:17 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-04-04 03:22:11 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-04-04 03:22:11 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-04-04 03:22:08 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-04-04 03:22:08 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-04-04 03:22:01 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-04-04 03:20:52 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-04 03:20:36 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-04 03:17:45 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-04 03:17:27 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-04 03:15:12 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-04-04 03:05:46 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-04 03:05:42 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-04 03:05:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-04 03:05:35 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-04 03:05:34 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-04 03:05:30 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-04 03:05:23 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-04 03:04:13 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-04 03:04:02 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-04 03:01:23 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-04 03:01:12 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-04 02:59:26 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-26 14:35:15 8019169 ----a-w- C:\Windows\SysWow64\an_empty_cross.Scr
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-17 05:22:37 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-03-17 05:19:37 1727904 ----a-w- C:\Windows\System32\ntdll.dll
2015-03-17 05:17:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-03-17 05:17:00 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-03-17 05:17:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-03-17 05:16:59 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-03-17 05:16:43 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-03-17 05:16:43 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-03-17 05:16:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-03-17 05:16:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2015-03-17 05:16:29 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-03-17 05:16:11 112640 ----a-w- C:\Windows\System32\smss.exe
2015-03-17 05:16:05 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-03-17 05:15:44 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-03-17 05:01:09 3976632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-03-17 04:59:26 1309696 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-03-17 04:57:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-03-17 04:57:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-03-17 04:56:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-03-17 04:56:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-03-17 04:56:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-03-17 04:56:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-03-17 03:45:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-03-17 03:45:23 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-03-17 03:43:04 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
.
============= FINISH: 20:56:12.83 ===============
Attached Files
File Type: txt attach.txt (11.1 KB, 32 views)
mrfurrypants is offline  
Old 05-21-2015, 07:36 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mrfurrypants. Why are you using TeamViewer? Are you receiving help from someone elsewhere?

------------------------------------------------------

I wish you had let me know after the first IE update didn't work, instead of uninstalling all the other versions. But, my fault for not telling you.

There are other Windows Updates that are required to be installed before later versions of IE will install. Make sure these updates are already installed, if not, try installing all the other updates then try the IE updates:

https://support.microsoft.com/en-us/kb/2399238

https://support.microsoft.com/en-us/kb/2818833

https://support.microsoft.com/en-us/kb/2847882

You can untick the IE updates before installing the other updates.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2015, 08:04 PM   #16
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



To quickly answer your question on teamviewer, I am remotely accessing the computer via teamviewer to do the work. (Mom's PC.) If that becomes problematic, I can get my hands on the PC, but it is very remote and limited access.

I had a bad feeling I should have stopped after the first failed install, but the instructions from Microsoft do kinda go into a loop. Not your fault.

I will proceed with your instructions in the morning. Thanks a ton for your patience.
mrfurrypants is offline  
Old 05-22-2015, 07:26 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mrfurrypants. You're very welcome.

I've never done this with a user using TeamViewer to access another machine before, so not sure how it will go.

Quote:
I can get my hands on the PC, but it is very remote and limited access
What do you mean exactly?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-22-2015, 10:58 AM   #18
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



chemist,
Sorry for the confusion. What I meant is that I can drive to where the PC is and work on it, but I can not spend extended periods of time (more than a day) on location because it is pretty far away. This is why I am trying to perform as much of this work as possible remotely. I can give her minimal instruction over the phone, but that will be less than ideal.

An update to the story so far. The machine is currently running IE8 which does actually seem to function properly. The network she logs onto that requires IE apparently does not seem to mind if she logs in with 8 and she is able to transfer her transcription documents. She thinks the PC is fixed.

However, I am still concerned as to why IE won't update to 11 either via a natural update or a fresh install.

I have not followed thru yet with your previous instructions regarding updates to Windows. I thought I might wait for confirmation from you to either proceed with caution or start from scratch without team viewer.
mrfurrypants is offline  
Old 05-23-2015, 03:34 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mrfurrypants. Not a problem. Since she thinks the machine is fixed and it isn't due to malware, if you wish to pursue it further, I suggest you seek expert advice in our Internet Explorer Forum

Let them know you were here first and were cleared of malware. And explain what happened when you tried to reinstall IE.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-23-2015, 04:25 PM   #20
Registered Member
 
mrfurrypants's Avatar
 
Join Date: Oct 2007
Posts: 35
OS: WinXP home



Can I please ask, did you see any sign of infection in any of the scans? Did the "fix" script you had me run tackle something specific? Or did the scans come up totally clean? I'm just wondering.
mrfurrypants is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD special pool detected memory corruption
Im getting this BSOD lately when im playing games, browsing on the internet and generaly by using the pc. This is the report i have found in the event viewer: - <Event xmlns="https://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-Kernel-Power"...
Klavon BSOD, App Crashes And Hangs 13 04-04-2013 10:25 AM
BSOD Memory Management and several others
I'm not sure of the format of asking a question in this forum, so If I do anything wrong please take into account that I just registered. Anyway I've been having tons of BSODs since I got this computer, and I've tried reformatting the hard drive, reinstalling Windows 7 etc. I've also tried...
kingtidus390 BSOD, App Crashes And Hangs 5 02-16-2013 07:33 AM
[SOLVED] Macro to separate file and then save new file with the first line of page
Good afternoon. I have a microsoft word 2010 document that is 100+ pages long. I would like to separate and save each page into a new word file and then have that file saved as/named exactly as the first line off the page appears. It would be most helpful if the macro could also save to a...
ck.rivera Microsoft Office support 18 01-11-2013 03:07 PM
page cannot be displayed
hi, my kids had a 7"netbook for xmas, i cant get online with them after many days of trying and on the phone to my broadband provider ive finally got them connected to my broadband, only to go on the net and i have the dreaded "page cannot be displayed" cannot find server or dns error this...
watkins2010 Internet Explorer & Edge Forum 3 01-10-2011 04:26 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:46 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts