Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Unauthorised Emails Being Sent

This is a discussion on Unauthorised Emails Being Sent within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi, I don't know what to call this so here goes. I have been receiving a lot of emails which


Closed Thread
 
Thread Tools Search this Thread
Old 08-04-2016, 05:44 AM   #1
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi,
I don't know what to call this so here goes. I have been receiving a lot of emails which purport to be about employment from an international company. They land in my Junk folder mainly and I simply delete them. The headings vary and some landed in the inbox and I know I opened one or two. I now receive Undeliverable Emails from my ISP and my email Outlook Express is sending the same kind of emails I have been receiving - and I have no idea who to but guess it's from my contact list. I am using Webroot antivirus and the scans come back clean.

Please help - how do I clear this out?

Here's the DDs file:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377
Run by Sue at 14:26:47 on 2016-08-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.1800 [GMT 2:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
SP: Webroot SecureAnywhere *Enabled/Updated* {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\LyonessBrowserUpdater\LyonessBrowserUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Cell C\AssistantServices.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Sue\AppData\Roaming\Dashlane\Dashlane.exe
C:\Users\Sue\AppData\Roaming\Dashlane\DashlanePlugin.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Cell C\UIExec.exe
C:\Program Files (x86)\Cell C\CancelAutoPlay.exe
C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Sue\AppData\Roaming\Dashlane\ie\Dashlanei.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Dashlane] "C:\Users\Sue\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
uRun: [DashlanePlugin] "C:\Users\Sue\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws
uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
mRun: [UIExec] "C:\Program Files (x86)\Cell C\UIExec.exe"
mRun: [CancelAutoPlay] "C:\Program Files (x86)\Cell C\CancelAutoPlay.exe" run
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\Sue\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~4.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~3.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{ED878BCA-FBBB-4372-B670-01DCE68682FE} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} - "C:\Program Files (x86)\Lyoness Browser\Application\42.0.2311.90\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [GwxControlPanelMonitor] "C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" /traymode
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\
FF - prefs.js: browser.search.selectedEngine - Ask Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.tb.ask.com/index.jhtml?ptb=39F890B4-5E59-475D-9226-4A5337D3A4C4&n=781bddf1&p2=^YK^xdm199^YYA^za&si=CNjAgc2QisgCFUoJwwodXB0IYg
FF - prefs.js: keyword.URL - hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=4D886D96-ECBD-4EA1-A36E-2FDB6C26449A&n=782a2e01&ind=2016030209&p2=^BZB^xdm114^YYA^za&si=25878649397&searchfor=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-4-30 677360]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-4-30 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-24 20464]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2015-10-20 117728]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-1-24 21584]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-30 15344]
R2 LyonessBrowserUpdater;LyonessBrowserUpdater;C:\Program Files (x86)\LyonessBrowserUpdater\LyonessBrowserUpdater.exe [2015-3-23 180736]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-6-9 754784]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Cell C\AssistantServices.exe [2015-8-13 277248]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2015-10-20 896472]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-24 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-24 786416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-24 769168]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2012-3-15 102912]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2012-3-15 220672]
S1 UsbCharger;UsbCharger;C:\Windows\System32\drivers\UsbCharger.sys [2014-1-24 21584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-4-25 129152]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2016-7-31 809488]
S3 ggflt;SOMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2015-6-9 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\Windows\System32\drivers\ggsomc.sys [2015-6-9 30424]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\Windows\System32\drivers\HSPADataCardusbmdm.sys [2014-1-29 123392]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\Windows\System32\drivers\HSPADataCardusbnmea.sys [2014-1-29 123392]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\Windows\System32\drivers\HSPADataCardusbser.sys [2014-1-29 123392]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-7-13 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-2-5 449496]
S3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-1-24 169432]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2015-8-13 11776]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-6-9 155520]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-7-22 164992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-31 1255736]
S3 wrUrlFlt;Webroot UrlFilter;C:\Windows\System32\drivers\wrUrlFlt.sys [2015-10-20 54512]
.
=============== Created Last 30 ================
.
2016-07-27 07:22:58 65024 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\PPhp1020.DLL
2016-07-27 07:22:54 501760 ----a-w- C:\Windows\System32\ZSHP1020.EXE
2016-07-27 07:22:54 192512 ----a-w- C:\Windows\System32\ZLhp1020.DLL
2016-07-22 03:51:40 164992 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2016-07-20 07:43:28 -------- d-----w- C:\Windows\EOONotify
2016-07-20 07:38:41 -------- d-----w- C:\Users\Sue\AppData\Local\Amazon
2016-07-20 07:38:14 -------- d-----w- C:\Program Files (x86)\Amazon
2016-07-13 12:15:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2016-07-13 09:29:20 929792 ----a-w- C:\Program Files\Windows Journal\InkSeg.dll
2016-07-13 09:29:20 668160 ----a-w- C:\Program Files\Windows Journal\MSPVWCTL.DLL
2016-07-13 09:29:20 62976 ----a-w- C:\Program Files\Windows Journal\NBMapTIP.dll
2016-07-13 09:29:20 2164736 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2016-07-13 09:29:20 1737216 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2016-07-13 09:29:20 1397760 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2016-07-13 09:16:16 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-07-13 09:12:10 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-07-13 09:12:10 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-07-13 09:12:10 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-07-13 09:12:10 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-07-13 09:12:10 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-07-13 09:12:10 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-07-13 09:12:10 38912 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2016-07-13 09:12:10 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-07-13 09:12:10 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-07-13 09:12:10 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-07-13 09:12:10 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-07-13 09:00:38 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-07-13 09:00:38 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-07-13 09:00:38 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-07-13 09:00:38 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-07-13 09:00:38 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-07-13 09:00:38 268800 ----a-w- C:\Windows\System32\centel.dll
2016-07-13 09:00:38 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-07-13 09:00:38 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-07-13 09:00:38 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-07-06 12:04:00 647408 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp180.dll
2016-07-06 12:02:27 -------- d-----w- C:\HP Universal Print Driver
.
==================== Find3M ====================
.
2016-08-04 10:11:22 5642 --sha-w- C:\ProgramData\KGyGaAvL.sys
2016-07-22 06:59:28 181176 ----a-w- C:\Windows\SysWow64\WRusr.dll
2016-07-22 06:59:28 115768 ----a-w- C:\Windows\System32\WRusr.dll
2016-07-21 07:16:19 54512 ----atw- C:\Windows\System32\drivers\wrUrlFlt.sys
2016-07-15 08:11:40 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-15 08:11:40 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-07 07:52:07 117728 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-10 21:38:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-06-10 21:38:13 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-06-10 21:20:37 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-06-10 21:19:33 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-06-10 21:19:24 417792 ----a-w- C:\Windows\System32\html.iec
2016-06-10 21:18:57 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-06-10 21:18:48 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-06-10 21:03:14 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-06-10 21:03:13 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-06-10 21:02:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-06-10 20:53:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-06-10 20:49:29 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-06-10 20:40:41 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-06-10 20:11:27 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-06-10 20:10:46 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-06-10 19:44:23 2869248 ----a-w- C:\Windows\System32\wininet.dll
2016-06-10 19:09:24 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-06-10 18:54:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-06-10 18:53:35 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-06-10 18:53:30 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-06-10 18:52:06 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-06-10 18:41:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-06-10 18:27:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-06-10 18:14:52 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-06-10 18:09:13 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:20:14 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-12 17:20:14 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-12 17:15:04 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-05-12 17:15:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-05-12 17:15:03 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-05-12 17:15:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-05-12 17:15:02 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-05-12 17:15:02 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-05-12 15:18:40 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-05-12 15:05:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-12 14:58:45 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-12 14:58:32 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-05-12 14:58:25 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-05-12 14:58:18 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-05-12 14:58:12 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-12 14:58:10 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-12 14:57:27 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-12 14:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-12 14:51:38 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-12 13:05:59 459640 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-05-12 13:05:59 297984 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-05-12 13:04:55 249352 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-05-11 17:02:50 296448 ----a-w- C:\Windows\System32\ws2_32.dll
2016-05-11 17:02:49 444928 ----a-w- C:\Windows\System32\winhttp.dll
2016-05-11 17:02:48 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2016-05-11 17:02:42 327168 ----a-w- C:\Windows\System32\mswsock.dll
2016-05-11 15:19:26 206336 ----a-w- C:\Windows\SysWow64\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2016-05-11 15:11:34 25088 ----a-w- C:\Windows\System32\netbtugc.exe
2016-05-11 15:01:19 26624 ----a-w- C:\Windows\SysWow64\netbtugc.exe
2016-05-11 14:58:23 262144 ----a-w- C:\Windows\System32\drivers\netbt.sys
2015-12-22 06:52:37 12964920 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 14:26:53.79 ===============

Thank you in advance!

Sue
Diepfontein is offline  
Sponsored Links
Advertisement
 
Old 08-04-2016, 06:30 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Sue,

DDS tool creates two reports when scanning is finished. Attach.txt and DDS.txt. You've just added DDS.txt You haven't added a Attach.txt. Please add it and we move on.
__________________
tekir06 is offline  
Old 08-05-2016, 12:44 AM   #3
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi - sorry I hope it's now attached.
Attached Files
File Type: txt attach.txt (8.1 KB, 20 views)
Diepfontein is offline  
Sponsored Links
Advertisement
 
Old 08-05-2016, 05:13 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Sue,

Thanks for the log.

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we? Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.

=========================================================

Things I need to see in your next post:
  • AdwCleaner[C#].txt
  • FRST.txt
  • Addition.txt
__________________
tekir06 is offline  
Old 08-10-2016, 11:54 PM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Sue,

Still with us ? If you don't reply within 24 hours, this thread shall be closed.
__________________
tekir06 is offline  
Old 08-12-2016, 12:17 AM   #6
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi - so sorry!! Herewith info - and thanks, thanks thanks!!

# AdwCleaner v5.201 - Logfile created 12/08/2016 at 09:04:46
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-12.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Sue - SUEWORK
# Running from : C:\Users\Sue\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\ParetoLogic
[#] Folder Deleted : C:\ProgramData\Application Data\ParetoLogic
[-] Folder Deleted : C:\Program Files (x86)\Probit Software
[-] Folder Deleted : C:\Users\Sue\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\extensions\[email protected]

***** [ Files ] *****

[-] File Deleted : C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\searchplugins\ask-web-search.xml

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-1553512357-681889351-1042443872-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "Ask Web Search");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=39F890B4-5E59-475D-9226-4A5337D3A4C4&n=781bddf1&p2=^YK^xdm199^YYA^za&si=CNjAgc2QisgCFUoJwwodXB0IYg");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.BUTTON_STRUCTURE", "[{\"b\":224524656,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224524657,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.search.defaultenginename.prev", "Google");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.search.defaultenginename.savedPrev", "true");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.search.selectedEngine.prev", "Google");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.search.selectedEngine.savedPrev", "true");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=4D886D96-ECBD-4EA1-A36E-2FDB6C26449A&n=782a2e01&p2=^BZB^xdm114^YYA^za&si=25878[...]
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.startup.page.tb", 1);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.browser.version.last", "47.0");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.coId", "8eec9ab98beb4a18bf53da01c68fe170");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.firstKnownVersion", "7.38.8.45831");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=4D886D96-ECBD-4EA1-A36E-2FDB6C26449A&n=782a2e01&p2=^BZB^xdm114^YYA^za&si=25878649397");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.hp.enabled", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.hp.guardType", "HPR");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.hp.user.defined", false);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.initialized", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.installType", "XPI");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.installation.dlpCountryCode", "ZA");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.installation.installDate", "2016030209");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.installation.partnerId", "^BZB^xdm114^YYA^za");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.installation.partnerSubId", "25878649397");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.installation.success", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.installation.toolbarId", "4D886D96-ECBD-4EA1-A36E-2FDB6C26449A");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.lastActivePing", "1470985101527");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.lastKnownVersion", "7.38.9.7654");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.lssState", "{\"previousLocales\":[\"en-US\",\"en\"] ,\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"] ,\"defaultLocale\":\"en\",\"supportedLo[...]
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.options.defaultSearch", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.options.homePageEnabled", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.options.keywordEnabled", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.options.tabEnabled", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.searchHistory", "Enzer halogen ovenHalogen convection oven South AfricaHalogen convection oven South Africa GameGame Stroes SAcheckers SAM[...]
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.successUrl", "hxxp://free.bestbackground.com/installComplete.jhtml");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.toolbar.ownSearch", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.toolbar.versionChanged", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.toolbarCollapsed", false);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._evMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._evMembers_.\"] ,\"filesToDelete\":[\"C:\\\\Users\\\\Sue\\\\AppData\\\\Ro[...]
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[email protected]");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[-] [C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\prefs.js] Deleted : user_pref("keyword.URL", "hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=4D886D96-ECBD-4EA1-A36E-2FDB6C26449A&n=782a2e01&ind=2016030209&p2=^BZB^xdm114^YYA^za&si=25878649397&searchfor=");
[-] [C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [13014 bytes] - [12/08/2016 09:04:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [13188 bytes] - [12/08/2016 09:03:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13162 bytes] ##########

Second:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by Sue (administrator) on SUEWORK (12-08-2016 09:11:58)
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue (Available Profiles: Sue)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lyoness Cashback AG) C:\Program Files (x86)\LyonessBrowserUpdater\LyonessBrowserUpdater.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\Program Files (x86)\Cell C\AssistantServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Dashlane, Inc.) C:\Users\Sue\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Sue\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files (x86)\Cell C\UIExec.exe
(Dropbox, Inc.) C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Cell C\CancelAutoPlay.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4559944 2016-01-24] (UltimateOutsider)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE [128440 2012-09-21] (Corel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Cell C\UIExec.exe [157952 2013-12-09] ()
HKLM-x32\...\Run: [CancelAutoPlay] => C:\Program Files (x86)\Cell C\CancelAutoPlay.exe [450304 2013-07-11] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [896472 2016-07-22] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PFW:
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [148776 2007-07-04] (Nero AG)
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [Dashlane] => C:\Users\Sue\AppData\Roaming\Dashlane\Dashlane.exe [228224 2016-07-18] (Dashlane, Inc.)
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [DashlanePlugin] => C:\Users\Sue\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-07-18] ()
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [5716560 2016-03-16] (FreeDownloadManager.ORG)
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {0b3bac23-88ba-11e3-a97b-94de80d7a161} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {0c8e52f0-7615-11e4-bd8e-74d4353b0fc3} - E:\AutoLcd209x.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {81eb7d63-419e-11e5-ac94-001e101fe70e} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {885af982-40c7-11e5-baa5-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {885af9ad-40c7-11e5-baa5-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc48e-4190-11e5-93d3-74d4353b0fc3} - G:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc4a5-4190-11e5-93d3-74d4353b0fc3} - G:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc535-4190-11e5-93d3-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc54c-4190-11e5-93d3-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {cfc265c7-84ce-11e3-b15e-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {e6f0a4a6-4199-11e5-9ca5-f8d1110c893b} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {e6f0a4c0-4199-11e5-9ca5-f8d1110c893b} - E:\AutoRun.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2016-07-22] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2016-07-22] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2016-07-22] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2016-07-22] (Webroot)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-22]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-10-20]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-10-20]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ED878BCA-FBBB-4372-B670-01DCE68682FE}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-22] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-08-05] (Webroot)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Sue\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-07-18] (Dashlane, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-22] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-08-05] (Webroot)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-10-28] (FreeDownloadManager.ORG)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-22] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-22] (Webroot)
Toolbar: HKU\S-1-5-21-1553512357-681889351-1042443872-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2016-08-05]
FF Extension: Dashlane - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\Extensions\[email protected] [2016-05-13]
FF Extension: Proxy Switcher - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\bx9jbngc.default-1456469919201\Extensions\[email protected] [2016-07-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.12
FF Extension: Free Download Manager extension - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.12 [2016-08-11]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dashlane) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-02-19]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-02-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-12-05]
CHR Extension: (Webroot Password Manager) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2016-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-19]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-10-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 LyonessBrowserUpdater; C:\Program Files (x86)\LyonessBrowserUpdater\LyonessBrowserUpdater.exe [180736 2015-03-23] (Lyoness Cashback AG) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267560 2007-07-04] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 UI Assistant Service; C:\Program Files (x86)\Cell C\AssistantServices.exe [277248 2013-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [896472 2016-07-22] (Webroot)
S2 HPSLPSVC; C:\Users\Sue\AppData\Local\Temp\7zS749A\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-06-09] (Sony Mobile Communications)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [123392 2013-11-05] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [123392 2013-11-05] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [123392 2013-11-05] (HSPADataCard Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-07-07] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [54512 2016-08-05] (Webroot)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-12 09:11 - 2016-08-12 09:12 - 00026265 _____ C:\Users\Sue\Desktop\FRST.txt
2016-08-12 09:11 - 2016-08-12 09:11 - 00000000 ____D C:\FRST
2016-08-12 09:09 - 2016-08-12 09:09 - 02393600 _____ (Farbar) C:\Users\Sue\Desktop\FRST64.exe
2016-08-12 09:03 - 2016-08-12 09:04 - 00000000 ____D C:\AdwCleaner
2016-08-12 09:02 - 2016-08-12 09:02 - 03712064 _____ C:\Users\Sue\Desktop\AdwCleaner.exe
2016-08-10 14:05 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 14:05 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 14:05 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 14:05 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 14:05 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 14:05 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 14:05 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 14:05 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 14:05 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 14:05 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 14:05 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 14:05 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 14:05 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 14:05 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 14:05 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 14:05 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 14:05 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 14:05 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 14:05 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 14:05 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 14:05 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 14:05 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 14:05 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 14:05 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 14:05 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 14:05 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 14:05 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 14:05 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 14:05 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 14:05 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 14:05 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 14:05 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 14:05 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 14:05 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 14:05 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 14:05 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 14:05 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 14:05 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 14:05 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 14:05 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 14:05 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 14:05 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 14:05 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 14:05 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 14:05 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 14:05 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 14:05 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 14:05 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 14:05 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 14:05 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 14:05 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 14:05 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 14:05 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 14:05 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 14:05 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 14:05 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 14:05 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 14:05 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 14:05 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 14:05 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 14:05 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 14:05 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 14:05 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 14:05 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 14:05 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 14:05 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 14:05 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 14:05 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 14:05 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 14:05 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 14:05 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 14:05 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 14:05 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 14:05 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 14:05 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 14:05 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 14:05 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 14:05 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 14:05 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 14:05 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 14:00 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 13:13 - 2016-08-10 13:13 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-04 14:26 - 2016-08-04 14:26 - 00026587 _____ C:\Users\Sue\Desktop\dds.txt
2016-08-04 14:26 - 2016-08-04 14:26 - 00008324 _____ C:\Users\Sue\Desktop\attach.txt
2016-08-04 14:24 - 2016-08-04 14:24 - 00688992 ____R (Swearware) C:\Users\Sue\Downloads\dds.scr
2016-08-04 11:57 - 2016-08-04 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-07-28 15:45 - 2016-07-28 15:46 - 23151626 _____ C:\Users\Sue\Downloads\park-v1.8.0(1).zip
2016-07-28 15:43 - 2016-07-28 15:45 - 19786968 _____ C:\Users\Sue\Downloads\upd-pcl5-x64-6.1.0.20062(1).exe
2016-07-28 14:09 - 2016-07-28 14:09 - 01292424 _____ (Ruiware) C:\Users\Sue\Downloads\wpsetup(1).exe
2016-07-28 11:55 - 2016-07-28 11:55 - 01106469 _____ (Igor Pavlov) C:\Users\Sue\Downloads\7z1602.exe
2016-07-28 11:55 - 2016-07-28 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-28 11:55 - 2016-07-28 11:55 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-07-28 10:57 - 2016-07-28 11:01 - 69360769 _____ C:\Users\Sue\Downloads\opportunity_in_the_place_of_confinement(1).zip
2016-07-27 09:22 - 2012-09-18 15:27 - 00501760 _____ C:\Windows\system32\ZSHP1020.EXE
2016-07-27 09:22 - 2012-09-18 15:27 - 00192512 _____ C:\Windows\system32\ZLhp1020.DLL
2016-07-22 05:51 - 2016-07-22 05:51 - 00164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2016-07-21 13:20 - 2016-07-21 13:21 - 08136664 _____ (Piriform Ltd) C:\Users\Sue\Downloads\ccsetup520.exe
2016-07-20 09:43 - 2016-07-20 09:43 - 00000000 ____D C:\Windows\EOONotify
2016-07-20 09:39 - 2016-07-20 09:51 - 00000000 ____D C:\Users\Sue\Documents\My Kindle Content
2016-07-20 09:38 - 2016-07-20 09:38 - 00001954 _____ C:\Users\Sue\Desktop\Kindle.lnk
2016-07-20 09:38 - 2016-07-20 09:38 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-07-20 09:38 - 2016-07-20 09:38 - 00000000 ____D C:\Users\Sue\AppData\Local\Amazon
2016-07-20 09:38 - 2016-07-20 09:38 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-07-20 09:32 - 2016-07-20 09:37 - 65292192 _____ (Amazon.com) C:\Users\Sue\Downloads\KindleForPC-installer-1.16.44025.exe
2016-07-15 10:15 - 2016-07-15 10:19 - 55412736 _____ C:\Users\Sue\Downloads\FontPack1500720033_XtdAlf_Lang_DC.msi
2016-07-13 11:12 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 11:12 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 11:12 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 11:12 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 11:12 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 11:12 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 11:12 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 11:12 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 11:12 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 11:12 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-13 11:00 - 2016-06-26 02:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 11:00 - 2016-06-26 02:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-13 11:00 - 2016-06-22 15:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 11:00 - 2016-06-17 20:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 11:00 - 2016-06-17 20:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 11:00 - 2016-06-17 20:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 11:00 - 2016-06-17 20:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 11:00 - 2016-06-17 20:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 11:00 - 2016-06-17 20:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-12 09:10 - 2014-02-11 13:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-12 09:10 - 2009-07-14 07:13 - 00006672 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-12 09:07 - 2014-02-05 15:14 - 00000000 ___RD C:\Users\Sue\Dropbox
2016-08-12 09:06 - 2015-10-20 11:36 - 00000747 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2016-08-12 09:06 - 2014-01-24 00:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-12 09:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-12 09:00 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-12 09:00 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-11 17:20 - 2015-06-18 10:35 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1553512357-681889351-1042443872-1000Core.job
2016-08-11 17:20 - 2014-02-04 12:10 - 00000000 ____D C:\Users\Sue\Documents\Bible
2016-08-11 16:45 - 2014-01-24 00:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-11 10:27 - 2015-10-20 11:35 - 00000000 ____D C:\ProgramData\WRData
2016-08-11 10:25 - 2014-01-24 00:55 - 00000000 ____D C:\Users\Sue\AppData\Local\ElevatedDiagnostics
2016-08-11 10:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 09:59 - 2014-01-29 11:45 - 00005642 ___SH C:\ProgramData\KGyGaAvL.sys
2016-08-11 09:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-08-11 09:36 - 2009-07-14 06:45 - 00367944 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 15:09 - 2014-02-05 09:52 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 15:05 - 2014-02-05 09:52 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 13:13 - 2014-02-05 15:11 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Dropbox
2016-08-10 12:47 - 2014-01-24 00:20 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-10 12:47 - 2014-01-24 00:20 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-07 08:56 - 2014-03-13 14:33 - 08218922 ____H C:\Users\Sue\AppData\Local\IconCache.db.backup
2016-08-05 14:47 - 2014-01-28 17:09 - 00000000 ____D C:\Users\Sue\Documents\Church
2016-08-05 11:43 - 2016-03-11 10:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-05 11:39 - 2014-01-28 17:09 - 00000000 ____D C:\Users\Sue\Documents\Computer Problems
2016-08-05 09:12 - 2015-10-20 11:36 - 00054512 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2016-08-04 11:57 - 2015-03-17 11:28 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-08-04 11:57 - 2015-03-17 11:28 - 00001850 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-08-04 11:57 - 2015-03-17 11:28 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-08-04 11:57 - 2015-01-07 10:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-02 12:01 - 2016-01-06 10:01 - 00000151 _____ C:\Windows\PhotoSnapViewer.INI
2016-08-02 11:14 - 2014-03-13 12:52 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Free Download Manager
2016-07-29 13:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-29 10:26 - 2016-05-04 09:37 - 00000119 _____ C:\Users\Sue\AppData\default.pls
2016-07-29 09:40 - 2014-01-24 00:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 09:40 - 2014-01-24 00:20 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-29 09:07 - 2014-01-28 17:10 - 00000000 ____D C:\Users\Sue\Documents\Activation Codes
2016-07-28 16:02 - 2016-07-06 14:02 - 00000000 ____D C:\HP Universal Print Driver
2016-07-28 15:29 - 2014-02-05 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-07-28 14:10 - 2015-06-12 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-07-28 14:10 - 2015-06-12 14:25 - 00000000 ____D C:\ProgramData\InstallMate
2016-07-28 14:07 - 2016-02-05 14:21 - 00001904 _____ C:\Users\Sue\Desktop\Dashlane.lnk
2016-07-28 14:07 - 2016-02-05 14:18 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Dashlane
2016-07-27 13:49 - 2014-01-28 17:33 - 00000000 ____D C:\Users\Sue\Documents\Fax
2016-07-27 13:47 - 2014-04-04 12:06 - 00036363 _____ C:\Windows\CSTBox.INI
2016-07-22 08:59 - 2015-10-20 11:36 - 00181176 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2016-07-22 08:59 - 2015-10-20 11:36 - 00115768 _____ (Webroot) C:\Windows\system32\WRusr.dll
2016-07-21 13:22 - 2015-01-20 08:20 - 00000000 ____D C:\Users\Sue\AppData\Local\CrashDumps
2016-07-21 13:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\ModemLogs
2016-07-21 13:21 - 2014-01-28 11:47 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-21 09:22 - 2014-01-29 11:17 - 00000000 ____D C:\Program Files (x86)\Cell C
2016-07-20 12:15 - 2014-01-28 17:07 - 00000000 ____D C:\Users\Sue\Documents\Counselling
2016-07-20 12:14 - 2014-01-28 17:17 - 00000000 ____D C:\Users\Sue\Documents\Sue
2016-07-20 09:43 - 2016-03-24 15:33 - 00000000 ____D C:\Windows\SysWOW64\GWX
2016-07-20 09:43 - 2015-04-07 14:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-19 08:47 - 2015-01-23 09:17 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-15 10:11 - 2014-02-11 13:04 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 10:11 - 2014-02-11 13:04 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-15 10:11 - 2014-02-11 13:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 09:41 - 2014-12-10 14:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-15 09:41 - 2011-04-12 10:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 12:10 - 2014-02-11 13:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 12:10 - 2014-02-11 13:04 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2015-10-20 11:37 - 2015-12-22 08:52 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-01-31 14:40 - 2015-05-27 09:21 - 0000308 _____ () C:\Users\Sue\AppData\Roaming\Rim.Desktop.Exception.log
2014-01-31 14:39 - 2016-01-27 10:19 - 0002021 _____ () C:\Users\Sue\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-01-31 14:40 - 2015-05-27 09:21 - 0000308 _____ () C:\Users\Sue\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-05-27 09:17 - 2015-05-27 09:19 - 0026624 _____ () C:\Users\Sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 11:47 - 2014-01-28 11:47 - 0088742 _____ () C:\ProgramData\1390902409.bdinstall.bin
2015-04-22 10:30 - 2015-04-22 10:30 - 0024750 _____ () C:\ProgramData\1429691406.1556.bin
2015-04-22 10:30 - 2015-04-22 10:30 - 0000189 _____ () C:\ProgramData\1429691406.5152.bin
2015-04-22 10:30 - 2015-04-22 10:30 - 0002046 _____ () C:\ProgramData\1429691406.5304.bin
2015-09-22 15:30 - 2015-09-22 15:30 - 0042137 _____ () C:\ProgramData\1442928627.bdinstall.bin
2015-10-01 13:28 - 2015-10-01 13:28 - 0025376 _____ () C:\ProgramData\1443698938.bdinstall.bin
2014-01-29 11:45 - 2014-02-05 12:17 - 0000088 __RSH () C:\ProgramData\3BD397F93A.sys
2014-01-29 11:45 - 2016-08-11 09:59 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Sue\AppData\Local\Temp\libeay32.dll
C:\Users\Sue\AppData\Local\Temp\msvcr120.dll
C:\Users\Sue\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-11 10:18

==================== End of FRST.txt ============================

Thanks - the next item will be sent on a second post
Diepfontein is offline  
Old 08-12-2016, 12:18 AM   #7
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Here's the addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Sue (2016-08-12 09:12:40)
Running from C:\Users\Sue\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-23 22:17:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1553512357-681889351-1042443872-500 - Administrator - Disabled)
Guest (S-1-5-21-1553512357-681889351-1042443872-501 - Limited - Enabled)
Sue (S-1-5-21-1553512357-681889351-1042443872-1000 - Administrator - Enabled) => C:\Users\Sue

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cell C (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ZTE)
CorelDRAW Design Collection - 2 (HKLM-x32\...\{FE56F651-BAFF-49C9-9F8B-069D76EFA442}) (Version: 1.0 - Corel Corporation)
CorelDRAW Design Collection - 3 (HKLM-x32\...\{0A5E9BD7-2885-4B06-8CFD-2EC6BCE8110E}) (Version: 1.0 - Corel Corporation)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.1 - Corel Corporation)
Dashlane (HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Dashlane) (Version: 4.5.1.15044 - Dashlane SAS)
Dropbox (HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
EN (x32 Version: 13.01 - Corel Corporation) Hidden
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\{80E666DA-3CC1-3476-9968-029D9F1FEB8F}) (Version: 52.0.2743.116 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
K-Lite Codec Pack 10.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Lyoness Browser (HKLM-x32\...\Lyoness Browser) (Version: 1.3.0.0 - Lyoness Browser)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{3BDEE284-1516-40E8-B784-00FEBE1B1033}) (Version: 7.02.9769 - Nero AG)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Online Bible 12.31 (HKLM-x32\...\OnlineBible) (Version: - )
Online Bible 12.31 (HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\OnlineBible) (Version: - )
Personality Evaluation Program (HKLM-x32\...\Personality Evaluation Program) (Version: - )
PocketBible American Standard Version (ASV) (HKLM-x32\...\{F4E267D9-9101-44F0-B19C-741465B12DC3}) (Version: 1.0.0 - Laridian)
PocketBible Amplified Bible (AMP) (HKLM-x32\...\{060D0FBE-797B-4C8F-9B5E-B260AD4AD877}) (Version: 1.0.0 - Laridian)
PocketBible Classic Bible Commentary (CBC) (HKLM-x32\...\{C7539D8D-E2CE-4F3F-804A-0CD0FA86DF2C}) (Version: 1.0.0 - Laridian)
PocketBible Crazy Love (CRZYLV) (HKLM-x32\...\{39B84728-0B03-48BD-9C50-4AF3B65F5ABF}) (Version: 1.0.0 - Laridian)
PocketBible Darby's New Translation (DNT) (HKLM-x32\...\{5D18A9A3-5C2E-4D44-A2D4-1C889CAE771A}) (Version: 1.0.0 - Laridian)
PocketBible Dictionary of Bible Themes (DBT) (HKLM-x32\...\{E6D374EA-AD1A-416E-9473-EEFB6D48D78C}) (Version: 1.0.0 - Laridian)
PocketBible Easton's Bible Dictionary (EBD) (HKLM-x32\...\{5A350BCE-C4CC-42D4-8186-453857D2A430}) (Version: 1.0.0 - Laridian)
PocketBible Exploring the Mind (EXPMIND) (HKLM-x32\...\{D8550737-B56A-4CC7-B992-78DE282CBA41}) (Version: 1.0.0 - Laridian)
PocketBible for Windows (HKLM-x32\...\{7311081F-E900-4105-BABB-94C77C1B876E}) (Version: 1.013 - Laridian)
PocketBible King James Version (KJV) (HKLM-x32\...\{93EBA3A6-CD72-4A30-9ECA-BFD84FC06629}) (Version: 6.1 - Laridian)
PocketBible NAS Exhaustive Concordance (NASEC) (HKLM-x32\...\{EDB056A3-1E96-4F2E-9001-CC376F686413}) (Version: 1.0.0 - Laridian)
PocketBible NET Bible (NET) (HKLM-x32\...\{B8DC86B1-C3DE-4830-84E1-BF2730F884EB}) (Version: 1.0.0 - Laridian)
PocketBible New American Standard Bible (NASB) (HKLM-x32\...\{500DD002-711E-4588-9B6B-8B712372729E}) (Version: 1.0.0 - Laridian)
PocketBible New King James Version (NKJV) (HKLM-x32\...\{DE44C20E-D90B-452C-AFBB-B3EC4EBA378F}) (Version: 1.0.0 - Laridian)
PocketBible New Living Translation Second Edition (NLTse) (HKLM-x32\...\{682ADFAC-6494-4C66-B2E8-8B7F5A5B79A6}) (Version: 1.0.0 - Laridian)
PocketBible NLT Study Bible Notes (HKLM-x32\...\{4C36C715-5C50-44A9-AAD9-996B5F2208DD}) (Version: 1.0.0 - Laridian)
PocketBible The Book of Common Prayer (BOCP) (HKLM-x32\...\{94E132D4-637F-4D1C-9A4C-73721FE741E3}) (Version: 1.0.0 - Laridian)
PocketBible Today's NIV New Testament (TNIVNT) (HKLM-x32\...\{E3E8D932-1713-44AE-9E91-93A1C65C45E2}) (Version: 1.0.0 - Laridian)
PocketBible Works of Josephus (WOJ) (HKLM-x32\...\{7DBEF109-3C01-4ABD-8E7A-47EF08DFB583}) (Version: 1.0.0 - Laridian)
PocketBible World English Bible (WEB) (HKLM-x32\...\{2EDB16F8-8F9D-44CA-B886-169CFED92AB2}) (Version: 1.0.0 - Laridian)
PocketBible Young's Literal Translation (YLT) (HKLM-x32\...\{82297C25-F129-454B-8065-6D6200BD65E1}) (Version: 1.0.0 - Laridian)
RawShooter essentials 2005 (HKLM-x32\...\RawShooter essentials 2005) (Version: 1.1.3 - Pixmantec)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.16.0 - Renesas Electronics Corporation) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype™ 6.9 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.9.106 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.16.201511171525 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
TSP_CODEC (HKLM-x32\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
update (x32 Version: 2.00.0000 - Your Company Name) Hidden
update (x32 Version: 3.00.0000 - Your Company Name) Hidden
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.10.21 - Webroot)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (06/14/2012 10.0.0.67) (HKLM\...\191AA2469E6D04FC63ED5E5BEF27E4E6A7816689) (Version: 06/14/2012 10.0.0.67 - Qualcomm Atheros Communications Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WordPerfect IFilter 64 bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.2 - Corel Corporation)
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (x32 Version: 15.7 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.7 - Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.528 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.7 - Corel Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1553512357-681889351-1042443872-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Sue\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D9F3F1F-B16C-43F0-8A56-FC4AC3D5D624} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0F545917-3D59-47CD-A1A7-1AA6D2DF1D2C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {1CA33079-3CD1-4499-B84E-CE5930A50A36} - System32\Tasks\{FC40FCA3-2188-4C7C-81C0-898A4E3F6653} => pcalua.exe -a C:\Users\Sue\Downloads\install_advance.exe -d C:\Users\Sue\Downloads
Task: {2C34FFEA-DA7E-4C89-BCBE-8CF23F208258} - System32\Tasks\{6612DBFF-1687-4F49-BFEB-BE9A96C41955} => pcalua.exe -a C:\Users\Sue\Documents\UTILITIE\Programs\Canon\lide25vst6411011aen\SetupSG.exe -d C:\Users\Sue\Documents\UTILITIE\Programs\Canon\lide25vst6411011aen
Task: {3E2F20BB-8688-4E21-96B3-010E3F8207F1} - System32\Tasks\{4DFCC0FA-185A-4721-B7B9-639B58C1BCED} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)
Task: {54C40CD1-E4E3-48DF-9930-F1B4A6926D9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5A902D80-9A3C-4CC2-95E1-77A96D70A6EE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {60FF659B-6297-4612-9A89-5AA2EF0C741D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7016AC5F-7025-4EF3-8339-EC979589B74F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec [Argument = /StartRecording]
Task: {7D297C3F-32F6-4055-AFB9-AB50857A8E3E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-07-31] ()
Task: {82596252-BE75-4C8F-BFA5-FFBFA42F9592} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate [Argument = -crl -hms -pscn 15]
Task: {83882432-08C7-45CA-8648-7406918C2E80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8F6155DE-E1FB-442F-BFF8-2CB38DD4CCBF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A12FBB70-6F39-429E-A258-59DC94AC0506} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A20E2C73-D9CA-42A3-8C26-DE9DDA4F9C86} - System32\Tasks\{BA0129DA-C3F4-4F0E-BB69-2E9D58E93F02} => pcalua.exe -a "C:\Users\Sue\Documents\UTILITIE\Online Bible\install_advance.exe" -d "C:\Users\Sue\Documents\UTILITIE\Online Bible"
Task: {A354031C-7506-42D6-9A9B-419DB3B727E0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate [Argument = $(Arg0)]
Task: {AB34B48D-2AFC-40EA-812C-304633642EE4} - System32\Tasks\{C11B1F63-0D9A-4A44-A0ED-ED1851845CCB} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {B921201B-2FAC-4561-9668-38ACDA72EABE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {C0FEA102-1979-4418-B649-8FF7D002AE04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CD4D7C43-DAF2-4F0E-9B63-A8E0E4E97E71} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DC694949-1050-4473-B8ED-F4E16D2E3749} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EA32B7EA-F157-45B1-8EFF-87A86EE56B8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F9D3AFB0-5D7B-4659-9F86-2C208470225C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1553512357-681889351-1042443872-1000Core => C:\Users\Sue\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {FD6087D5-BCEC-4E4E-A695-60EC287C65DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {FEE12EF2-7126-487C-B711-896FBF3644B9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec [Argument = /RestartRecording]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1553512357-681889351-1042443872-1000Core.job => C:\Users\Sue\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-22 13:37 - 2012-12-06 13:52 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll
2016-07-27 09:22 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2016-07-27 09:22 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-01-30 11:02 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-08-13 12:02 - 2013-12-09 09:00 - 00277248 _____ () C:\Program Files (x86)\Cell C\AssistantServices.exe
2016-02-05 14:21 - 2016-07-18 13:24 - 00286080 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\DashlanePlugin.exe
2015-06-09 17:14 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-08-13 12:02 - 2013-12-09 09:00 - 00157952 _____ () C:\Program Files (x86)\Cell C\UIExec.exe
2015-08-13 12:02 - 2013-07-11 13:12 - 00450304 _____ () C:\Program Files (x86)\Cell C\CancelAutoPlay.exe
2015-06-09 17:14 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2015-06-09 17:14 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00093568 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00143232 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00167296 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2015-09-07 16:02 - 2015-09-07 16:02 - 00212352 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2015-06-09 17:14 - 2015-04-21 12:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-09-07 16:01 - 2015-09-07 16:01 - 00056704 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2015-09-07 15:59 - 2015-09-07 15:59 - 00237440 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-11-06 11:46 - 2015-11-06 11:46 - 02385280 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2015-10-22 12:13 - 2015-10-22 12:13 - 00823168 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-07-18 13:24 - 2016-07-18 13:24 - 00347520 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 00430464 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 00469376 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 63056768 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 00292736 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 06255488 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 07350656 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 13592960 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 02284928 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.5.1.15044.dll
2016-07-18 13:24 - 2016-07-18 13:24 - 00339840 _____ () C:\Users\Sue\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.5.1.15044.dll
2016-02-12 13:00 - 2015-10-28 21:00 - 04932688 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
2016-08-10 13:13 - 2016-06-30 04:25 - 00035792 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-10 13:13 - 2016-06-30 04:25 - 00145864 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-08-10 13:13 - 2016-06-30 04:26 - 00019408 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-08-10 13:13 - 2016-06-30 04:25 - 00116688 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-08-10 13:13 - 2016-06-30 04:25 - 00100296 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-08-10 13:13 - 2016-06-30 04:25 - 00018888 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\select.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00019760 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-08-10 13:13 - 2016-06-30 04:25 - 00694224 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-08-10 13:13 - 2016-08-01 23:26 - 00020816 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-08-10 13:13 - 2016-06-30 04:26 - 00123856 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-08-10 13:13 - 2016-08-01 23:26 - 01682760 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-08-10 13:13 - 2016-08-01 23:26 - 00020808 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00021312 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00052024 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00038696 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00105928 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-10 13:13 - 2016-06-30 04:25 - 00392144 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-08-10 13:13 - 2016-06-30 04:27 - 00020936 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00024528 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00114640 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00381752 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00124880 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00025424 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00024016 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00175560 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00030160 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00043472 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00048592 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00026456 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00057808 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00024016 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-08-10 13:13 - 2016-08-01 23:26 - 00246592 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00028616 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00020800 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00019776 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00020800 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-08-10 13:13 - 2016-06-30 04:25 - 00144848 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-08-10 13:13 - 2016-06-30 04:26 - 00241104 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-08-10 13:13 - 2016-08-01 23:26 - 00020280 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00023376 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00350152 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00022352 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00024392 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-08-10 13:13 - 2016-06-30 04:28 - 00036296 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\librsync.dll
2016-08-10 13:13 - 2016-08-01 23:27 - 00084280 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-08-10 13:13 - 2016-08-01 23:27 - 01826096 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-08-10 13:13 - 2016-06-30 04:26 - 00083912 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 03929392 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 01972016 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00531248 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00132912 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00224056 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00207672 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00020288 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-08-10 13:13 - 2016-06-30 04:27 - 00060880 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00024904 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00546096 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00357680 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00168248 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-08-10 13:13 - 2016-08-01 23:27 - 00042808 _____ () C:\Users\Sue\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2010-02-28 02:55 - 2010-02-28 02:55 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1011DA7C [123]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-12 09:46 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1553512357-681889351-1042443872-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9165BF60-8369-4BFC-96E2-A7E3E160EA63}] => (Allow) C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D3D32477-3039-482A-A2C0-3C79961EAC97}] => (Allow) C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7A781F5B-877A-4EB6-A3F5-797864CC9834}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{09BE4637-2824-4BBA-B075-9B8299BEAEF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECF1A2A4-4F16-4B2D-ACF9-7F629DDFDEC5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{427113D1-E8E8-425E-AD6B-37546119FA36}] => (Allow) C:\Program Files (x86)\Lyoness Browser\Application\chrome.exe
FirewallRules: [{DF71624D-6E5E-49E0-ABD7-62DAB015C830}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADDA61FE-35DD-4050-8231-20DCD7A9EFF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F5C2DC0-D0CA-4B0C-A94D-2654020E87C8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{D101A873-6CFB-4226-BE67-332052F3A01F}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [TCP Query User{E36183B6-9906-4A66-AAF6-259C7FF62E81}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{D33AC8B0-E5DD-4484-8135-E46BBEFD8FFE}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [TCP Query User{2299234B-2C39-4C7F-B5A4-04C0D5D1E0A7}D:\setup.exe] => (Allow) D:\setup.exe
FirewallRules: [UDP Query User{8E5A2106-AF26-49AD-9AD9-2AB325E5B83B}D:\setup.exe] => (Allow) D:\setup.exe
FirewallRules: [TCP Query User{33937250-CE70-49CD-9E35-C1D017BFAA77}C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7C680288-7362-42A6-804C-526D4E8839C1}C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4621DF11-8DBF-42FE-AF22-BD41ADF0DD4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-07-2016 09:43:01 Windows Update
27-07-2016 09:23:36 Windows Update
28-07-2016 15:29:10 Removed HP Photosmart A530 Series
29-07-2016 13:33:27 Windows Update
02-08-2016 17:13:49 Windows Update
04-08-2016 11:56:50 Garmin Express
04-08-2016 17:57:47 Windows Update
05-08-2016 15:10:29 Windows Update
10-08-2016 15:04:19 Windows Update
11-08-2016 17:20:57 Windows Update

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2016 09:10:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/12/2016 09:10:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/12/2016 09:07:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2016 08:57:24 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/12/2016 08:57:24 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/12/2016 08:54:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2016 10:00:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/11/2016 10:00:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/11/2016 09:41:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/11/2016 09:41:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (08/12/2016 09:08:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126 = The specified module could not be found.

Error: (08/12/2016 0926 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (08/12/2016 09:05:15 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.

Error: (08/12/2016 09:04:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/12/2016 09:04:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2016 09:04:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2016 09:04:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/12/2016 09:04:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2016 09:04:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/12/2016 09:04:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 71%
Total physical RAM: 3981.83 MB
Available physical RAM: 1149.7 MB
Total Virtual: 7961.85 MB
Available Virtual: 5330.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:336.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 42F25199)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Diepfontein is offline  
Old 08-13-2016, 02:39 PM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Sue,

Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {0b3bac23-88ba-11e3-a97b-94de80d7a161} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {0c8e52f0-7615-11e4-bd8e-74d4353b0fc3} - E:\AutoLcd209x.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {81eb7d63-419e-11e5-ac94-001e101fe70e} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {885af982-40c7-11e5-baa5-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {885af9ad-40c7-11e5-baa5-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc48e-4190-11e5-93d3-74d4353b0fc3} - G:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc4a5-4190-11e5-93d3-74d4353b0fc3} - G:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc535-4190-11e5-93d3-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc54c-4190-11e5-93d3-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {cfc265c7-84ce-11e3-b15e-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {e6f0a4a6-4199-11e5-9ca5-f8d1110c893b} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {e6f0a4c0-4199-11e5-9ca5-f8d1110c893b} - E:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1553512357-681889351-1042443872-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2014-01-29 11:45 - 2014-02-05 12:17 - 0000088 __RSH () C:\ProgramData\3BD397F93A.sys
Task: {0D9F3F1F-B16C-43F0-8A56-FC4AC3D5D624} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {60FF659B-6297-4612-9A89-5AA2EF0C741D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {83882432-08C7-45CA-8648-7406918C2E80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8F6155DE-E1FB-442F-BFF8-2CB38DD4CCBF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A12FBB70-6F39-429E-A258-59DC94AC0506} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD4D7C43-DAF2-4F0E-9B63-A8E0E4E97E71} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DC694949-1050-4473-B8ED-F4E16D2E3749} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EA32B7EA-F157-45B1-8EFF-87A86EE56B8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
FirewallRules: [TCP Query User{2299234B-2C39-4C7F-B5A4-04C0D5D1E0A7}D:\setup.exe] => (Allow) D:\setup.exe
FirewallRules: [UDP Query User{8E5A2106-AF26-49AD-9AD9-2AB325E5B83B}D:\setup.exe] => (Allow) D:\setup.exe
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.


NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 08-14-2016, 04:58 AM   #9
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Thanks for this - I will only be ble to implement on Tuesday as I am out of the office right now. I will do this as soon as I can. You guys are just amazing!!! Thanks again! I will be in contact Tuesday 16th. Sue
Diepfontein is offline  
Old 08-16-2016, 12:46 AM   #10
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi - herewith fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Sue (16-08-2016 09:40:34) Run:1
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue (Available Profiles: Sue)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {0b3bac23-88ba-11e3-a97b-94de80d7a161} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {0c8e52f0-7615-11e4-bd8e-74d4353b0fc3} - E:\AutoLcd209x.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {81eb7d63-419e-11e5-ac94-001e101fe70e} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {885af982-40c7-11e5-baa5-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {885af9ad-40c7-11e5-baa5-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc48e-4190-11e5-93d3-74d4353b0fc3} - G:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc4a5-4190-11e5-93d3-74d4353b0fc3} - G:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc535-4190-11e5-93d3-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {b9ebc54c-4190-11e5-93d3-74d4353b0fc3} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {cfc265c7-84ce-11e3-b15e-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {e6f0a4a6-4199-11e5-9ca5-f8d1110c893b} - E:\AutoRun.exe
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\...\MountPoints2: {e6f0a4c0-4199-11e5-9ca5-f8d1110c893b} - E:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1553512357-681889351-1042443872-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2014-01-29 11:45 - 2014-02-05 12:17 - 0000088 __RSH () C:\ProgramData\3BD397F93A.sys
Task: {0D9F3F1F-B16C-43F0-8A56-FC4AC3D5D624} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {60FF659B-6297-4612-9A89-5AA2EF0C741D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {83882432-08C7-45CA-8648-7406918C2E80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8F6155DE-E1FB-442F-BFF8-2CB38DD4CCBF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A12FBB70-6F39-429E-A258-59DC94AC0506} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD4D7C43-DAF2-4F0E-9B63-A8E0E4E97E71} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DC694949-1050-4473-B8ED-F4E16D2E3749} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EA32B7EA-F157-45B1-8EFF-87A86EE56B8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
FirewallRules: [TCP Query User{2299234B-2C39-4C7F-B5A4-04C0D5D1E0A7}D:\setup.exe] => (Allow) D:\setup.exe
FirewallRules: [UDP Query User{8E5A2106-AF26-49AD-9AD9-2AB325E5B83B}D:\setup.exe] => (Allow) D:\setup.exe
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b3bac23-88ba-11e3-a97b-94de80d7a161}" => key removed successfully
HKCR\CLSID\{0b3bac23-88ba-11e3-a97b-94de80d7a161} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c8e52f0-7615-11e4-bd8e-74d4353b0fc3}" => key removed successfully
HKCR\CLSID\{0c8e52f0-7615-11e4-bd8e-74d4353b0fc3} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81eb7d63-419e-11e5-ac94-001e101fe70e}" => key removed successfully
HKCR\CLSID\{81eb7d63-419e-11e5-ac94-001e101fe70e} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885af982-40c7-11e5-baa5-74d4353b0fc3}" => key removed successfully
HKCR\CLSID\{885af982-40c7-11e5-baa5-74d4353b0fc3} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885af9ad-40c7-11e5-baa5-74d4353b0fc3}" => key removed successfully
HKCR\CLSID\{885af9ad-40c7-11e5-baa5-74d4353b0fc3} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ebc48e-4190-11e5-93d3-74d4353b0fc3}" => key removed successfully
HKCR\CLSID\{b9ebc48e-4190-11e5-93d3-74d4353b0fc3} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ebc4a5-4190-11e5-93d3-74d4353b0fc3}" => key removed successfully
HKCR\CLSID\{b9ebc4a5-4190-11e5-93d3-74d4353b0fc3} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ebc535-4190-11e5-93d3-74d4353b0fc3}" => key removed successfully
HKCR\CLSID\{b9ebc535-4190-11e5-93d3-74d4353b0fc3} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ebc54c-4190-11e5-93d3-74d4353b0fc3}" => key removed successfully
HKCR\CLSID\{b9ebc54c-4190-11e5-93d3-74d4353b0fc3} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfc265c7-84ce-11e3-b15e-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{cfc265c7-84ce-11e3-b15e-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6f0a4a6-4199-11e5-9ca5-f8d1110c893b}" => key removed successfully
HKCR\CLSID\{e6f0a4a6-4199-11e5-9ca5-f8d1110c893b} => key not found.
"HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6f0a4c0-4199-11e5-9ca5-f8d1110c893b}" => key removed successfully
HKCR\CLSID\{e6f0a4c0-4199-11e5-9ca5-f8d1110c893b} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value removed successfully
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{070DC617-E3B7-468B-A29C-D4E84FAE938C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{070DC617-E3B7-468B-A29C-D4E84FAE938C}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\ProgramData\3BD397F93A.sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D9F3F1F-B16C-43F0-8A56-FC4AC3D5D624}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D9F3F1F-B16C-43F0-8A56-FC4AC3D5D624}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60FF659B-6297-4612-9A89-5AA2EF0C741D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60FF659B-6297-4612-9A89-5AA2EF0C741D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83882432-08C7-45CA-8648-7406918C2E80}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83882432-08C7-45CA-8648-7406918C2E80}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F6155DE-E1FB-442F-BFF8-2CB38DD4CCBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F6155DE-E1FB-442F-BFF8-2CB38DD4CCBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A12FBB70-6F39-429E-A258-59DC94AC0506}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A12FBB70-6F39-429E-A258-59DC94AC0506}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD4D7C43-DAF2-4F0E-9B63-A8E0E4E97E71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4D7C43-DAF2-4F0E-9B63-A8E0E4E97E71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC694949-1050-4473-B8ED-F4E16D2E3749}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC694949-1050-4473-B8ED-F4E16D2E3749}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA32B7EA-F157-45B1-8EFF-87A86EE56B8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA32B7EA-F157-45B1-8EFF-87A86EE56B8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2299234B-2C39-4C7F-B5A4-04C0D5D1E0A7}D:\setup.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E5A2106-AF26-49AD-9AD9-2AB325E5B83B}D:\setup.exe => value removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1553512357-681889351-1042443872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {2B2DE478-169B-4DA2-B7EC-69ACB22B1182}.
Unable to cancel {E728D343-BAB4-44EC-8700-21DF2CDA235A}.
{A7552E48-B3D5-4536-9065-6087BCD9E8A0} canceled.
1 out of 3 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13246142 B
Java, Flash, Steam htmlcache => 711 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 153600 B
Firefox => 27477145 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 30707228 B
systemprofile32 => 1683868 B
LocalService => 107188 B
NetworkService => 0 B
Sue => 11408237 B

RecycleBin => 0 B
EmptyTemp: => 88.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:40:58 ====

Thank you!!
Diepfontein is offline  
Old 08-18-2016, 08:06 AM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Sue,

Thanks for the log. Please do the below steps.

STEP 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

STEP 2

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish

===============================================

Things I need to see in your next post:
MBAM log
ESET log
__________________
tekir06 is offline  
Old 08-19-2016, 03:24 AM   #12
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi there,
Herewith Mbam log. I had a weird time with the other scan - it first showed 14 threats but I couldn't do anything with the screen. I had to attend to something and then the screen had changed to be a gray block and I couldn't close it. So I rebooted my system and ran the scan again and it showed no threats. I had ensured that the box for it to automatically fix things was unchecked as directed. So I really am confused. While the scan was happening I received another returned mail from an unauthorised email being sent.

Once again - thanks for all the assistance. really appreciated.
Attached Files
File Type: txt Mbam log.txt (4.3 KB, 17 views)
Diepfontein is offline  
Old 08-19-2016, 03:41 AM   #13
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Sorry! My comment re the Returned Mail for unauthorised sending is incorrect. It was a return on an authorised email.! So already looking better thanks!!!
Diepfontein is offline  
Old 08-19-2016, 04:26 AM   #14
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi - I've run eset twice more and it seems to abort saying "stopped by user" after about 24000 odd files have been scanned. The first scan which showed 14 threats before becoming problematic was nearly finished after 67000 odd files.

My Webroot Secure Anywhere antivirus picked up 2 malware files which I have allowed it to delete now as the eset scan wouldn't proceed properly.
Diepfontein is offline  
Old 08-24-2016, 03:18 AM   #15
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi - I am going to be out of the country so won't be able to pick up emails until 31st August. Please don't close this thread!!

Thanks so much for all the assistance.
Diepfontein is offline  
Old 08-27-2016, 02:11 PM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

OK. The thread will remain open. I will wait.
__________________
tekir06 is offline  
Old 08-31-2016, 04:11 AM   #17
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi - I am back!! Thanks for waiting!

Sue
Diepfontein is offline  
Old 08-31-2016, 05:24 AM   #18
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hello again! I have redone the Mbam and Eset scans etc. and attach them herewith. Hope it's more helpful this time!!

The eset scan stopped again after some 36500 or so files - saying it was stopped by the user - which isn't correct. However it also said no threats found.

Look forward to hearing from you!!

regards,

Sue
Attached Files
File Type: txt Scan 31 Aug.txt (12.3 KB, 18 views)
Diepfontein is offline  
Old 09-01-2016, 03:34 AM   #19
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Sue,

Did you do the following?
Quote:
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
__________________
tekir06 is offline  
Old 09-02-2016, 01:31 AM   #20
Registered Member
 
Join Date: Mar 2011
Posts: 44
OS: Windows 7 Home Premium



Hi - I did I think - but redone to ensure - log attached.
Attached Files
File Type: txt Mbam log.txt (14.0 KB, 17 views)
Diepfontein is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Having trouble getting old emails on new computer - Outlook 2010
My husband bought a new laptop for his business, and wants all of his emails from his old computer onto his new one. Outlook 2010 is running on both computers, and is linked to his Hotmail account. Originally I just went onto his online Hotmail account and moved the emails out of his POP...
BecBennett Microsoft Office support 4 03-27-2014 08:48 AM
Is it possible Emails being stripped of HTML
Hi everyone im a l1/2 techie so forgive me if i ask noob questions as i have had 0 training. We have a shared mailbox on our exchange 2003 server for automated email orders from a very large chain of stores. normally these emails are formatted with html and can just be printed and filed in...
Gruelius Windows Servers 2 06-11-2011 07:53 PM
[SOLVED] &quot;Merging&quot; old emails from a .pstfile and newer emails from my ISP:s server
For a couple of months my desktop PC has not worked but after a reinstall of XP it is now fixed. Having many years of correspondence on my Outlook 2003 I now want to move those emails (.pst-file) to the "new" system. I purchased a new HDD to install the "new" system so I "saved" the old systemdisk...
berane Microsoft Office support 4 02-02-2011 11:25 AM
Cannot access our own website or emails
Hi I came on here a few weeks ago with a related posting (see thread here: https://www.techsupportforum.com/forums/f31/solved-internet-phone-network-issues-542784.html). Very shortly after we thought it was (SOLVED), the issue is now very much (UNSOLVED)! We are now losing business due to...
truffle32 Networking Support 9 01-28-2011 07:06 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:14 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts