Computer Issues

Started by lisa20, November 14, 2015, 06:16:24 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

lisa20

November 14, 2015, 06:16:24 PM
Hello! Immediately after I start my computer every time, I get a black screen to run a check on my c drive in 9 seconds. I started one time and it kept running it. I've had to reboot my computer many times to get it to work. I followed the steps and posted my logs below. Thank you again!!!!

Results of screen317's Security Check version 1.009 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Computer Security   
Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 8 Update 40 
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.245 
Adobe Reader XI 
Mozilla Firefox 27.0.1 Firefox out of Date! 
Google Chrome (46.0.2490.80)
Google Chrome (46.0.2490.86)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````[/u] 
Charter Security Suite apps ComputerSecurity Anti-Virus\FSGK32.EXE
Charter Security Suite apps ComputerSecurity Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````[/u]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by lisa (administrator) on LISA-VAIO (14-11-2015 11:32:50)
Running from C:\Users\lisa\Downloads
Loaded Profiles: lisa (Available Profiles: lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\McUICnt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel(R) Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310312 2015-10-08] (F-Secure Corporation)
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Run: [ShopAtHomeWatcher] => C:\Users\lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Run: [ShopAtHomeUpdater] => C:\Users\lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Run: [GoogleChromeAutoLaunch_9D01F335F49EFDFF400652C34E0227C8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-10-10]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2330229276-1937969778-3526454886-1001] => http=127.0.0.1:64550
Hosts: 127.0.0.1   localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{57A09F4D-5472-450A-88FA-CD092971DA04}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: [DhcpNameServer] 68.111.16.25 68.111.16.30

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.aadvantageeshopping.com/s____.htm
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mail.google.com/mail/u/0/?pli=1#inbox/14cfbba7aae47761
URLSearchHook: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 - FCToolbarURLSearchHook Class - {868978c8-95f3-4020-a5cd-5a16d60e36ca} - C:\Program Files (x86)\Dividend Miles Toolbar\Helper.dll ()
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> DefaultScope {D6C91924-6E13-4C68-AF8D-287154CA6975} URL = hxxp://isearch.shopathome.com?user_id={8F06BF6A-1C14-4FCA-8B96-20C2369E0EBD}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> 88484CA4358B4AB9AACE6D4E57FD8C2E URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCtB0A0F0AyDtD0E0EzytN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=485685207&ir=
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> DB07061EB62D42A98E3853E195D37BEA URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS424
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?FORM=UP94DF&PC=UP94&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> {7D1ADA97-646B-4957-9BEA-64068431946B} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> {D6C91924-6E13-4C68-AF8D-287154CA6975} URL = hxxp://isearch.shopathome.com?user_id={8F06BF6A-1C14-4FCA-8B96-20C2369E0EBD}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> {F40D307B-5829-4523-B880-8F59A61166A9} URL = hxxp://www.flickr.com/search/?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-10-05] (F-Secure Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Highlightly -> {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -> C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-10-05] (F-Secure Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Dividend Miles Toolbar BHO -> {69CD690C-70B1-4333-AD69-28FFF7118C56} -> C:\Program Files (x86)\Dividend Miles Toolbar\Toolbar.dll [2011-11-12] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: No Name -> {EA66B8E3-A3DD-4CCA-9D22-5BA5FFF9FEE8} -> No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-01-21] (Yahoo! Inc)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
Toolbar: HKLM-x32 - Dividend Miles Toolbar - {3948072D-28FE-4206-9F7F-2AFF92B24679} - C:\Program Files (x86)\Dividend Miles Toolbar\Toolbar.dll [2011-11-12] ()
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {3948072D-28FE-4206-9F7F-2AFF92B24679} -  No File
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {DD2BFB44-4363-4E2C-B3E5-6CF4E8AD951D} -  No File
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
DPF: HKLM-x32 {7677E74E-5831-4C9E-A2DD-9B1EF9DF2DB4} hxxps://www.paycomonline.net/v4/doceditor/officeviewer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F53B7748-643C-4A78-8DBC-01A4855D1A10} hxxps://www.paycomonline.net/v4/doceditor/FoxitPDFSDK_AX_Pro.ocx
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default
FF DefaultSearchEngine: Bing
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP94DF&PC=UP94&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-02-14] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2330229276-1937969778-3526454886-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\lisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2330229276-1937969778-3526454886-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\lisa\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-11-12] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
FF SearchPlugin: C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\searchplugins\bingp.xml [2014-05-03]
FF Extension: mysearchdial.com - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\ffxtlbr@mysearchdial.com [2014-01-15] [not signed]
FF Extension: ShopAtHome.com Toolbar - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\toolbar@shopathome.com [2012-05-08] [not signed]
FF Extension: RoxioNow Player Plugin - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\{3112ca9c-de6d-4884-a869-9855de680400} [2012-03-26] [not signed]
FF Extension: Jump Flip - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\firefox@jumpflip.net.xpi [2014-01-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: Browsing Protection by F-Secure - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2015-10-05]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-autoenable.js [2014-01-12] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-csp.js [2014-01-12]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\vitruvian-autoenable.cfg [2014-01-12] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SwagButton) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-10-25]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [cmclajginlihohopoeofghddnhpplhom] - C:\Program Files (x86)\Highlightly\Chrome\cmclajginlihohopoeofghddnhpplhom.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/Charter Security Suite/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-12-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413104 2015-03-04] (Coupons.com Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-10-08] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [217280 2015-10-20] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [73256 2015-10-20] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [66736 2015-09-16] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2013-02-21] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [97832 2015-10-05] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2015-10-08] ()
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-28] ()
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
U2 MSSQL$DDNI; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 11:32 - 2015-11-14 11:35 - 00031313 _____ C:\Users\lisa\Downloads\FRST.txt
2015-11-14 11:32 - 2015-11-14 11:32 - 00000000 ____D C:\FRST
2015-11-14 11:31 - 2015-11-14 11:31 - 02198528 _____ (Farbar) C:\Users\lisa\Downloads\FRST64.exe
2015-11-14 11:30 - 2015-11-14 11:30 - 01702400 _____ (Farbar) C:\Users\lisa\Downloads\FRST.exe
2015-11-13 05:53 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 22:20 - 2015-11-11 22:20 - 00000000 ____D C:\86d6fae1f3b6ac9aec02b901097d66
2015-11-11 20:40 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 20:40 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 20:40 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 20:40 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 20:40 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 20:40 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 20:40 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 20:40 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 20:40 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 20:40 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 20:40 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 20:40 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 20:40 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 20:40 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 20:40 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 20:40 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 20:36 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 20:36 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 20:36 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 20:36 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 20:36 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 20:36 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 20:36 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 20:36 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 20:36 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 20:36 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 20:36 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 20:36 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 20:36 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 20:36 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 20:36 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 20:36 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 20:36 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 20:36 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 20:36 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 20:36 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 20:36 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 20:36 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 20:36 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 20:36 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 20:36 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 20:36 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 20:36 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 20:36 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 20:36 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 20:36 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 20:36 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 20:36 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 20:36 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 20:36 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 20:36 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 20:36 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 20:36 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 20:32 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 20:32 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 20:32 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 20:32 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 20:32 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 20:32 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 20:32 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 20:32 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 20:32 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 20:32 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 20:32 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 20:32 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 20:32 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-10-15 21:11 - 2015-10-15 21:11 - 00000000 ____D C:\dff03877b130b771249e0eb7cc0d63a3
2015-10-15 20:24 - 2015-09-18 13:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 20:24 - 2015-09-18 13:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 20:24 - 2015-09-18 13:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 20:24 - 2015-09-18 13:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 20:24 - 2015-09-18 13:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 20:24 - 2015-09-18 13:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 20:24 - 2015-09-18 13:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-15 20:23 - 2015-09-18 13:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-15 20:23 - 2015-09-18 12:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-15 20:23 - 2015-09-15 22:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-15 20:23 - 2015-09-15 22:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-15 20:23 - 2015-09-15 22:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-15 20:23 - 2015-09-15 22:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-15 20:23 - 2015-09-15 22:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-15 20:23 - 2015-09-15 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-15 20:23 - 2015-09-15 22:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-15 20:23 - 2015-09-15 22:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-15 20:23 - 2015-09-15 22:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-15 20:23 - 2015-09-15 22:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-15 20:23 - 2015-09-15 22:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-15 20:23 - 2015-09-15 21:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-15 20:23 - 2015-09-15 21:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-15 20:23 - 2015-09-15 21:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-15 20:23 - 2015-09-15 21:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-15 20:23 - 2015-09-15 21:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-15 20:23 - 2015-09-15 21:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-15 20:23 - 2015-09-15 21:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-15 20:23 - 2015-09-15 21:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-15 20:23 - 2015-09-15 21:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-15 20:23 - 2015-09-15 21:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-15 20:23 - 2015-09-15 21:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-15 20:23 - 2015-09-15 21:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-15 20:23 - 2015-09-15 21:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-15 20:23 - 2015-09-15 21:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-15 20:23 - 2015-09-15 21:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-15 20:23 - 2015-09-15 21:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-15 20:23 - 2015-09-15 21:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-15 20:23 - 2015-09-15 21:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-15 20:23 - 2015-09-15 21:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-15 20:23 - 2015-09-15 21:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-15 20:23 - 2015-09-15 21:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-15 20:23 - 2015-09-15 21:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-15 20:23 - 2015-09-15 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-15 20:23 - 2015-09-15 21:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-15 20:23 - 2015-09-15 21:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-15 20:23 - 2015-09-15 21:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-15 20:23 - 2015-09-15 21:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-15 20:23 - 2015-09-15 21:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-15 20:23 - 2015-09-15 20:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-15 20:23 - 2015-09-15 20:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-15 20:23 - 2015-09-15 20:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-15 20:23 - 2015-09-15 20:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-15 20:23 - 2015-09-15 20:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-15 20:23 - 2015-09-15 20:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-15 20:23 - 2015-09-15 20:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-15 20:23 - 2015-09-15 20:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-15 20:23 - 2015-09-15 20:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-15 20:23 - 2015-09-15 20:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-15 20:22 - 2015-09-15 22:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-15 20:22 - 2015-09-15 22:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-15 20:22 - 2015-09-15 22:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-15 20:22 - 2015-09-15 22:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-15 20:22 - 2015-09-15 22:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-15 20:22 - 2015-09-15 22:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-15 20:22 - 2015-09-15 22:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-15 20:22 - 2015-09-15 21:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-15 20:22 - 2015-09-15 21:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-15 20:22 - 2015-09-15 21:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-15 20:22 - 2015-09-15 21:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-15 20:22 - 2015-09-15 21:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-15 20:22 - 2015-09-15 21:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms

Corrine

#1
November 14, 2015, 06:35:27 PM
Hi, Lisa.

1.  I know the logs are long but they do contain needed information.  Unfortunately, with such long logs, the character restrictions of the forum software sometimes cuts off the logs.  You ran FRST from the Downloads folder.  Please go to C:\Users\lisa\Downloads and move the following to your Desktop (C:\Users\lisa\Desktop):

FRST64.exe
FRST.txt
Addition.txt

2.  Next. please reopen FRST.txt and locate the line following the last full line posted in your log above (2015-10-15 20:19 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll).  Select the text following that line and copy/paste it in a new reply.

3.  Following that, please open Addition.txt and copy/paste that log in the same reply.

Thanks!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

#2
November 16, 2015, 02:36:38 AM
Thank you again! I'll check back tomorrow night.

This is the line after (2015-10-15 20:19 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll):

2015-10-15 20:19 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-15 20:19 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-15 20:15 - 2015-08-06 12:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-15 20:15 - 2015-08-06 12:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-15 20:15 - 2015-08-06 11:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-15 20:15 - 2015-08-06 11:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-15 20:10 - 2015-10-01 12:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-15 20:10 - 2015-10-01 12:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-15 20:10 - 2015-10-01 12:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-15 20:10 - 2015-10-01 12:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-15 20:10 - 2015-10-01 12:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-15 20:10 - 2015-10-01 12:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-15 20:10 - 2015-10-01 12:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-15 20:10 - 2015-10-01 11:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-15 20:10 - 2015-10-01 11:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 11:34 - 2009-07-13 22:45 - 00022704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-14 11:34 - 2009-07-13 22:45 - 00022704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-14 11:32 - 2014-01-12 15:11 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2015-11-14 11:29 - 2011-03-26 17:24 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2F03448F-2839-4571-8302-D2CAADEC42D8}
2015-11-14 11:28 - 2010-11-01 08:04 - 01629584 _____ C:\Windows\WindowsUpdate.log
2015-11-14 11:05 - 2012-10-28 13:30 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-11-14 11:05 - 2012-09-28 06:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-14 11:05 - 2010-07-27 02:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 03:03 - 2013-02-21 21:23 - 00003376 _____ C:\Windows\System32\Tasks\Scheduled scanning task
2015-11-14 03:03 - 2013-02-21 21:23 - 00000596 _____ C:\Windows\Tasks\Scheduled scanning task.job
2015-11-13 20:11 - 2009-07-13 23:13 - 00006210 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-13 20:08 - 2010-07-27 02:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-13 20:04 - 2010-07-27 02:09 - 00000050 _____ C:\Windows\system32\SupplicantTest.log
2015-11-13 20:04 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-13 20:04 - 2009-07-13 22:45 - 00442368 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-13 20:03 - 2009-07-13 22:51 - 00109569 _____ C:\Windows\setupact.log
2015-11-12 05:44 - 2013-07-29 02:02 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 05:44 - 2011-03-26 17:49 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-12 05:14 - 2011-03-26 17:21 - 00000000 ____D C:\Users\lisa
2015-11-11 22:19 - 2011-04-17 18:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 22:19 - 2010-07-13 12:20 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 21:08 - 2012-10-05 19:16 - 00002102 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 20:46 - 2012-09-28 06:13 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 20:46 - 2012-09-28 06:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 20:46 - 2012-09-28 06:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 06:17 - 2011-10-10 19:16 - 00000000 ____D C:\Users\lisa\Documents\Resumes
2015-11-02 04:40 - 2015-04-21 07:47 - 00000000 ____D C:\Users\lisa\Documents\Mystery Shopper
2015-10-22 17:06 - 2009-07-13 23:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-17 12:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-10-16 20:12 - 2014-12-10 03:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-16 20:12 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 21:09 - 2009-07-13 20:34 - 00000478 _____ C:\Windows\win.ini
2015-10-15 20:21 - 2014-10-15 18:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2014-01-12 15:11 - 2014-01-18 07:18 - 0000142 _____ () C:\Users\lisa\AppData\Roaming\WB.CFG
2014-01-12 15:11 - 2014-01-18 07:18 - 0000005 _____ () C:\Users\lisa\AppData\Roaming\WBPU-TTL.DAT
2012-10-19 20:02 - 2012-10-19 20:02 - 0007605 _____ () C:\Users\lisa\AppData\Local\Resmon.ResmonCfg
2011-09-10 08:28 - 2011-09-10 08:28 - 0000000 _____ () C:\Users\lisa\AppData\Local\{2195D532-CD53-4B70-A0F9-3CB7F7DC12C8}
2011-04-10 16:24 - 2011-04-10 16:26 - 0000376 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\lisa\AppData\Local\Temp\3imllgca.dll
C:\Users\lisa\AppData\Local\Temp\4D66.exe
C:\Users\lisa\AppData\Local\Temp\abxgstc5.dll
C:\Users\lisa\AppData\Local\Temp\ApnStub.exe
C:\Users\lisa\AppData\Local\Temp\BackupSetup.exe
C:\Users\lisa\AppData\Local\Temp\contentDATs.exe
C:\Users\lisa\AppData\Local\Temp\Couponscom.exe
C:\Users\lisa\AppData\Local\Temp\DefaultPack.exe
C:\Users\lisa\AppData\Local\Temp\fsprod.dll
C:\Users\lisa\AppData\Local\Temp\fssfm.dll
C:\Users\lisa\AppData\Local\Temp\ghxqywgr.dll
C:\Users\lisa\AppData\Local\Temp\GLF1A59.EXE
C:\Users\lisa\AppData\Local\Temp\GLF1D74.EXE
C:\Users\lisa\AppData\Local\Temp\GLF1E03.EXE
C:\Users\lisa\AppData\Local\Temp\GLF2438.EXE
C:\Users\lisa\AppData\Local\Temp\GLF269C.EXE
C:\Users\lisa\AppData\Local\Temp\GLF26E2.EXE
C:\Users\lisa\AppData\Local\Temp\GLF2D3C.EXE
C:\Users\lisa\AppData\Local\Temp\GLF360F.EXE
C:\Users\lisa\AppData\Local\Temp\GLF3882.EXE
C:\Users\lisa\AppData\Local\Temp\GLF38E0.EXE
C:\Users\lisa\AppData\Local\Temp\GLF3A76.EXE
C:\Users\lisa\AppData\Local\Temp\GLF4494.EXE
C:\Users\lisa\AppData\Local\Temp\GLF55A3.EXE
C:\Users\lisa\AppData\Local\Temp\GLF5620.EXE
C:\Users\lisa\AppData\Local\Temp\GLF57D6.EXE
C:\Users\lisa\AppData\Local\Temp\GLF5AD2.EXE
C:\Users\lisa\AppData\Local\Temp\GLF5B0.EXE
C:\Users\lisa\AppData\Local\Temp\GLF602E.EXE
C:\Users\lisa\AppData\Local\Temp\GLF682A.EXE
C:\Users\lisa\AppData\Local\Temp\GLF68BA.EXE
C:\Users\lisa\AppData\Local\Temp\GLF6923.EXE
C:\Users\lisa\AppData\Local\Temp\GLF69A1.EXE
C:\Users\lisa\AppData\Local\Temp\GLF7084.EXE
C:\Users\lisa\AppData\Local\Temp\GLF7256.EXE
C:\Users\lisa\AppData\Local\Temp\GLF789D.EXE
C:\Users\lisa\AppData\Local\Temp\GLF7CD7.EXE
C:\Users\lisa\AppData\Local\Temp\GLF7E68.EXE
C:\Users\lisa\AppData\Local\Temp\GLF7E87.EXE
C:\Users\lisa\AppData\Local\Temp\GLF7ED5.EXE
C:\Users\lisa\AppData\Local\Temp\GLF8008.EXE
C:\Users\lisa\AppData\Local\Temp\GLF80E8.EXE
C:\Users\lisa\AppData\Local\Temp\GLF83FF.EXE
C:\Users\lisa\AppData\Local\Temp\GLF8673.EXE
C:\Users\lisa\AppData\Local\Temp\GLF87CB.EXE
C:\Users\lisa\AppData\Local\Temp\GLF92A4.EXE
C:\Users\lisa\AppData\Local\Temp\GLF969A.EXE
C:\Users\lisa\AppData\Local\Temp\GLF9F41.EXE
C:\Users\lisa\AppData\Local\Temp\GLFA70F.EXE
C:\Users\lisa\AppData\Local\Temp\GLFABCC.EXE
C:\Users\lisa\AppData\Local\Temp\GLFACF1.EXE
C:\Users\lisa\AppData\Local\Temp\GLFB42A.EXE
C:\Users\lisa\AppData\Local\Temp\GLFB8CC.EXE
C:\Users\lisa\AppData\Local\Temp\GLFBB28.EXE
C:\Users\lisa\AppData\Local\Temp\GLFBE11.EXE
C:\Users\lisa\AppData\Local\Temp\GLFC660.EXE
C:\Users\lisa\AppData\Local\Temp\GLFC7C6.EXE
C:\Users\lisa\AppData\Local\Temp\GLFCEB9.EXE
C:\Users\lisa\AppData\Local\Temp\GLFD10B.EXE
C:\Users\lisa\AppData\Local\Temp\GLFD4D.EXE
C:\Users\lisa\AppData\Local\Temp\GLFD5D.EXE
C:\Users\lisa\AppData\Local\Temp\GLFD89B.EXE
C:\Users\lisa\AppData\Local\Temp\GLFDA3E.EXE
C:\Users\lisa\AppData\Local\Temp\GLFDD9B.EXE
C:\Users\lisa\AppData\Local\Temp\GLFE7D4.EXE
C:\Users\lisa\AppData\Local\Temp\GLFF7F5.EXE
C:\Users\lisa\AppData\Local\Temp\GLFFBDC.EXE
C:\Users\lisa\AppData\Local\Temp\GLFFD19.EXE
C:\Users\lisa\AppData\Local\Temp\gv37f7w_.dll
C:\Users\lisa\AppData\Local\Temp\h5vqndp-.dll
C:\Users\lisa\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\lisa\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\lisa\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\lisa\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\lisa\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\lisa\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\lisa\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\lisa\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\lisa\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\lisa\AppData\Local\Temp\kemdbffz.dll
C:\Users\lisa\AppData\Local\Temp\mssinstaller.exe
C:\Users\lisa\AppData\Local\Temp\ofmdaevu.dll
C:\Users\lisa\AppData\Local\Temp\opqtdras.dll
C:\Users\lisa\AppData\Local\Temp\ose00000.exe
C:\Users\lisa\AppData\Local\Temp\preconfig.exe
C:\Users\lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\lisa\AppData\Local\Temp\rcgx8vbj.dll
C:\Users\lisa\AppData\Local\Temp\rmgoqtty.dll
C:\Users\lisa\AppData\Local\Temp\rqje83e8.dll
C:\Users\lisa\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\lisa\AppData\Local\Temp\uyzto0zd.dll
C:\Users\lisa\AppData\Local\Temp\v0_a-unu.dll
C:\Users\lisa\AppData\Local\Temp\x55musgk.dll
C:\Users\lisa\AppData\Local\Temp\zehyylpc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-17 11:57

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by lisa (2015-11-14 11:35:58)
Running from C:\Users\lisa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-26 23:21:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2330229276-1937969778-3526454886-500 - Administrator - Disabled)
Guest (S-1-5-21-2330229276-1937969778-3526454886-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2330229276-1937969778-3526454886-1002 - Limited - Enabled)
lisa (S-1-5-21-2330229276-1937969778-3526454886-1001 - Administrator - Enabled) => C:\Users\lisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
AVS Image Converter 1.3.3.146 (HKLM-x32\...\AVS Image Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Charter Security Suite (HKLM-x32\...\F-Secure ServiceEnabler 42626) (Version: 2.21.286.0 - F-Secure Corporation)
Charter Security Suite (x32 Version: 2.21.286.0 - F-Secure Corporation) Hidden
Computer Security 14.121.104.0 (release) (x32 Version: 14.121.104.0 - F-Secure Corporation) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.5) (Version: 5.0.1.5 - Coupons.com Incorporated)
Dividend Miles Toolbar (HKLM-x32\...\Dividend Miles Toolbar) (Version:  - )
eFile Express 2010 (HKLM-x32\...\eFile Express 2010) (Version:  - )
eFile Express 2011 (HKLM-x32\...\eFile Express 2011) (Version:  - )
eFile Express 2014 (HKLM-x32\...\eFile Express 2014) (Version: 2014.0b - Smartrak Group, Inc.)
eMusic Download Manager (HKLM-x32\...\eMusic Download Manager 5.0.5) (Version: 5.0.5 - eMusic.com Inc.)
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.112.309 (release) (x32 Version: 1.51.112.309 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.102 (x32 Version: 1.03.102 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Highlightly (HKLM-x32\...\Highlightly) (Version: 1.9.0.0 - Highlightly) <==== ATTENTION
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{F4330A8B-3610-4483-975E-69789B70A764}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{7C1C9924-3755-483C-87B1-8371B7454B1A}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jump Flip (HKLM\...\Jump Flip) (Version: 2014.01.10.194223 - Jump Flip) <==== ATTENTION
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
Online Safety 2.115.2786.1676 (x32 Version: 2.115.2786.1676 - F-Secure Corporation) Hidden
OOBE (x32 Version: 3.10.0630 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.3.00.06040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Remote Play with PlayStation®3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
VAIO - Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.3.00.06040 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO Care (HKLM\...\{6EEC3E9C-3479-42EB-B93C-E7DF7927DD82}) (Version: 8.4.4.09181 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (x32 Version: 4.3.0.05310 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (x32 Version: 2.2.00.05120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.2.0.07020 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}) (Version: 12.00.0622 - Sony Corporation)
VAIO Manual (x32 Version: 1.1.0.05280 - Sony Corporation) Hidden
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
VAIO Quick Web Access (x32 Version: 1.3.4.2 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.2.0.06230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VAIO Wireless Wizard (x32 Version: 3.0.0.06230 - Sony) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WiseConvert (HKLM-x32\...\WiseConvert) (Version: 1.0 - WiseConvert)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zip Extractor Packages (HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

27-10-2015 19:36:21 Windows Update
31-10-2015 05:57:48 Windows Update
03-11-2015 20:56:05 Windows Update
11-11-2015 20:33:08 Windows Update
11-11-2015 22:17:20 Windows Update
12-11-2015 05:22:32 Windows Update
13-11-2015 06:50:23 Windows Update
14-11-2015 03:00:44 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-09-05 18:41 - 2015-09-05 18:41 - 00000355 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1   localhost
::1         localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B3F245-3ACD-42B4-B635-36B4A3969DD3} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {0A8CE399-673E-4C01-AF67-F68ACE607A61} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-23] (Sony Corporation)
Task: {0B8D5CB8-2B9E-4A72-9C1C-6F524D711E55} - System32\Tasks\Digital Sites => C:\Users\lisa\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {1061C67D-5C0A-4A38-AD6C-23A22A29A441} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {1C6F498A-DD25-4B66-9D1E-A91995567834} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-11-24] ()
Task: {51842E5E-1EDE-41D8-B814-8B909771E110} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5387BABF-2FB0-4596-AB6E-F1EBEA23C09D} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {53DA5D98-877E-4DFA-A0AD-52376515F3B1} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {586179E1-1E56-45D6-9DC2-A224418AFD23} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {5D311927-99AF-4BAC-949E-F730B81C12E3} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {606A086F-089C-4896-AB65-3ED62DB3F629} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {60E8562B-7AE8-4547-8613-B03D3BB48A6B} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {62242B98-3C96-4DE4-A157-45A975990C90} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {63560233-994B-4920-B4A5-987D166A1649} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {7272BF44-DB88-42E1-B81C-E12CB33A168B} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsav.exe [2015-10-08] (F-Secure Corporation)
Task: {85CD2846-ED71-484B-BF00-F974E632555A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {87A9F6FA-346E-493F-8E59-843705D8E756} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {8E146F02-DEB4-4A5E-AA9F-D92D82ADC9AE} - \MySearchDial -> No File <==== ATTENTION
Task: {8E290FFB-00A4-4332-AD58-DBBFD6A7E6E9} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {8FF0A885-3D37-417C-AB1D-980BCB20FB90} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {94E4A480-9EF6-428F-9253-9038823B445A} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {96B11C3D-A2A1-45B7-9598-D229E0A7A7CA} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {99EBA0BA-6B05-4527-8369-A209CDBF7344} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-06-22] (Sony Corporation)
Task: {9FCEAF38-E18E-4051-A2A0-4F424074C3CF} - System32\Tasks\VAIO® Messenger (lisa) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {A19878FA-B781-46A2-B1B4-91FCFCB4AC6C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {AE244010-7CCA-48F0-9931-D48ADD546E22} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {B3EAB967-736C-416F-888D-50AC58CB7DC7} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-06-22] (Sony Corporation)
Task: {B9520DC5-45E2-4E15-AE19-9E42F6E5BE19} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {BAC77103-A43D-4911-8DCF-5EFFF353A7B8} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {C11DB1F3-4A7B-420C-9F9E-AFFCFE771B0D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1F144AE-7706-49CD-9859-4FFAFD43687E} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {C8FDBCF6-DC9C-4C60-A047-961744B72262} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {CCA98A64-AD43-4F1A-96F7-FD8C3CD4324A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {D2CE53FF-C2CB-4E89-9DF2-B741E8A15B4D} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {E2A1DA07-8950-426E-A0B2-5F656D30B436} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {E6D101A9-7C94-4360-A4AA-E73356B0BCDE} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {F369EDFB-5A0B-427A-848C-3C1E3C251051} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {F4122E05-6592-4AC2-832F-B22A261B1FCE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\lisa\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\CHARTE~1\apps\COMPUT~1\ANTI-V~1\fsav.exeX /HARD /POLICY /SCHED /REPORT C:\PROGRA~2\CHARTE~1\apps\COMPUT~1\ANTI-V~1\report.txt

==================== Loaded Modules (Whitelisted) ==============

2010-07-19 15:48 - 2010-07-19 15:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-04-13 17:45 - 2011-04-19 15:31 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2014-04-13 17:45 - 2010-02-09 14:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-07-19 15:48 - 2010-07-19 15:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-04-13 17:45 - 2011-04-19 15:31 - 00150016 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2015-09-18 08:53 - 2015-09-18 08:53 - 00245912 _____ () C:\Program Files\Sony\VAIO Care\analyzer.dll
2014-04-13 17:42 - 2012-02-23 14:57 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-21 21:22 - 2015-10-08 04:20 - 00045608 _____ () C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2013-05-15 15:05 - 2013-05-15 15:05 - 00220096 _____ () C:\Program Files (x86)\Charter Security Suite\daas2.dll
2010-07-27 02:30 - 2010-05-31 20:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-07-27 02:30 - 2010-05-31 20:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2013-02-21 21:27 - 2013-02-21 21:27 - 00030888 _____ () C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-02-21 21:22 - 2015-09-22 03:55 - 00175144 _____ () C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Gemini\fsgem.dll
2013-02-21 21:22 - 2015-10-12 19:36 - 00212008 _____ () C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Spam Control\fsas.dll
2013-02-21 21:22 - 2015-10-20 18:37 - 00948264 _____ () C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-02-21 21:22 - 2015-10-08 04:20 - 00056360 _____ () C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavures.ENG
2014-04-13 17:42 - 2010-08-22 19:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2014-04-13 17:42 - 2010-08-22 19:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2014-04-13 17:42 - 2010-08-22 19:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2014-04-13 17:42 - 2010-08-22 19:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-04-13 17:42 - 2010-08-22 18:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2015-02-15 04:29 - 2015-02-15 04:29 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-11-11 21:07 - 2015-11-06 22:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 21:07 - 2015-11-06 22:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2014-04-13 17:42 - 2012-02-23 14:19 - 00669696 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2014-10-16 03:03 - 2014-10-16 03:03 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-07-12 15:29 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-07-02 22:06 - 2013-07-02 22:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 22:06 - 2013-07-02 22:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\paycomonline.net -> hxxps://www.paycomonline.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9ADB7CF9-BB6A-4F45-8EC4-90A30E833E56}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{82DE0DCF-56DF-4E90-A333-4711A488473E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{D745888D-C68E-4BFE-843E-2A2996F30E62}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{E08D95BF-36F4-4BC9-B8C1-74FB75245860}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{538244D4-4A97-495F-B12C-59B31C16671B}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{E3302768-E46E-4F83-BA68-B71F36587E2C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{A3DB6DC7-D059-47B5-BE94-3A0C7A7FFBCA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{043DE775-8142-4D31-8FEE-09E7D1C1A221}] => (Allow) svchost.exe
FirewallRules: [{A491B525-F448-40A7-A2F0-1E23F98F5578}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F42CB48A-DA1E-4C8C-8CF1-F8EAC2C076A1}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{8F6EB939-04E3-4B07-AF6C-60A74DD6C88C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{CBFFC972-2E8E-4D8C-BF46-A2D2CE8E38C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05A8D605-FFDF-4704-A487-E999D2CE3B53}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03DCBA26-9A22-4F9B-81D1-A5595FCCF494}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C94CEC8-9730-43D0-8DCF-DD2B314807D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4F9E348D-C97F-44AE-87A4-7B04278012FD}] => (Allow) C:\Program Files (x86)\Dividend Miles Toolbar\TroubleShooter.exe
FirewallRules: [{F742E2FC-D88C-4E8F-84CA-808A0BF914D6}] => (Allow) C:\Program Files (x86)\Dividend Miles Toolbar\TroubleShooter.exe
FirewallRules: [{D3B36C2D-285F-4F2C-A496-26D888E3E24E}] => (Allow) C:\Program Files (x86)\Dividend Miles Toolbar\ToolbarUpdate.exe
FirewallRules: [{F77495C6-34D4-4FB7-8AB8-5E5CB2C362DC}] => (Allow) C:\Program Files (x86)\Dividend Miles Toolbar\ToolbarUpdate.exe
FirewallRules: [{54857A7D-2617-4640-A5AE-D0812A85B8EE}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{FD0B0124-E30E-49F0-AADD-FCFD89E263DC}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{46F1DA8E-8ED3-4148-B442-F38DE7EBBEEE}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{858A0B86-84CF-4D65-BA5B-F26E59EACD65}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{86FBE8F2-CDAF-4539-A2D7-940CB9181F79}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{43325B2C-6E7F-4D27-953F-80F0F78D4ADF}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{DE6B9C62-2FB5-4DF2-AD09-E7C80764F875}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{8EC1DD6B-C37A-4983-B6C9-16C26C7580AB}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{B33A009C-4AC5-496E-B118-6070BB112A45}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{F053A2F1-5A66-4DA5-8657-C9ED0DAAE384}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{330DC3A3-48AC-4D32-8184-B80006AF6150}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{3E8DC075-B807-4987-A95C-7561211EE980}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{8FEA550F-FD2E-4832-A529-A422DD1D297A}] => (Allow) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
FirewallRules: [{9094DD97-48F8-41FB-BA32-B25431FD631B}] => (Allow) LPort=19540
FirewallRules: [{F1B7FDAA-7D1B-4E08-A753-2A6E5830ED48}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D775D56F-6E44-4188-BEC4-59F68CCB5F60}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{94F6813A-5ABB-49D9-83C6-55078949D08C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{77E8FA74-67F0-47B6-943C-AD906236F5F2}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{4D577C95-E544-4936-A58F-3785FB6A672C}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{5658A87E-24DF-4CE5-BAB1-18D22B94F6A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2015 08:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2005143

Error: (11/13/2015 08:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2005143

Error: (11/13/2015 08:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2015 08:54:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2003364

Error: (11/13/2015 08:54:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2003364

Error: (11/13/2015 08:54:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2015 08:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2002335

Error: (11/13/2015 08:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2002335

Error: (11/13/2015 08:54:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2015 08:54:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2001336


System errors:
=============
Error: (11/14/2015 09:05:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070570: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3100773).

Error: (11/14/2015 03:06:44 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error: (11/14/2015 03:03:08 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/13/2015 06:55:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070570: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3100773).

Error: (11/13/2015 06:54:36 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error: (11/13/2015 06:53:06 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error: (11/13/2015 05:52:59 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.

Error: (11/13/2015 05:52:59 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/13/2015 05:48:10 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/13/2015 05:48:10 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.


CodeIntegrity:
===================================
  Date: 2015-09-12 06:34:12.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 58%
Total physical RAM: 3758.1 MB
Available physical RAM: 1552.41 MB
Total Virtual: 7514.4 MB
Available Virtual: 4359.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.8 GB) (Free:198.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6EA98A7E)
Partition 1: (Not Active) - (Size=10.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=287.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Corrine

#3
November 16, 2015, 07:56:59 PM
Hi, Lisa.

Along with indications of PUPs (Potentially Unwanted Programs) and outdated third-party programs, I see the messages in the System errors portion of the log you are receiving about the need to run Chkdsk on both the C: and D: drives, as well as a message about a failed security update.  So, let's take this one step at a time and see how we make out.

1.  There are very few reasons why Java is needed on a personal computer.  See Java, The Never-Ending Saga and if you decide to keep it, please install the latest security updated version, available here:  Java SE 8u65Note:  UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  If you decide to remove it, uninstall Java 8 Update 40.

2.  The current version of Firefox is 42.0.  Seeing as how the latest version you have installed is 27.0.1 from February, 2014, it appears you are no longer using Firefox.  If that is the case, why not uninstall it?  If, however, you wish to keep it, please update to the latest version. Select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."

3.  Uninstall the following programs.  (McAfee Scan Plus likely installed as an unnecessary pre-checked option with a Flash Player or Java update. The others are variously described as PUPs, parasite, crossrider-browser plugin):
  • Catalina Savings Printer
  • Highly
  • McAfee Security Scan Plus
  • Zip Extractor Packages
4.   Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code Select

start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Run: [ShopAtHomeWatcher] => C:\Users\lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Run: [ShopAtHomeUpdater] => C:\Users\lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> DefaultScope {D6C91924-6E13-4C68-AF8D-287154CA6975} URL = hxxp://isearch.shopathome.com?user_id={8F06BF6A-1C14-4FCA-8B96-20C2369E0EBD}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> 88484CA4358B4AB9AACE6D4E57FD8C2E URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCtB0A0F0AyDtD0E0EzytN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=485685207&ir=
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> {D6C91924-6E13-4C68-AF8D-287154CA6975} URL = hxxp://isearch.shopathome.com?user_id={8F06BF6A-1C14-4FCA-8B96-20C2369E0EBD}&q={searchTerms}
BHO: Highlightly -> {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -> C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll => No File
C:\Program Files\Highlightly
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: No Name -> {EA66B8E3-A3DD-4CCA-9D22-5BA5FFF9FEE8} -> No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
C:\Program Files (x86)\Coupons.com CouponBar
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {3948072D-28FE-4206-9F7F-2AFF92B24679} -  No File
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {DD2BFB44-4363-4E2C-B3E5-6CF4E8AD951D} -  No File
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
FF Extension: mysearchdial.com - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\ffxtlbr@mysearchdial.com [2014-01-15] [not signed]
FF Extension: ShopAtHome.com Toolbar - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\toolbar@shopathome.com [2012-05-08] [not signed]
FF Extension: Jump Flip - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\firefox@jumpflip.net.xpi [2014-01-10] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-autoenable.js [2014-01-12] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-csp.js [2014-01-12]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\vitruvian-autoenable.cfg [2014-01-12] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [cmclajginlihohopoeofghddnhpplhom] - C:\Program Files (x86)\Highlightly\Chrome\cmclajginlihohopoeofghddnhpplhom.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx <not found>
U2 MSSQL$DDNI; no ImagePath
Task: {0B8D5CB8-2B9E-4A72-9C1C-6F524D711E55} - System32\Tasks\Digital Sites => C:\Users\lisa\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {8E146F02-DEB4-4A5E-AA9F-D92D82ADC9AE} - \MySearchDial -> No File <==== ATTENTION
EmptyTemp:
end

  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
5.  Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click on AdwCleaner.exe and select[/color] Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin.  Please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
6. Please download Junkware Removal Tool to your desktop.

  • Right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Since that is a lot to do, we'll take a look at chkdsk after the above is completed.  Please let me know if you have any questions or run into problems while following the above steps as well as how your computer is running now. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

#4
November 29, 2015, 01:55:52 AM
I was only able to post the first two logs--there is a problem with Junkware

Fix result of Farbar Recovery Scan Tool (x64) Version:28-11-2015
Ran by lisa (2015-11-28 09:14:37) Run:1
Running from C:\Users\lisa\Downloads
Loaded Profiles: lisa (Available Profiles: lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Run: [ShopAtHomeWatcher] => C:\Users\lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\...\Run: [ShopAtHomeUpdater] => C:\Users\lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> DefaultScope {D6C91924-6E13-4C68-AF8D-287154CA6975} URL = hxxp://isearch.shopathome.com?user_id={8F06BF6A-1C14-4FCA-8B96-20C2369E0EBD}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> 88484CA4358B4AB9AACE6D4E57FD8C2E URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCtB0A0F0AyDtD0E0EzytN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=485685207&ir=
SearchScopes: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> {D6C91924-6E13-4C68-AF8D-287154CA6975} URL = hxxp://isearch.shopathome.com?user_id={8F06BF6A-1C14-4FCA-8B96-20C2369E0EBD}&q={searchTerms}
BHO: Highlightly -> {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} -> C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll => No File
C:\Program Files\Highlightly
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: No Name -> {EA66B8E3-A3DD-4CCA-9D22-5BA5FFF9FEE8} -> No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
C:\Program Files (x86)\Coupons.com CouponBar
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {3948072D-28FE-4206-9F7F-2AFF92B24679} -  No File
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {DD2BFB44-4363-4E2C-B3E5-6CF4E8AD951D} -  No File
Toolbar: HKU\S-1-5-21-2330229276-1937969778-3526454886-1001 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
FF Extension: mysearchdial.com - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\ffxtlbr@mysearchdial.com [2014-01-15] [not signed]
FF Extension: ShopAtHome.com Toolbar - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\toolbar@shopathome.com [2012-05-08] [not signed]
FF Extension: Jump Flip - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\firefox@jumpflip.net.xpi [2014-01-10] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-autoenable.js [2014-01-12] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-csp.js [2014-01-12]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\vitruvian-autoenable.cfg [2014-01-12] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [cmclajginlihohopoeofghddnhpplhom] - C:\Program Files (x86)\Highlightly\Chrome\cmclajginlihohopoeofghddnhpplhom.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx <not found>
U2 MSSQL$DDNI; no ImagePath
Task: {0B8D5CB8-2B9E-4A72-9C1C-6F524D711E55} - System32\Tasks\Digital Sites => C:\Users\lisa\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {8E146F02-DEB4-4A5E-AA9F-D92D82ADC9AE} - \MySearchDial -> No File <==== ATTENTION
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => value removed successfully
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeUpdater => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value data removed successfully.
C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe => not found.
"C:\Program Files\McAfee Security Scan" => not found.
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\88484CA4358B4AB9AACE6D4E57FD8C2E" => key removed successfully
HKCR\CLSID\88484CA4358B4AB9AACE6D4E57FD8C2E => key not found.
"HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D6C91924-6E13-4C68-AF8D-287154CA6975}" => key removed successfully
HKCR\CLSID\{D6C91924-6E13-4C68-AF8D-287154CA6975} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}" => key removed successfully
"HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}" => key removed successfully
"C:\Program Files\Highlightly" => not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA66B8E3-A3DD-4CCA-9D22-5BA5FFF9FEE8}" => key removed successfully
HKCR\Wow6432Node\CLSID\{EA66B8E3-A3DD-4CCA-9D22-5BA5FFF9FEE8} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value removed successfully
"HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}" => key removed successfully
"C:\Program Files (x86)\Coupons.com CouponBar" => not found.
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3948072D-28FE-4206-9F7F-2AFF92B24679} => value removed successfully
HKCR\CLSID\{3948072D-28FE-4206-9F7F-2AFF92B24679} => key not found.
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DD2BFB44-4363-4E2C-B3E5-6CF4E8AD951D} => value removed successfully
HKCR\CLSID\{DD2BFB44-4363-4E2C-B3E5-6CF4E8AD951D} => key not found.
HKU\S-1-5-21-2330229276-1937969778-3526454886-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value removed successfully
HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => key not found.
C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\ffxtlbr@mysearchdial.com => moved successfully
C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\toolbar@shopathome.com => moved successfully
C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\Extensions\firefox@jumpflip.net.xpi => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-autoenable.js => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-csp.js => moved successfully
C:\Program Files (x86)\mozilla firefox\vitruvian-autoenable.cfg => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cmclajginlihohopoeofghddnhpplhom" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hphehadppenpmajgnkjdcopcfijjegaf" => key removed successfully
MSSQL$DDNI => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B8D5CB8-2B9E-4A72-9C1C-6F524D711E55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B8D5CB8-2B9E-4A72-9C1C-6F524D711E55}" => key removed successfully
C:\Windows\System32\Tasks\Digital Sites => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E146F02-DEB4-4A5E-AA9F-D92D82ADC9AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E146F02-DEB4-4A5E-AA9F-D92D82ADC9AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => key removed successfully
EmptyTemp: => 6.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:31:47 ====



# AdwCleaner v5.022 - Logfile created 28/11/2015 at 17:50:30
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : lisa - LISA-VAIO
# Running from : C:\Users\lisa\Downloads\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

  • Service Not Deleted : CouponPrinterService
    [-] Service Deleted : YahooAUService

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\Coupons
    [-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
    [-] Folder Deleted : C:\ProgramData\Yahoo! Companion
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wiseconvert
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [-] Folder Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
    [-] Folder Deleted : C:\Users\lisa\AppData\LocalLow\Yahoo! Companion
    [-] Folder Deleted : C:\Users\lisa\AppData\LocalLow\ShopAtHome
    [-] Folder Deleted : C:\Users\lisa\AppData\LocalLow\Yahoo!\Companion
    [-] Folder Deleted : C:\Users\lisa\AppData\Roaming\DigitalSites
    [-] Folder Deleted : C:\Users\lisa\AppData\Roaming\Yahoo!\Companion
    [-] Folder Deleted : C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PackageAware
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

    ***** [ Files ] *****

    [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
    [-] File Deleted : C:\Users\lisa\daemonprocess.txt
    [-] File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hphehadppenpmajgnkjdcopcfijjegaf
    [-] File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff
    [-] File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
    [-] File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
    [-] File Deleted : C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\searchplugins\bingp.xml

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : Digital Sites

    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ShopAtHomeWatcher]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ShopAtHomeUpdater]
    [-] Key Deleted : HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
    [-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
    [-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
    [-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
    [-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
    [-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
    [-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.hxxpHandle302
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.hxxpHandle302.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E65CDDB-BB80-4C5D-8B07-5E280CCABC15}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9912DD71-1FDF-455B-99D3-D690A1C607D8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4ADB-B353-42C991C99A2E}
    [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}
    [-] Key Deleted : HKCU\Software\mysearchdial.com
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jump Flip
    [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\removeconduitsearch.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\rsearch.shopathome.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.mysearchdial.com

    ***** [ Web browsers ] *****

    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.cntry", "US");
    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.hdrMd5", "");
    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.lastB", "chrome://branding/locale/browserconfig.properties");
    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "");
    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.sahtb.alerts.menu", "[{\"text\":\"Click here for Cosi Coupons & Great Deals\",\"altText\":\"\",\"tooltip\":\"Click this link to find discounts and rebates from Shop[...]
    [-] [C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\u7asfcq0.default\prefs.js] [Preference] Deleted : user_pref("extensions.sahtb.cookies", "{\"cid\":\"28775328\",\"owner\":\"nonbundle\",\"refer\":\" 1002822\",\"source\":\"SEPDSE\",\"subid\":\"SEPDSE\",\"postinstall\":\"hxxp%3a%2f%2fwww.shopathome.com[...]
    [-] [C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
    [-] [C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gngocbkfmikdgphklgmmehbjjlfgdemm

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [14167 bytes] ##########

lisa20

#5
November 29, 2015, 02:05:47 AM
I think this is the junkware log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by lisa (Administrator) on Sat 11/28/2015 at 19:49:55.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



a
File System: 1

Successfully deleted: C:\Windows\couponprinter.ocx (File)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9D01F335F49EFDFF400652C34E0227C8 (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\CouponPrinterService (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69CD690C-70B1-4333-AD69-28FFF7118C56} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3948072D-28FE-4206-9F7F-2AFF92B24679} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/28/2015 at 19:57:11.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Corrine

#6
November 29, 2015, 08:08:21 PM
Excellent, Lisa!  That is just what I wanted to see.  Now, let's return to the System Errors portion of the log you are receiving about the need to run Chkdsk.

Please do the following: (please note: this may take a while to complete)

  • Click on Start > Run and type in cmd
  • Press Enter
  • In the Command Prompt window type chkdsk c:/r and press Enter.
    Please Note the space between k c:/r
  • The next dialog box will now show the following:

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? <Y/N>

  • Type Y and reboot the computer.
  • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
To find the log that is produced please do the following:

Please download ListChkdskResult by SleepyDude to the desktop.

  • Double click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply and let me know how your computer is now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

#7
December 03, 2015, 02:38:32 AM
After I typed " chkdsk c:/r" and press Enter, I received this message:
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.

Therefore, I didn't receive this message: Would you like to schedule this volume to be
checked the next time the system restarts? <Y/N>

Please let me know what to do next.

Pierre75

#8
December 03, 2015, 09:44:36 AM
Right click on 'cmd' as you will have to run as administrator. Hope this helps you.
IF IT AIN'T BROKE -  DON'T FIX IT

Corrine

#9
December 03, 2015, 04:51:35 PM
Sorry, Lisa.  Please do as Pierre75 said and Click on Start > Run and type in cmd.  Then right-click cmd.exe when it shows up in the search results.  Click "Run as Administrator" and Yes to Run as Administrator.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

#10
December 06, 2015, 01:52:57 PM
Sorry, I'm unable to find "run as administrator." I tried two different ways: I typed cmd and right clicked but it doesn't show up and then I clicked enter and it didn't either. There is only a prompt c:\users\lisa>
I don't think I'm doing something right. I'm unable to look into this again until tonight or later this week.

Corrine

#11
December 06, 2015, 02:39:32 PM
Hi, Lisa.  See how to get the cmd prompt and run as administrator here:  Run Command Prompt as an Administrator.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

plodr

#12
December 06, 2015, 04:35:42 PM
Run as administrator should appear when you right click any item that needs to execute.
Is this item missing from your right click menu?

Chugging coffee and computing!

lisa20

#13
December 07, 2015, 01:54:21 AM
Thank you all! I have a log. Please let me know if I missed anything or if there is anything else left.

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 12/6/2015 7:50:50 PM >------
Category: 0
Computer Name: lisa-VAIO
Event Code: 1001
Record Number: 196776
Source Name: Microsoft-Windows-Wininit
Time Written: 12-06-2015 @ 23:51:24
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  338176 file records processed.                                         

File verification completed.
  1985 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  10048 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
The index bitmap for index $I30 in file 0x46e66 is invalid or missing.
The index bitmap for index $I30 in file 0x46e66 is invalid or missing.
Correcting error in index $I30 for file 290406.
The index bitmap $I30 is present but there is no corresponding
index allocation attribute in file 0x46e66.
Correcting error in index $I30 for file 290406.
The down pointer of current index entry with length 0xa0 is invalid.
53 0e 05 00 00 00 01 00 a0 00 84 00 01 00 00 00  S...............
66 6e 04 00 00 00 31 00 22 70 56 4c a2 ea d0 01  fn....1."pVL....
40 bd cb 66 d9 c4 d0 01 9a 2a ae 42 81 08 d1 01  @..f.....*.B....
22 70 56 4c a2 ea d0 01 00 10 00 00 00 00 00 00  "pVL............
00 0c 00 00 00 00 00 00 22 00 00 00 00 00 00 00  ........".......
21 01 61 00 70 00 69 00 2d 00 6d 00 73 00 2d 00  !.a.p.i.-.m.s.-.
77 00 69 00 6e 00 2d 00 63 00 6f 00 72 00 65 00  w.i.n.-.c.o.r.e.
2d 00 66 00 69 00 62 00 65 00 72 00 73 00 2d 00  -.f.i.b.e.r.s.-.
6c 00 31 00 2d 00 31 00 2d 00 30 00 2e 00 64 00  l.1.-.1.-.0...d.
6c 00 6c 00 00 00 03 00 ff ff ff ff ff ff ff ff  l.l.............
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
Sorting index $I30 in file 290406.
The index bitmap for index $I30 in file 0x46e7b is invalid or missing.
The index bitmap for index $I30 in file 0x46e7b is invalid or missing.
Correcting error in index $I30 for file 290427.
The index bitmap $I30 is present but there is no corresponding
index allocation attribute in file 0x46e7b.
Correcting error in index $I30 for file 290427.
The down pointer of current index entry with length 0xa0 is invalid.
10 0e 05 00 00 00 03 00 a0 00 84 00 01 00 00 00  ................
7b 6e 04 00 00 00 4d 00 2b 28 4c 4b a2 ea d0 01  {n....M.+(LK....
10 df a1 cd a5 c4 d0 01 d7 dd ac 43 81 08 d1 01  ...........C....
2b 28 4c 4b a2 ea d0 01 00 10 00 00 00 00 00 00  +(LK............
00 0c 00 00 00 00 00 00 22 00 00 00 00 00 00 00  ........".......
21 01 61 00 70 00 69 00 2d 00 6d 00 73 00 2d 00  !.a.p.i.-.m.s.-.
77 00 69 00 6e 00 2d 00 63 00 6f 00 72 00 65 00  w.i.n.-.c.o.r.e.
2d 00 66 00 69 00 62 00 65 00 72 00 73 00 2d 00  -.f.i.b.e.r.s.-.
6c 00 31 00 2d 00 31 00 2d 00 30 00 2e 00 64 00  l.1.-.1.-.0...d.
6c 00 6c 00 00 00 03 00 ff ff ff ff ff ff ff ff  l.l.............
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
Sorting index $I30 in file 290427.
The index bitmap for index $I30 in file 0x51bbf is invalid or missing.
Correcting error in index $I30 for file 334783.
The index bitmap $I30 is present but there is no corresponding
index allocation attribute in file 0x51bbf.
Correcting error in index $I30 for file 334783.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
ff ff ff ff ff ff ff ff 32 24 05 cd 01 1d d1 01  ........2$......
1c b8 73 ce 01 1d d1 01 ef 53 27 d0 01 1d d1 01  ..s......S'.....
Sorting index $I30 in file 334783.
The index bitmap for index $I30 in file 0x51bc9 is invalid or missing.
Correcting error in index $I30 for file 334793.
The index bitmap $I30 is present but there is no corresponding
index allocation attribute in file 0x51bc9.
Correcting error in index $I30 for file 334793.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
ff ff ff ff ff ff ff ff 32 24 05 cd 01 1d d1 01  ........2$......
1c b8 73 ce 01 1d d1 01 ef 53 27 d0 01 1d d1 01  ..s......S'.....
Sorting index $I30 in file 334793.
  433406 index entries processed.                                       

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file icrav03.rat (22816) into directory file 334783.
Recovering orphaned file ticrf.rat (24328) into directory file 334783.
Recovering orphaned file API-MS~1.DLL (241046) into directory file 290427.
Recovering orphaned file api-ms-win-core-util-l1-1-0.dll (241046) into directory file 290427.
Recovering orphaned file msrating.dll (249039) into directory file 334783.
Recovering orphaned file iesetup.dll (249066) into directory file 334793.
Recovering orphaned file iernonce.dll (288632) into directory file 334793.
Recovering orphaned file ieuinit.inf (292283) into directory file 334793.
Recovering orphaned file ZAPA768.tmp (330526) into directory file 1445.
Recovering orphaned file AP29BC~1.DLL (331239) into directory file 290406.
Recovering orphaned file api-ms-win-core-console-l1-1-0.dll (331239) into directory file 290406.
Recovering orphaned file AP29BC~1.DLL (331243) into directory file 290427.
Recovering orphaned file api-ms-win-core-console-l1-1-0.dll (331243) into directory file 290427.
Recovering orphaned file AP95B6~1.DLL (331245) into directory file 290406.
Recovering orphaned file api-ms-win-core-localization-l1-1-0.dll (331245) into directory file 290406.
Recovering orphaned file AP95B6~1.DLL (331247) into directory file 290427.
Recovering orphaned file api-ms-win-core-localization-l1-1-0.dll (331247) into directory file 290427.
Recovering orphaned file APB625~1.DLL (331265) into directory file 290427.
Recovering orphaned file api-ms-win-security-base-l1-1-0.dll (331265) into directory file 290427.
Recovering orphaned file APCB07~1.DLL (331269) into directory file 290427.
Recovering orphaned file api-ms-win-core-debug-l1-1-0.dll (331269) into directory file 290427.
Recovering orphaned file APCB07~1.DLL (331270) into directory file 290406.
Recovering orphaned file api-ms-win-core-debug-l1-1-0.dll (331270) into directory file 290406.
Recovering orphaned file API-MS~3.DLL (331273) into directory file 290427.
Recovering orphaned file api-ms-win-core-delayload-l1-1-0.dll (331273) into directory file 290427.
Recovering orphaned file API-MS~3.DLL (331274) into directory file 290406.
Recovering orphaned file api-ms-win-core-delayload-l1-1-0.dll (331274) into directory file 290406.
Recovering orphaned file AP345C~1.DLL (331277) into directory file 290427.
Recovering orphaned file api-ms-win-core-errorhandling-l1-1-0.dll (331277) into directory file 290427.
Recovering orphaned file APBEA8~1.DLL (331280) into directory file 290427.
Recovering orphaned file AP4F63~1.DLL (331284) into directory file 290406.
Recovering orphaned file api-ms-win-core-handle-l1-1-0.dll (331284) into directory file 290406.
Recovering orphaned file AP4F63~1.DLL (331286) into directory file 290427.
Recovering orphaned file api-ms-win-core-handle-l1-1-0.dll (331286) into directory file 290427.
Recovering orphaned file AP26B7~1.DLL (331289) into directory file 290427.
Recovering orphaned file api-ms-win-core-heap-l1-1-0.dll (331289) into directory file 290427.
Recovering orphaned file AP40C7~1.DLL (331291) into directory file 290406.
Recovering orphaned file api-ms-win-core-interlocked-l1-1-0.dll (331291) into directory file 290406.
Recovering orphaned file AP40C7~1.DLL (331293) into directory file 290427.
Recovering orphaned file api-ms-win-core-interlocked-l1-1-0.dll (331293) into directory file 290427.
Recovering orphaned file APC409~1.DLL (331295) into directory file 290406.
Recovering orphaned file api-ms-win-core-io-l1-1-0.dll (331295) into directory file 290406.
Recovering orphaned file APC409~1.DLL (331297) into directory file 290427.
Recovering orphaned file api-ms-win-core-io-l1-1-0.dll (331297) into directory file 290427.
Recovering orphaned file APD0F3~1.DLL (331299) into directory file 290406.
Recovering orphaned file api-ms-win-core-libraryloader-l1-1-0.dll (331299) into directory file 290406.
Recovering orphaned file APD0F3~1.DLL (331302) into directory file 290427.
Recovering orphaned file api-ms-win-core-libraryloader-l1-1-0.dll (331302) into directory file 290427.
Recovering orphaned file AP25B1~1.DLL (331306) into directory file 290427.
Recovering orphaned file api-ms-win-core-memory-l1-1-0.dll (331306) into directory file 290427.
Recovering orphaned file AP8526~1.DLL (331311) into directory file 290427.
Recovering orphaned file api-ms-win-core-namedpipe-l1-1-0.dll (331311) into directory file 290427.
Recovering orphaned file AP507A~1.DLL (331314) into directory file 290427.
Recovering orphaned file api-ms-win-core-processenvironment-l1-1-0.dll (331314) into directory file 290427.
Recovering orphaned file AP5574~1.DLL (331320) into directory file 290427.
Recovering orphaned file api-ms-win-core-profile-l1-1-0.dll (331320) into directory file 290427.
Recovering orphaned file AP5574~1.DLL (331321) into directory file 290406.
Recovering orphaned file api-ms-win-core-profile-l1-1-0.dll (331321) into directory file 290406.
Recovering orphaned file API-MS~2.DLL (331323) into directory file 290406.
Recovering orphaned file api-ms-win-core-rtlsupport-l1-1-0.dll (331323) into directory file 290406.
Recovering orphaned file API-MS~2.DLL (331325) into directory file 290427.
Recovering orphaned file api-ms-win-core-rtlsupport-l1-1-0.dll (331325) into directory file 290427.
Recovering orphaned file AP743F~1.DLL (331327) into directory file 290406.
Recovering orphaned file api-ms-win-core-string-l1-1-0.dll (331327) into directory file 290406.
Recovering orphaned file AP743F~1.DLL (331329) into directory file 290427.
Recovering orphaned file api-ms-win-core-string-l1-1-0.dll (331329) into directory file 290427.
Recovering orphaned file AP7678~1.DLL (331331) into directory file 290406.
Recovering orphaned file api-ms-win-core-synch-l1-1-0.dll (331331) into directory file 290406.
Recovering orphaned file APAC15~1.DLL (331336) into directory file 290427.
Recovering orphaned file api-ms-win-core-threadpool-l1-1-0.dll (331336) into directory file 290427.
Recovering orphaned file API-MS~1.DLL (331338) into directory file 290406.
Recovering orphaned file api-ms-win-core-util-l1-1-0.dll (331338) into directory file 290406.
Recovering orphaned file AP1910~1.DLL (331340) into directory file 290406.
Recovering orphaned file api-ms-win-core-xstate-l1-1-0.dll (331340) into directory file 290406.
Recovering orphaned file AP1910~1.DLL (331341) into directory file 290427.
Recovering orphaned file api-ms-win-core-xstate-l1-1-0.dll (331341) into directory file 290427.
Recovering orphaned file APB625~1.DLL (331342) into directory file 290406.
Recovering orphaned file api-ms-win-security-base-l1-1-0.dll (331342) into directory file 290406.
Recovering orphaned file AP77CB~1.DLL (331344) into directory file 290427.
Recovering orphaned file api-ms-win-core-datetime-l1-1-0.dll (331344) into directory file 290427.
Recovering orphaned file AP77CB~1.DLL (331345) into directory file 290406.
Recovering orphaned file api-ms-win-core-datetime-l1-1-0.dll (331345) into directory file 290406.
Recovering orphaned file AP345C~1.DLL (331346) into directory file 290406.
Recovering orphaned file api-ms-win-core-errorhandling-l1-1-0.dll (331346) into directory file 290406.
Recovering orphaned file APBEA8~1.DLL (331347) into directory file 290406.
Recovering orphaned file AP87F4~1.DLL (331349) into directory file 290406.
Recovering orphaned file api-ms-win-core-file-l1-1-0.dll (331349) into directory file 290406.
Recovering orphaned file AP87F4~1.DLL (331350) into directory file 290427.
Recovering orphaned file api-ms-win-core-file-l1-1-0.dll (331350) into directory file 290427.
Recovering orphaned file AP26B7~1.DLL (331353) into directory file 290406.
Recovering orphaned file api-ms-win-core-heap-l1-1-0.dll (331353) into directory file 290406.
Recovering orphaned file AP1AAC~1.DLL (331355) into directory file 290427.
Recovering orphaned file api-ms-win-core-localregistry-l1-1-0.dll (331355) into directory file 290427.
Recovering orphaned file AP25B1~1.DLL (331357) into directory file 290406.
Recovering orphaned file api-ms-win-core-memory-l1-1-0.dll (331357) into directory file 290406.
Recovering orphaned file APCB21~1.DLL (331359) into directory file 290406.
Recovering orphaned file api-ms-win-core-misc-l1-1-0.dll (331359) into directory file 290406.
Recovering orphaned file APCB21~1.DLL (331361) into directory file 290427.
Recovering orphaned file api-ms-win-core-misc-l1-1-0.dll (331361) into directory file 290427.
Recovering orphaned file AP8526~1.DLL (331362) into directory file 290406.
Recovering orphaned file api-ms-win-core-namedpipe-l1-1-0.dll (331362) into directory file 290406.
Recovering orphaned file AP507A~1.DLL (331364) into directory file 290406.
Recovering orphaned file api-ms-win-core-processenvironment-l1-1-0.dll (331364) into directory file 290406.
Recovering orphaned file API-MS~4.DLL (331365) into directory file 290406.
Recovering orphaned file api-ms-win-core-processthreads-l1-1-0.dll (331365) into directory file 290406.
Recovering orphaned file API-MS~4.DLL (331367) into directory file 290427.
Recovering orphaned file api-ms-win-core-processthreads-l1-1-0.dll (331367) into directory file 290427.
Recovering orphaned file AP7678~1.DLL (331369) into directory file 290427.
Recovering orphaned file api-ms-win-core-synch-l1-1-0.dll (331369) into directory file 290427.
Recovering orphaned file APFAD9~1.DLL (331371) into directory file 290406.
Recovering orphaned file api-ms-win-core-sysinfo-l1-1-0.dll (331371) into directory file 290406.
Recovering orphaned file APFAD9~1.DLL (331373) into directory file 290427.
Recovering orphaned file api-ms-win-core-sysinfo-l1-1-0.dll (331373) into directory file 290427.
Recovering orphaned file APAC15~1.DLL (331375) into directory file 290406.
Recovering orphaned file api-ms-win-core-threadpool-l1-1-0.dll (331375) into directory file 290406.
  70 unindexed files scanned.                                       

Recovering orphaned file AP1AAC~1.DLL (331377) into directory file 290406.
Recovering orphaned file api-ms-win-core-localregistry-l1-1-0.dll (331377) into directory file 290406.
CHKDSK is recovering remaining unindexed files.
  7 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  338176 file SDs/SIDs processed.                                       

Cleaning up 1537 unused index entries from index $SII of file 0x9.
Cleaning up 1537 unused index entries from index $SDH of file 0x9.
Cleaning up 1537 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 297597.
  47617 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34148440 USN bytes processed.                                           

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

301781335 KB total disk space.
  86731444 KB in 196296 files.
    122664 KB in 47619 indexes.
         0 KB in bad sectors.
    450147 KB in use by the system.
     65536 KB occupied by the log file.
214477080 KB available on disk.

      4096 bytes in each allocation unit.
  75445333 total allocation units on disk.
  53619270 allocation units available on disk.

Internal Info:
00 29 05 00 d5 b8 03 00 8f f7 06 00 00 00 00 00  .)..............
c9 0a 00 00 40 27 00 00 00 00 00 00 00 00 00 00  ....@'..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------

Corrine

#14
December 07, 2015, 02:47:56 AM
Perfect!  This is what I was hoping for: 

File verification completed.

  1985 large file records processed.                                   
  0 bad file records processed.                                     
  0 EA records processed.                                           
  10048 reparse records processed.     

and, most importantly, 0 KB in bad sectors.

So, Lisa, if your computer is back to normal, let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

  • Click Run
The program will run for a few moments and then notepad will open with a log.   Please paste the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1 2
User actions