Jump to content

nodsh

Members
  • Content Count

    1,004
  • Joined

  • Last visited

  • Days Won

    1

About nodsh

  • Rank
    $ Supporting Member

Profile Information

  • Gender
    Male
  • OS
    Windows 10

Profile Fields

  • Country

Recent Profile Visitors

3,312 profile views
  1. Broni , What can I say , there are no words that are good enough for what you provide , this is another senior who also has health issues and needed help . YOU just continue to impress me , THANKS
  2. I had trouble with Sophos , first time it showed scanning but nothing happeded , after a hour or two , redid it and it worked , NO threats checkup Results of screen317's Security Check version 1.014 --- 12/23/15 Windows Vista Service Pack 1 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 7 Java version 32-bit out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 31.7.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive 😄 1 % ````````````````````End of Log`````````````````````` FSS Farbar Service Scanner Version: 27-01-2016 Ran by John (administrator) on 16-09-2018 at 14:58:58 Running from "C:\Users\John\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcsvc.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  3. Broni , computer seems to be better already , he does seem to have some stuff running that isn't necessary , and i imagine he needs some stuff updated also
  4. Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by John (16-09-2018 12:53:37) Run:1 Running from C:\Users\John\Desktop Loaded Profiles: John (Available Profiles: John) Boot Mode: Normal ============================================== fixlist content: ***************** HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false C:\Program Files (x86)\Driver Support HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: F - F:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: {cce4dadc-4ddf-11df-8766-804d35a47c63} - F:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: {cce4dae8-4ddf-11df-8766-804d35a47c63} - F:\VZAccess_Manager.exe /z detect CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTE NTION S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] 2014-10-02 23:56 - 2015-01-25 14:56 - 000000244 _____ () C:\Users\John\AppData\Roaming\WB.CFG 2009-05-13 07:58 - 2014-07-27 21:45 - 000005418 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\AtStart.txt 2010-06-23 03:33 - 2010-07-18 23:54 - 000000680 _____ () C:\Users\John\AppData\Local\d3d9caps.dat 2010-03-23 22:03 - 2010-03-23 22:03 - 000003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-02 22:56 - 2014-10-02 22:56 - 000002402 _____ () C:\Users\John\AppData\Local\dd_vcredistMSI713D.txt 2014-10-02 22:56 - 2014-10-02 22:56 - 000013448 _____ () C:\Users\John\AppData\Local\dd_vcredistUI713D.txt 2014-10-10 00:56 - 2014-12-01 19:56 - 000000010 _____ () C:\Users\John\AppData\Local\DSI.DAT 2015-01-14 23:56 - 2015-01-14 23:56 - 000234679 _____ () C:\Users\John\AppData\Local\dsi1.dat 2015-01-14 23:56 - 2015-01-14 23:56 - 000161916 _____ () C:\Users\John\AppData\Local\dsi2.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\DSwitch.txt 2014-11-23 07:56 - 2014-11-23 07:56 - 000000008 _____ () C:\Users\John\AppData\Local\ext2.dat 2014-11-23 07:56 - 2014-11-23 07:56 - 000643948 _____ () C:\Users\John\AppData\Local\extsq.dll 2013-04-04 10:18 - 2013-04-04 16:59 - 000000000 _____ () C:\Users\John\AppData\Local\FnF4.txt 2011-05-02 10:27 - 2011-05-02 10:27 - 000000092 _____ () C:\Users\John\AppData\Local\fusioncache.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\QSwitch.txt 2010-06-21 16:35 - 2008-09-10 05:17 - 000073728 ____R () C:\Users\John\AppData\Local\Temp\eject.exe 2009-04-14 18:49 - 2008-12-17 15:34 - 000069632 _____ (Hewlett-Packard Company) C:\Users\John\AppData\Local\Temp\HPQSi.exe 2009-05-28 15:04 - 2009-05-28 15:04 - 000775504 ____N (CANON INC.) C:\Users\John\AppData\Local\Temp\MSETUP4.EXE 2012-10-31 10:49 - 2012-10-31 10:49 - 000000000 _____ () C:\Users\John\AppData\Local\Temp\sgd3r0vu.dll 2014-10-02 22:56 - 2014-10-02 22:56 - 004961800 _____ (Microsoft Corporation) C:\Users\John\AppData\Local\Temp\vcredist_x64.exe HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE} HKL M\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,- 153 <==== ATTENTION ***************** "HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Support" => removed successfully "C:\Program Files (x86)\Driver Support" => not found "HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => removed successfully "HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cce4dadc-4ddf-11df-8766-804d35a47c63}" => removed successfully HKLM\Software\Classes\CLSID\{cce4dadc-4ddf-11df-8766-804d35a47c63} => not found "HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cce4dae8-4ddf-11df-8766-804d35a47c63}" => removed successfully HKLM\Software\Classes\CLSID\{cce4dae8-4ddf-11df-8766-804d35a47c63} => not found "HKLM\SOFTWARE\Policies\Google" => removed successfully "HKLM\System\CurrentControlSet\Services\aspnet_state" => removed successfully aspnet_state => service removed successfully "HKLM\System\CurrentControlSet\Services\IpInIp" => removed successfully IpInIp => service removed successfully "HKLM\System\CurrentControlSet\Services\NwlnkFlt" => removed successfully NwlnkFlt => service removed successfully "HKLM\System\CurrentControlSet\Services\NwlnkFwd" => removed successfully NwlnkFwd => service removed successfully C:\Users\John\AppData\Roaming\WB.CFG => moved successfully C:\Users\John\AppData\Roaming\wklnhst.dat => moved successfully C:\Users\John\AppData\Local\AtStart.txt => moved successfully C:\Users\John\AppData\Local\d3d9caps.dat => moved successfully C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully C:\Users\John\AppData\Local\dd_vcredistMSI713D.txt => moved successfully C:\Users\John\AppData\Local\dd_vcredistUI713D.txt => moved successfully C:\Users\John\AppData\Local\DSI.DAT => moved successfully C:\Users\John\AppData\Local\dsi1.dat => moved successfully C:\Users\John\AppData\Local\dsi2.dat => moved successfully C:\Users\John\AppData\Local\DSwitch.txt => moved successfully C:\Users\John\AppData\Local\ext2.dat => moved successfully C:\Users\John\AppData\Local\extsq.dll => moved successfully C:\Users\John\AppData\Local\FnF4.txt => moved successfully C:\Users\John\AppData\Local\fusioncache.dat => moved successfully C:\Users\John\AppData\Local\QSwitch.txt => moved successfully C:\Users\John\AppData\Local\Temp\eject.exe => moved successfully C:\Users\John\AppData\Local\Temp\HPQSi.exe => moved successfully C:\Users\John\AppData\Local\Temp\MSETUP4.EXE => moved successfully C:\Users\John\AppData\Local\Temp\sgd3r0vu.dll => moved successfully C:\Users\John\AppData\Local\Temp\vcredist_x64.exe => moved successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE} => Error: No automatic fix found for this entry. HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully The system needed a reboot. ==== End of Fixlog 12:53:44 ====
  5. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018 Ran by John (administrator) on TED (16-09-2018 12:12:57) Running from C:\Users\John\Desktop Loaded Profiles: John (Available Profiles: John) Platform: Windows Vista (TM) Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Program Files (x86)\SMINST\BLService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\hpcoretech\hpcmpmgr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533736 2008-06-20] (Synaptics, Inc.) HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1418752 2008-09-23] (Motorola Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6942240 2008-12-02] (Realtek Semiconductor) HKLM\...\Run: [NtrigApplet] => C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe [2508800 2008-10-04] (N-trig LLC) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DVDAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.) HKLM-x32\...\Run: [TSMAgent] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink) HKLM-x32\...\Run: [TVAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.) HKLM-x32\...\Run: [UCam_Menu] => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2008-12-10] (DigitalPersona, Inc.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [212992 2003-06-26] (Hewlett-Packard Company) HKLM-x32\...\Run: [DXDllRegExe] => dxdllreg.exe HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-02] (AVAST Software) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-11-18] (Hewlett-Packard) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [4351216 2009-05-26] (Yahoo! Inc.) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: F - F:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: {cce4dadc-4ddf-11df-8766-804d35a47c63} - F:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: {cce4dae8-4ddf-11df-8766-804d35a47c63} - F:\VZAccess_Manager.exe /z detect Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-05-02] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-03-08] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) BootExecute: sasnative64autocheck autochk * CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 Tcpip\..\Interfaces\{23D17549-2D51-4533-9D30-206EED7C4958}: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{70794814-EED6-4EB0-B6D9-9FAC505A5EDA}: [NameServer] 66.174.95.44 66.174.92.14 Tcpip\..\Interfaces\{FA5178E9-555C-4096-8A42-B261E3A1E2D3}: [DhcpNameServer] 192.168.254.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com SearchScopes: HKLM -> DefaultScope {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM -> {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 -> DefaultScope {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 -> {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 -> {CA416F80-8278-4E6E-A1A5-3DC7AF8C8080} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKU\.DEFAULT -> DefaultScope {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\.DEFAULT -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-19 -> DefaultScope {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-19 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-20 -> DefaultScope {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-20 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = SearchScopes: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> {DEB1B286-E97B-47FA-B0AF-5C41D003D645} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms} BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll => No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10] (Sun Microsystems, Inc.) BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.) BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll => No File Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll No File Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll No File Toolbar: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - No File Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default [2018-09-16] FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\user.js [2014-10-02] FF Homepage: Mozilla\Firefox\Profiles\lxuivsbe.default -> hxxp://home.tb.ask.com/index.jhtml?ptb=32355069-27A7-41E7-9B5E-1B9A9D12BB95&n=781b43a6&p2=^BX1^xdm107^YYA^us&si=CD15543_1240-1uKu18umudd34wludwwA FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: (DigitalPersona Extension) - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2009-03-20] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-24] [Legacy] [not signed] FF HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-06] (CANON INC.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software) R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2008-12-10] (DigitalPersona, Inc.) [File not signed] R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] () R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [77004 2011-05-02] (Oak Technology Inc.) [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-02] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-10-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-02] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-02] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-10-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-02] () R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [217216 2008-05-30] (AuthenTec, Inc.) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-09-16] (Malwarebytes) S3 NtrigDigitizerUSBLowerFilter; C:\Windows\System32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [6656 2008-07-27] (Windows (R) Codename Longhorn DDK provider) S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.) S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.) S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.) R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1200128 2008-09-23] (Motorola Inc.) S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-16 12:12 - 2018-09-16 12:14 - 000023001 _____ C:\Users\John\Desktop\FRST.txt 2018-09-16 12:12 - 2018-09-16 12:12 - 000000000 ____D C:\Users\John\Desktop\FRST-OlderVersion 2018-09-16 10:53 - 2018-09-16 10:55 - 000000000 ____D C:\desktopstuff 2018-09-16 10:41 - 2018-09-16 10:41 - 000015434 _____ C:\Users\John\Desktop\mbam.txt 2018-09-16 10:22 - 2018-09-16 10:22 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-09-16 10:22 - 2018-09-16 10:22 - 000001811 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-16 10:22 - 2018-09-16 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-16 10:22 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-09-16 10:21 - 2018-09-16 10:21 - 000000000 ____D C:\Program Files\Malwarebytes 2018-09-16 10:19 - 2018-09-16 10:20 - 076534856 _____ (Malwarebytes ) C:\Users\John\Downloads\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe 2018-09-16 10:16 - 2018-09-16 10:17 - 081533360 _____ (Malwarebytes ) C:\Users\John\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6841.exe 2018-09-16 09:33 - 2018-09-16 09:33 - 000000000 ____D C:\Windows\System32\Tasks\Norton Remove and Reinstall 2018-09-16 09:26 - 2018-09-16 09:27 - 014797392 _____ (Symantec Corporation) C:\Users\John\Downloads\NRnR.exe 2018-09-14 20:00 - 2018-09-16 12:12 - 000000000 ____D C:\FRST 2018-09-14 19:31 - 2018-09-14 19:33 - 000000000 ____D C:\AdwCleaner 2018-09-14 19:21 - 2018-09-14 19:21 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe 2018-09-14 17:22 - 2018-09-14 17:22 - 007567568 _____ (Malwarebytes) C:\Users\John\Downloads\AdwCleaner.exe 2018-09-14 17:03 - 2018-09-16 12:12 - 002413568 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe 2018-09-14 16:58 - 2018-09-14 16:59 - 036873520 _____ (Adlice Software ) C:\Users\John\Downloads\RogueKiller_setup_ref3.exe 2018-09-14 11:08 - 2018-09-16 11:09 - 000004174 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-09-14 11:08 - 2018-09-14 11:08 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2018-09-14 11:08 - 2018-09-14 11:08 - 000000000 ____D C:\Program Files\Common Files\avast software 2018-09-14 09:32 - 2018-09-14 09:32 - 000000258 __RSH C:\ProgramData\ntuser.pol 2018-09-14 08:37 - 2018-09-14 08:37 - 000000000 ____D C:\ProgramData\MB2Migration ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-16 12:14 - 2009-04-14 22:27 - 000025568 _____ C:\ProgramData\HPWALog.txt 2018-09-16 10:43 - 2006-11-02 09:33 - 000000000 ____D C:\Windows\inf 2018-09-16 10:43 - 2006-11-02 08:46 - 000704562 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-16 10:40 - 2009-01-19 05:55 - 000003576 _____ C:\Windows\System32\Tasks\HP Health Check 2018-09-16 10:36 - 2006-11-02 11:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-09-16 10:36 - 2006-11-02 11:22 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-16 10:36 - 2006-11-02 11:22 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-16 10:35 - 2006-11-02 11:42 - 000032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-09-16 10:21 - 2010-02-14 15:39 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-09-16 09:50 - 2010-10-18 16:26 - 000000000 ____D C:\Users\John\AppData\LocalLow\Yahoo! 2018-09-16 09:50 - 2009-09-11 17:39 - 000000000 ____D C:\ProgramData\Yahoo! 2018-09-16 09:50 - 2009-09-11 17:39 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2018-09-16 09:33 - 2009-04-14 22:28 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared 2018-09-16 09:29 - 2009-01-19 04:19 - 000000000 ____D C:\ProgramData\Norton 2018-09-16 09:17 - 2009-01-19 05:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2018-09-15 09:44 - 2010-06-23 03:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2018-09-14 19:33 - 2009-09-11 17:41 - 000000000 ____D C:\Users\John\AppData\Roaming\Yahoo! 2018-09-14 17:48 - 2012-07-12 10:33 - 002702794 _____ C:\Windows\ntbtlog.txt 2018-09-14 09:27 - 2014-08-23 14:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2014-10-02 23:56 - 2015-01-25 14:56 - 000000244 _____ () C:\Users\John\AppData\Roaming\WB.CFG 2009-05-13 07:58 - 2014-07-27 21:45 - 000005418 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\AtStart.txt 2010-06-23 03:33 - 2010-07-18 23:54 - 000000680 _____ () C:\Users\John\AppData\Local\d3d9caps.dat 2010-03-23 22:03 - 2010-03-23 22:03 - 000003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-02 22:56 - 2014-10-02 22:56 - 000002402 _____ () C:\Users\John\AppData\Local\dd_vcredistMSI713D.txt 2014-10-02 22:56 - 2014-10-02 22:56 - 000013448 _____ () C:\Users\John\AppData\Local\dd_vcredistUI713D.txt 2014-10-10 00:56 - 2014-12-01 19:56 - 000000010 _____ () C:\Users\John\AppData\Local\DSI.DAT 2015-01-14 23:56 - 2015-01-14 23:56 - 000234679 _____ () C:\Users\John\AppData\Local\dsi1.dat 2015-01-14 23:56 - 2015-01-14 23:56 - 000161916 _____ () C:\Users\John\AppData\Local\dsi2.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\DSwitch.txt 2014-11-23 07:56 - 2014-11-23 07:56 - 000000008 _____ () C:\Users\John\AppData\Local\ext2.dat 2014-11-23 07:56 - 2014-11-23 07:56 - 000643948 _____ () C:\Users\John\AppData\Local\extsq.dll 2013-04-04 10:18 - 2013-04-04 16:59 - 000000000 _____ () C:\Users\John\AppData\Local\FnF4.txt 2011-05-02 10:27 - 2011-05-02 10:27 - 000000092 _____ () C:\Users\John\AppData\Local\fusioncache.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\QSwitch.txt Some files in TEMP: ==================== 2010-06-21 16:35 - 2008-09-10 05:17 - 000073728 ____R () C:\Users\John\AppData\Local\Temp\eject.exe 2009-04-14 18:49 - 2008-12-17 15:34 - 000069632 _____ (Hewlett-Packard Company) C:\Users\John\AppData\Local\Temp\HPQSi.exe 2009-05-28 15:04 - 2009-05-28 15:04 - 000775504 ____N (CANON INC.) C:\Users\John\AppData\Local\Temp\MSETUP4.EXE 2012-10-31 10:49 - 2012-10-31 10:49 - 000000000 _____ () C:\Users\John\AppData\Local\Temp\sgd3r0vu.dll 2014-10-02 22:56 - 2014-10-02 22:56 - 004961800 _____ (Microsoft Corporation) C:\Users\John\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-09-16 10:47 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by John (16-09-2018 12:14:28) Running from C:\Users\John\Desktop Windows Vista (TM) Home Premium Service Pack 1 (X64) (2009-03-20 09:13:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2922394905-3992045086-3367367720-500 - Administrator - Disabled) ASPNET (S-1-5-21-2922394905-3992045086-3367367720-1002 - Limited - Enabled) Guest (S-1-5-21-2922394905-3992045086-3367367720-501 - Limited - Disabled) John (S-1-5-21-2922394905-3992045086-3367367720-1000 - Administrator - Enabled) => C:\Users\John ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1300 (HKLM-x32\...\{6dc18d50-8cc3-4dea-a666-ea6f01907663}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden 1300_Help (HKLM-x32\...\{b17cf867-a4e5-41ba-a646-50f237810eca}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden 1300Tour (HKLM-x32\...\{c46485b1-6527-4937-9dc0-29bb5d5613fe}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden 1300Trb (HKLM-x32\...\{0e4a0db5-801d-489e-85c0-6c3f96335d20}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated) Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) AiO_Scan (HKLM-x32\...\{092eeeee-9fdd-4895-a568-0818c96beb6c}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden AIOMinimal (HKLM-x32\...\{ec7d7a6a-31cb-4810-826f-74171bef44f1}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden AiOSoftware (HKLM-x32\...\{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.) ATI Catalyst Install Manager (HKLM\...\{FF57A2B3-B3C5-0F21-258B-0CEA210C4FC1}) (Version: 3.0.704.0 - ATI Technologies, Inc.) AuthenTec Fingerprint Sensor Minimum Install (HKLM-x32\...\{31A5ED9F-E07B-4F6E-8179-27325BAAC502}) (Version: 7.10.0.1129 - AuthenTec) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) ccc-core-static (HKLM-x32\...\{5A505710-AB9D-D907-8B74-BF4C1D5E8970}) (Version: 2008.1210.1623.29379 - ATI) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Copy (HKLM-x32\...\{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}) (Version: 5.31.0.150 - Hewlett-Packard) Hidden CreativeProjects (HKLM-x32\...\{A363B66C-1547-47bf-90F0-3834E70A841A}) (Version: 5.31.0.150 - Hewlett-Packard) Hidden CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.) DigitalPersona Personal 4.0 (HKLM\...\{FC930DA2-760E-4996-B4DA-4BD6560FA666}) (Version: 4.00.3733 - DigitalPersona, Inc.) Director (HKLM-x32\...\{829698DE-9EAC-475E-9A05-B7BA807CA1EF}) (Version: 5.31.0.154 - Hewlett-Packard) Hidden DocProc (HKLM-x32\...\{2F1FD032-67D1-4569-923F-47EAF132BF0F}) (Version: 3.1.0.0 - Hewlett-Packard) Hidden Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1.4.4 - PC Drivers Headquarters, LP) <==== ATTENTION ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Fax (HKLM-x32\...\{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard) HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.) HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard) HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1219 - Hewlett-Packard) HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1124 - Hewlett-Packard) HP Photo & Imaging 3.1 (HKLM-x32\...\HP Photo & Imaging) (Version: 3.1 - HP) HP PSC & OfficeJet 3.0 (HKLM-x32\...\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}) (Version: 3.0 - HP) HP Quick Launch Buttons 6.40 L1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 L1 - Hewlett-Packard) HP Software Update (HKLM-x32\...\{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}) (Version: 1.0.18.20030625 - Hewlett-Packard) HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard) HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard) HP User Guides 0123 (HKLM-x32\...\{C1A138F0-DF67-4E8D-B7AF-30C71BF8435D}) (Version: 1.01.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{E5E29403-3D25-40C6-892B-F9FEE2A95585}) (Version: 3.50 A6 - Hewlett-Packard) HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden hpmdtab (HKLM-x32\...\{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}) (Version: 2.0.470.1598 - Hewlett-Packard) Hidden HPSystemDiagnostics (HKLM-x32\...\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}) (Version: 1.5.0.0 - Your Company Name) Hidden InstantShare (HKLM-x32\...\{745A92AF-53B4-41A7-91C3-9B026B1D5897}) (Version: 3.1.0.13 - Hewlett-Packard) Hidden Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.) LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.) LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Memories Disc Creator 2.0 (HKLM-x32\...\{2E132061-C78A-48D4-A899-1D13B9D189FA}) (Version: 2.0.470.1598 - Memories Disc Creator 2.0) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mobile Broadband Generic Drivers (HKLM-x32\...\{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}) (Version: 2.03.09.005.14 - Novatel Wireless) Hidden Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless) Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - ) Mozilla Firefox 31.7.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.7.0 ESR (x86 en-US)) (Version: 31.7.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd) My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent) NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.) N-trig Software Bundle (HKLM-x32\...\{C283284D-FDB2-4438-A26A-40C62F7008E7}) (Version: 1.89.126 - N-trig) Overland (HKLM-x32\...\{1CAD83B0-87A3-4206-BF70-644546808731}) (Version: 1.76.0 - Hewlett-Packard) Hidden PhotoGallery (HKLM-x32\...\{C38BC5B7-62D3-4880-82DD-A4803FD81921}) (Version: 5.31.0.158 - Hewlett-Packard) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.) PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.) PrintScreen (HKLM-x32\...\{CFD1B282-555D-494d-8231-4175C2AF08C2}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden QFolder (HKLM-x32\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden QuickProjects (HKLM-x32\...\{5ADF6293-D60F-4425-AFA7-CEB820DB872B}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden Readme (HKLM-x32\...\{54e854d5-d5d4-452d-9c75-b39f5625b5fb}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5749 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.) Scan (HKLM-x32\...\{939227BD-19D8-4684-8A04-31AC9F6A564C}) (Version: 3.1.0.0 - Hewlett-Packard) Hidden Skins (HKLM-x32\...\{E2FB7D2C-061F-37D3-4ECE-BEB5F91AA183}) (Version: 2008.1210.1623.29379 - ATI) Hidden SkinsHP1 (HKLM-x32\...\{4FB6F304-A91D-4919-98E5-D96E074EA9E5}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden SkinsHP2 (HKLM-x32\...\{D545BB81-DEB0-49f7-BE26-197BC31AAF57}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media) SlingPlayer (HKLM-x32\...\{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media) Hidden SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media) SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.18.0 - Synaptics) TrayApp (HKLM-x32\...\{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden Unload (HKLM-x32\...\{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}) (Version: 3.1.0 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{06FAFD58-1C21-4C90-A2FC-C9DC5A2A9D09}) (Version: 1.0.1 - Smith Micro Software, Inc.) VZAccess Manager (HKLM-x32\...\{3FF660F4-147B-48CB-B824-2B595759D9EF}) (Version: 7.2.7.1 - Smith Micro Software Inc.) WebReg (HKLM-x32\...\{FBBF532A-47AC-457d-AC06-0D3163D8911E}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2008-11-28] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3400ADFF-DF30-4280-94C2-EC66DA18B4A6} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard) Task: {50873DA9-1C44-40BC-BF01-337CF2C4D336} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-09-14] (AVAST Software) Task: {533995A0-62AB-4FA7-8332-2360D1A9F249} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2018-09-14] (AVAST Software) Task: {7E99AB70-E589-4820-AA4A-13AE8C36796C} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard) Task: {91219930-F119-4048-9380-03E25BBF612E} - System32\Tasks\{3E423F0B-7C77-4F9E-9757-3E702342922B} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\ (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2008-12-10 13:05 - 2008-12-10 13:05 - 000118272 _____ () C:\Windows\system32\atitmm64.dll 2009-01-19 05:49 - 2008-12-17 20:11 - 000365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe 2009-01-19 05:37 - 2008-09-15 10:13 - 000241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2008-11-26 20:13 - 2008-11-26 20:13 - 000296320 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe 2008-11-26 20:13 - 2008-11-26 20:13 - 000116096 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe 2008-11-26 20:12 - 2008-11-26 20:12 - 000074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll 2018-09-16 10:22 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2009-03-20 05:20 - 2009-03-20 05:20 - 000014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2008-09-18 13:30 - 2008-09-18 13:30 - 001186816 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx 2008-10-29 20:34 - 2008-10-29 20:34 - 000016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2008-10-22 14:32 - 2008-10-22 14:32 - 000628016 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe 2014-10-02 23:07 - 2014-10-02 23:07 - 000301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2018-09-16 09:28 - 2018-09-16 09:28 - 005695632 _____ () C:\Program Files\AVAST Software\Avast\defs\18091602\algo.dll 2018-09-16 12:12 - 2018-09-16 12:12 - 005695632 _____ () C:\Program Files\AVAST Software\Avast\defs\18091604\algo.dll 2009-01-19 05:49 - 2008-12-17 20:11 - 000132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll 2007-07-12 16:55 - 2007-07-12 16:55 - 001581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2007-08-14 16:59 - 2007-08-14 16:59 - 006365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2007-07-12 16:55 - 2007-07-12 16:55 - 000131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 000263560 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 000038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 000124288 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 000349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll 2008-11-18 14:57 - 2008-11-18 14:57 - 000057344 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2008-11-18 15:03 - 2008-11-18 15:03 - 000032768 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000118784 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2008-01-20 22:49 - 2008-01-20 22:49 - 000368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000010240 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll 2008-11-18 14:57 - 2008-11-18 14:57 - 000007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll 2009-09-11 17:39 - 2009-05-26 21:06 - 000102400 _____ () C:\Program Files (x86)\Yahoo!\Messenger\clientmanager.dll 2009-09-11 17:39 - 2009-05-26 21:06 - 000913408 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll 2008-12-25 16:41 - 2008-12-25 16:41 - 000881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll 2014-10-02 23:07 - 2014-10-02 23:07 - 019329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 08:34 - 2006-09-18 17:37 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 192.168.254.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{B5B11AEB-86EC-4DEC-96DA-197E5F27FF5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{57D17229-C0D8-4146-BDEF-F7F7EE16B74D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe FirewallRules: [{2EF3549F-7019-41A9-A747-1301C216CF2D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe FirewallRules: [{469BF6FA-7E54-4237-AFC0-351960F45073}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe FirewallRules: [{CF0C0837-6EC4-44F3-BC86-A699C56E8C41}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe FirewallRules: [{1F9005BF-1DD8-4DCB-A832-EC783688B721}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe FirewallRules: [{9964A177-3CB2-4166-988D-42B830AB671F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{67505437-FE4C-4D45-822A-F5B64AAE7C4B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe FirewallRules: [{A89338E9-15EB-42A8-B6EF-F80F0635644C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe FirewallRules: [{727D61D2-5CE6-4B7D-9604-BFCAD5FEA6D3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe FirewallRules: [{E2DD64C1-C9C4-4411-8D8E-DF7A981AC473}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe FirewallRules: [{6CEB6162-4851-4AA2-A4D4-81F30FFECD92}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe FirewallRules: [{EF8A9F38-9410-4106-A3B1-7DAA39D242B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe FirewallRules: [{A14F34C4-504C-43DA-A947-2BD4C949351D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe FirewallRules: [{F5CDDF9D-B5C7-446B-8BAC-D0FE596E8D78}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{BF46E78D-61C0-4FE3-AA89-95D5DBE8D3BA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [TCP Query User{96A8C239-4889-4EDF-A59D-8C94C66B7A69}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe FirewallRules: [UDP Query User{F2D44E97-546B-4DA8-94A2-608DADA21540}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe FirewallRules: [{5551A276-B9A1-43F2-9806-270E138D2DC7}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe FirewallRules: [{8965C5D2-512F-4C42-96D5-8A93BF1E25A7}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe FirewallRules: [{3AB3DC77-39FF-4BD7-AE07-A89ED9EC2085}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe FirewallRules: [{10FC2DE3-0150-46D0-A4F0-C3BF7B22F59A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe FirewallRules: [{486807CF-24F8-45CA-BB1A-FA0295034037}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{25934DFD-876D-49A1-B551-B7C09CEEBA95}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe FirewallRules: [{B9914E9E-E660-4F73-B7E9-22EF5EBFBAFC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe FirewallRules: [{0AB69B22-2E46-489C-A0CC-9EF9CFC75959}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe FirewallRules: [{80785F79-BC54-4506-A0CB-FF57946B2E92}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe FirewallRules: [{D61EC525-1F61-40E9-9CFE-A86ACC054F80}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe FirewallRules: [{1AD14E91-5682-4DA5-9F99-DE9A19C8E27A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe FirewallRules: [{32547A5A-165F-40B3-91F2-F4186C20E023}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe ==================== Restore Points ========================= 20-05-2015 20:21:00 Scheduled Checkpoint 21-05-2015 03:00:28 Windows Update 21-05-2015 23:21:49 Scheduled Checkpoint 22-05-2015 03:00:23 Windows Update 23-05-2015 03:00:29 Windows Update 24-05-2015 00:00:01 Scheduled Checkpoint 24-05-2015 03:00:12 Windows Update 25-05-2015 00:00:02 Scheduled Checkpoint 25-05-2015 03:00:12 Windows Update 28-05-2015 03:00:26 Windows Update 29-05-2015 00:00:02 Scheduled Checkpoint 29-05-2015 03:00:12 Windows Update 14-09-2018 11:33:36 Scheduled Checkpoint 14-09-2018 18:53:08 avast! antivirus system restore point 14-09-2018 20:13:12 avast! antivirus system restore point 14-09-2018 22:59:41 avast! antivirus system restore point 15-09-2018 09:27:50 Windows Update 15-09-2018 10:00:50 avast! antivirus system restore point 16-09-2018 09:21:43 Windows Update 16-09-2018 09:46:44 Removed Driver Support. 16-09-2018 09:48:02 Removed Driver Support. 16-09-2018 11:13:45 avast! antivirus system restore point ==================== Faulty Device Manager Devices ============= Name: 6TO4 Adapter Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.colubris.lan Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{70794814-EED6-4EB0-B6D9-9FAC505A5EDA} Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: N-Trig HID Tablet Digitizer Description: N-Trig HID Tablet Digitizer Class Guid: {40e97a09-035b-4418-8d9b-06fd8ff357c7} Manufacturer: N-trig Innovative Technologies Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (09/16/2018 12:14:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/16/2018 12:14:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/16/2018 12:13:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/16/2018 12:13:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/16/2018 12:13:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/16/2018 12:13:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/16/2018 12:13:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/16/2018 12:13:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . System errors: ============= Error: (09/16/2018 10:37:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFS Error: (09/16/2018 10:36:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: Event-ID 412 Error: (09/16/2018 10:36:22 AM) (Source: HTTP) (EventID: 15016) (User: ) Description: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number. Error: (09/16/2018 10:04:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFS Error: (09/16/2018 10:04:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/16/2018 10:04:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error: (09/16/2018 10:03:50 AM) (Source: HTTP) (EventID: 15016) (User: ) Description: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number. Error: (09/16/2018 09:42:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFS CodeIntegrity: =================================== Date: 2018-09-16 12:13:55.399 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-16 12:13:55.196 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-16 12:13:54.978 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-16 12:13:54.775 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-16 12:13:54.557 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-16 12:13:54.338 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-16 12:13:54.135 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-16 12:13:53.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80 Percentage of memory in use: 41% Total physical RAM: 3836.23 MB Available physical RAM: 2254.58 MB Total Virtual: 7902.49 MB Available Virtual: 5937.56 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:285.4 GB) (Free:194.35 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:12.69 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 3B330707) Partition 1: (Active) - (Size=285.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  6. Driver Support would not remove , WSE_Astromenda removed , but with an error , I think Yahoo Search Protection removed ok new install legacy malwarebytes log Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/16/18 Scan Time: 10:22 AM Log File: 0296cb68-b9bc-11e8-9961-00238b91fcb1.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.365 Update Package Version: 1.0.6861 License: Free -System Information- OS: Windows Vista Service Pack 1 CPU: x64 File System: NTFS User: Ted\John -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 270258 Threats Detected: 81 Threats Quarantined: 81 Time Elapsed: 8 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 48 PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0B18D898-C70D-497F-8F45-48414A3A08AC}, Quarantined, [712], [366209],1.0.6861 PUP.Optional.RegCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2E05E112-E7C9-46D2-9DE7-CF6CC0E8EA0D}, Quarantined, [1670], [184171],1.0.6861 PUP.Optional.RegCleanerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A5390521-5831-438C-89F6-BE23204F96E4}, Quarantined, [1498], [260752],1.0.6861 PUP.Optional.RegCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA4D0F25-CEC0-448E-9D8E-B18061DED313}, Quarantined, [1670], [184171],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\TYPELIB\{64FBF8B6-C770-401A-8B84-F630EDAF4448}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D8734DB-7110-4CDB-833F-52BC93865AB2}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{41AE59EF-88EE-450B-B60A-F153679E6EE8}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{4AEF0F25-D761-4EAA-AEB7-9E756C6BF11E}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{902E7D34-D421-4766-8191-15A1B52D0BA2}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D8734DB-7110-4CDB-833F-52BC93865AB2}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{41AE59EF-88EE-450B-B60A-F153679E6EE8}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4AEF0F25-D761-4EAA-AEB7-9E756C6BF11E}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{902E7D34-D421-4766-8191-15A1B52D0BA2}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D8734DB-7110-4CDB-833F-52BC93865AB2}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41AE59EF-88EE-450B-B60A-F153679E6EE8}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4AEF0F25-D761-4EAA-AEB7-9E756C6BF11E}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{902E7D34-D421-4766-8191-15A1B52D0BA2}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{64FBF8B6-C770-401A-8B84-F630EDAF4448}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{64FBF8B6-C770-401A-8B84-F630EDAF4448}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1241cebd-9777-4bc6-aae5-2a77e25db246}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36b445bf-1b84-466a-a623-a360a8cff8c3}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868a-1b3d-4e35-a561-fa964a96cd3b}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{701f5c41-bb30-46da-a56b-68784b0b762b}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79e57afa-bc05-4636-9457-fbc0abb3576b}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{9193E23B-4182-493F-A38E-682307A7C463}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9193E23B-4182-493F-A38E-682307A7C463}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9193E23B-4182-493F-A38E-682307A7C463}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9193e23b-4182-493f-a38e-682307a7c463}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a3b975a0-f679-444e-9d94-6d292fa53140}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e1035f55-4c0c-4efc-9aae-38f421fce726}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e1f80eb5-8af4-410d-87c1-4f3e2776822a}, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}, Quarantined, [2], [245525],1.0.6861 Registry Value: 18 PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0B18D898-C70D-497F-8F45-48414A3A08AC}|PATH, Quarantined, [712], [366209],1.0.6861 PUP.Optional.RegCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2E05E112-E7C9-46D2-9DE7-CF6CC0E8EA0D}|PATH, Quarantined, [1670], [184171],1.0.6861 PUP.Optional.RegCleanerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A5390521-5831-438C-89F6-BE23204F96E4}|PATH, Quarantined, [1498], [260752],1.0.6861 PUP.Optional.RegCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA4D0F25-CEC0-448E-9D8E-B18061DED313}|PATH, Quarantined, [1670], [184171],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1241cebd-9777-4bc6-aae5-2a77e25db246}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36b445bf-1b84-466a-a623-a360a8cff8c3}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6818868a-1b3d-4e35-a561-fa964a96cd3b}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{701f5c41-bb30-46da-a56b-68784b0b762b}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79e57afa-bc05-4636-9457-fbc0abb3576b}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9193e23b-4182-493f-a38e-682307a7c463}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a3b975a0-f679-444e-9d94-6d292fa53140}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e1035f55-4c0c-4efc-9aae-38f421fce726}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e1f80eb5-8af4-410d-87c1-4f3e2776822a}|APPPATH, Quarantined, [1697], [443670],1.0.6861 PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|DISPLAYNAME, Quarantined, [2], [245525],1.0.6861 PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{b0441a0e-a49a-4e16-afc1-74ecced1921f}|URL, Quarantined, [2], [245524],1.0.6861 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.MindSpark, C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LXUIVSBE.DEFAULT\EverydayLookup_d9, Quarantined, [552], [240302],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\META-INF, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\chrome, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LXUIVSBE.DEFAULT\EXTENSIONS\_D9MEMBERS_@WWW.EVERYDAYLOOKUP.COM, Quarantined, [1697], [443664],1.0.6861 File: 11 PUP.Optional.MindSpark, C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LXUIVSBE.DEFAULT\EverydayLookup_d9\32355069-27A7-41E7-9B5E-1B9A9D12BB95.sqlite, Quarantined, [552], [240302],1.0.6861 PUP.Optional.ASK, C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LXUIVSBE.DEFAULT\PREFS.JS, Replaced, [2], [301713],1.0.6861 PUP.Optional.ASK, C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LXUIVSBE.DEFAULT\PREFS.JS, Replaced, [2], [303071],1.0.6861 PUP.Optional.MindSpark.Generic, C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LXUIVSBE.DEFAULT\EXTENSIONS\_D9MEMBERS_@WWW.EVERYDAYLOOKUP.COM\INSTALL.RDF, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\chrome\ffxtbr.jar, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\META-INF\manifest.mf, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\META-INF\mozilla.rsa, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\META-INF\mozilla.sf, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\bootstrap.js, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\chrome.manifest, Quarantined, [1697], [443664],1.0.6861 PUP.Optional.MindSpark.Generic, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\extensions\_d9Members_@www.everydaylookup.com\chrome.manifest.restartless, Quarantined, [1697], [443664],1.0.6861 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  7. Malwarebytes , failed on installing saying operating system not supported , when first running it , on the update screen . Will do the uninstall and try again . I would assume he is using avast and didn't know to uninstall norton which it probably came with ?? and as far as things being up to date , I don't know how long it has been down also , with the power jack and screen missed up .
  8. FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.09.2018 Ran by John (administrator) on TED (14-09-2018 20:01:54) Running from C:\Users\John\Desktop Loaded Profiles: John (Available Profiles: John) Platform: Windows Vista (TM) Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe () C:\Program Files (x86)\SMINST\BLService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (N-trig LLC) C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\hpcoretech\hpcmpmgr.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533736 2008-06-20] (Synaptics, Inc.) HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1418752 2008-09-23] (Motorola Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6942240 2008-12-02] (Realtek Semiconductor) HKLM\...\Run: [NtrigApplet] => C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe [2508800 2008-10-04] (N-trig LLC) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DVDAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.) HKLM-x32\...\Run: [TSMAgent] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink) HKLM-x32\...\Run: [TVAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.) HKLM-x32\...\Run: [UCam_Menu] => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2008-12-10] (DigitalPersona, Inc.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [212992 2003-06-26] (Hewlett-Packard Company) HKLM-x32\...\Run: [DXDllRegExe] => dxdllreg.exe HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-02] (AVAST Software) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-11-18] (Hewlett-Packard) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [4351216 2009-05-26] (Yahoo! Inc.) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: F - F:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: {cce4dadc-4ddf-11df-8766-804d35a47c63} - F:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\MountPoints2: {cce4dae8-4ddf-11df-8766-804d35a47c63} - F:\VZAccess_Manager.exe /z detect Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-05-02] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-03-08] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) BootExecute: sasnative64autocheck autochk * CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 Tcpip\..\Interfaces\{23D17549-2D51-4533-9D30-206EED7C4958}: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{70794814-EED6-4EB0-B6D9-9FAC505A5EDA}: [NameServer] 66.174.95.44 66.174.92.14 Tcpip\..\Interfaces\{FA5178E9-555C-4096-8A42-B261E3A1E2D3}: [DhcpNameServer] 192.168.254.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com SearchScopes: HKLM -> DefaultScope {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM -> {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 -> DefaultScope {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKLM-x32 -> {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10523^us&si=CD15543&ptb=45FE55A7-3440-4D64-AFE0-3AB96992BFA7&ind=2014091011&n=780c9703&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 -> {CA416F80-8278-4E6E-A1A5-3DC7AF8C8080} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKU\.DEFAULT -> DefaultScope {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\.DEFAULT -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-19 -> DefaultScope {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-19 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-20 -> DefaultScope {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-20 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp SearchScopes: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = SearchScopes: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> {4C6AC8FB-4FCB-415A-BB46-7DCADACE66A9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> {DEB1B286-E97B-47FA-B0AF-5C41D003D645} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms} BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll => No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Yahooo Search Protection -> {25BC7718-0BFA-40EA-B381-4B2D9732D686} -> C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll [2010-03-31] (Yahoo! Inc.) BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL [2009-08-22] (Symantec Corporation) BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10] (Sun Microsystems, Inc.) BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.) BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll => No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll No File Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll No File Toolbar: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2922394905-3992045086-3367367720-1000 -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - No File Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default [2018-09-14] FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\user.js [2014-10-02] FF Homepage: Mozilla\Firefox\Profiles\lxuivsbe.default -> hxxps://www.malwarebytes.org/restorebrowser//index.jhtml?ptb=32355069-27A7-41E7-9B5E-1B9A9D12BB95&n=781b43a6&p2=^BX1^xdm107^YYA^us&si=CD15543_1240-1uKu18umudd34wludwwA FF Extension: (EverydayLookup) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lxuivsbe.default\Extensions\_d9Members_@www.everydaylookup.com [2018-09-14] [Legacy] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: (DigitalPersona Extension) - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2009-03-20] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-24] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2011-12-23] [Legacy] [not signed] FF HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-06] (CANON INC.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software) R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2008-12-10] (DigitalPersona, Inc.) [File not signed] R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation) R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] () R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [77004 2011-05-02] (Oak Technology Inc.) [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-02] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-10-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-02] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-02] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-10-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-02] () R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [217216 2008-05-30] (AuthenTec, Inc.) R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2009-08-22] (Symantec Corporation) R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2011-10-11] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-04-17] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090508.002\IDSvia64.sys [396848 2009-01-29] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.020\ENG64.SYS [136752 2009-04-17] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090513.020\EX64.SYS [1461808 2009-04-17] (Symantec Corporation) R3 NtrigDigitizerUSBLowerFilter; C:\Windows\System32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [6656 2008-07-27] (Windows (R) Codename Longhorn DDK provider) S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.) S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.) S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.) R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1200128 2008-09-23] (Motorola Inc.) S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-08-22] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-08-22] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-08-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2009-10-23] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-22] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS [X] S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1005000.087\SYMFW.SYS [X] S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1005000.087\SYMNDISV.SYS [X] S3 SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-14 20:01 - 2018-09-14 20:02 - 000026804 _____ C:\Users\John\Desktop\FRST.txt 2018-09-14 20:00 - 2018-09-14 20:01 - 000000000 ____D C:\FRST 2018-09-14 19:59 - 2018-09-14 19:59 - 000001716 _____ C:\Users\John\Desktop\malw2.txt 2018-09-14 19:31 - 2018-09-14 19:33 - 000000000 ____D C:\AdwCleaner 2018-09-14 19:24 - 2018-09-14 19:26 - 000002270 _____ C:\Users\John\Desktop\Rkill.txt 2018-09-14 19:21 - 2018-09-14 19:21 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe 2018-09-14 17:22 - 2018-09-14 17:22 - 007567568 _____ (Malwarebytes) C:\Users\John\Downloads\AdwCleaner.exe 2018-09-14 17:03 - 2018-09-14 17:03 - 002413568 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe 2018-09-14 16:58 - 2018-09-14 16:59 - 036873520 _____ (Adlice Software ) C:\Users\John\Downloads\RogueKiller_setup_ref3.exe 2018-09-14 11:08 - 2018-09-14 19:38 - 000004174 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-09-14 11:08 - 2018-09-14 11:08 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2018-09-14 11:08 - 2018-09-14 11:08 - 000000000 ____D C:\Program Files\Common Files\avast software 2018-09-14 09:32 - 2018-09-14 09:32 - 000000258 __RSH C:\ProgramData\ntuser.pol 2018-09-14 08:37 - 2018-09-14 08:37 - 000000000 ____D C:\ProgramData\MB2Migration ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-14 20:02 - 2009-04-14 22:27 - 000016646 _____ C:\ProgramData\HPWALog.txt 2018-09-14 19:42 - 2006-11-02 09:33 - 000000000 ____D C:\Windows\inf 2018-09-14 19:42 - 2006-11-02 08:46 - 000704562 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-14 19:40 - 2014-08-05 17:10 - 000122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2018-09-14 19:40 - 2009-01-19 05:55 - 000003576 _____ C:\Windows\System32\Tasks\HP Health Check 2018-09-14 19:35 - 2006-11-02 11:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-09-14 19:35 - 2006-11-02 11:22 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-14 19:35 - 2006-11-02 11:22 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-14 19:34 - 2006-11-02 11:42 - 000032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-09-14 19:33 - 2010-10-18 16:26 - 000000000 ____D C:\Users\John\AppData\LocalLow\Yahoo! 2018-09-14 19:33 - 2009-09-11 17:41 - 000000000 ____D C:\Users\John\AppData\Roaming\Yahoo! 2018-09-14 19:33 - 2009-09-11 17:39 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2018-09-14 17:48 - 2012-07-12 10:33 - 002702794 _____ C:\Windows\ntbtlog.txt 2018-09-14 09:27 - 2014-08-23 14:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-09-14 09:27 - 2009-01-19 05:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight ==================== Files in the root of some directories ======= 2014-10-02 23:56 - 2015-01-25 14:56 - 000000244 _____ () C:\Users\John\AppData\Roaming\WB.CFG 2009-05-13 07:58 - 2014-07-27 21:45 - 000005418 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\AtStart.txt 2010-06-23 03:33 - 2010-07-18 23:54 - 000000680 _____ () C:\Users\John\AppData\Local\d3d9caps.dat 2010-03-23 22:03 - 2010-03-23 22:03 - 000003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-02 22:56 - 2014-10-02 22:56 - 000002402 _____ () C:\Users\John\AppData\Local\dd_vcredistMSI713D.txt 2014-10-02 22:56 - 2014-10-02 22:56 - 000013448 _____ () C:\Users\John\AppData\Local\dd_vcredistUI713D.txt 2014-10-10 00:56 - 2014-12-01 19:56 - 000000010 _____ () C:\Users\John\AppData\Local\DSI.DAT 2015-01-14 23:56 - 2015-01-14 23:56 - 000234679 _____ () C:\Users\John\AppData\Local\dsi1.dat 2015-01-14 23:56 - 2015-01-14 23:56 - 000161916 _____ () C:\Users\John\AppData\Local\dsi2.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\DSwitch.txt 2014-11-23 07:56 - 2014-11-23 07:56 - 000000008 _____ () C:\Users\John\AppData\Local\ext2.dat 2014-11-23 07:56 - 2014-11-23 07:56 - 000643948 _____ () C:\Users\John\AppData\Local\extsq.dll 2013-04-04 10:18 - 2013-04-04 16:59 - 000000000 _____ () C:\Users\John\AppData\Local\FnF4.txt 2011-05-02 10:27 - 2011-05-02 10:27 - 000000092 _____ () C:\Users\John\AppData\Local\fusioncache.dat 2009-04-14 22:27 - 2009-04-14 22:27 - 000000000 _____ () C:\Users\John\AppData\Local\QSwitch.txt Some files in TEMP: ==================== 2010-06-21 16:35 - 2008-09-10 05:17 - 000073728 ____R () C:\Users\John\AppData\Local\Temp\eject.exe 2009-04-14 18:49 - 2008-12-17 15:34 - 000069632 _____ (Hewlett-Packard Company) C:\Users\John\AppData\Local\Temp\HPQSi.exe 2009-05-28 15:04 - 2009-05-28 15:04 - 000775504 ____N (CANON INC.) C:\Users\John\AppData\Local\Temp\MSETUP4.EXE 2012-10-31 10:49 - 2012-10-31 10:49 - 000000000 _____ () C:\Users\John\AppData\Local\Temp\sgd3r0vu.dll 2014-10-02 22:56 - 2014-10-02 22:56 - 004961800 _____ (Microsoft Corporation) C:\Users\John\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-09-14 19:42 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018 Ran by John (14-09-2018 20:02:59) Running from C:\Users\John\Desktop Windows Vista (TM) Home Premium Service Pack 1 (X64) (2009-03-20 09:13:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2922394905-3992045086-3367367720-500 - Administrator - Disabled) ASPNET (S-1-5-21-2922394905-3992045086-3367367720-1002 - Limited - Enabled) Guest (S-1-5-21-2922394905-3992045086-3367367720-501 - Limited - Disabled) John (S-1-5-21-2922394905-3992045086-3367367720-1000 - Administrator - Enabled) => C:\Users\John ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1300 (HKLM-x32\...\{6dc18d50-8cc3-4dea-a666-ea6f01907663}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden 1300_Help (HKLM-x32\...\{b17cf867-a4e5-41ba-a646-50f237810eca}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden 1300Tour (HKLM-x32\...\{c46485b1-6527-4937-9dc0-29bb5d5613fe}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden 1300Trb (HKLM-x32\...\{0e4a0db5-801d-489e-85c0-6c3f96335d20}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated) Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) AiO_Scan (HKLM-x32\...\{092eeeee-9fdd-4895-a568-0818c96beb6c}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden AIOMinimal (HKLM-x32\...\{ec7d7a6a-31cb-4810-826f-74171bef44f1}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden AiOSoftware (HKLM-x32\...\{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.) ATI Catalyst Install Manager (HKLM\...\{FF57A2B3-B3C5-0F21-258B-0CEA210C4FC1}) (Version: 3.0.704.0 - ATI Technologies, Inc.) AuthenTec Fingerprint Sensor Minimum Install (HKLM-x32\...\{31A5ED9F-E07B-4F6E-8179-27325BAAC502}) (Version: 7.10.0.1129 - AuthenTec) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) ccc-core-static (HKLM-x32\...\{5A505710-AB9D-D907-8B74-BF4C1D5E8970}) (Version: 2008.1210.1623.29379 - ATI) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Copy (HKLM-x32\...\{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}) (Version: 5.31.0.150 - Hewlett-Packard) Hidden CreativeProjects (HKLM-x32\...\{A363B66C-1547-47bf-90F0-3834E70A841A}) (Version: 5.31.0.150 - Hewlett-Packard) Hidden CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.) DigitalPersona Personal 4.0 (HKLM\...\{FC930DA2-760E-4996-B4DA-4BD6560FA666}) (Version: 4.00.3733 - DigitalPersona, Inc.) Director (HKLM-x32\...\{829698DE-9EAC-475E-9A05-B7BA807CA1EF}) (Version: 5.31.0.154 - Hewlett-Packard) Hidden DocProc (HKLM-x32\...\{2F1FD032-67D1-4569-923F-47EAF132BF0F}) (Version: 3.1.0.0 - Hewlett-Packard) Hidden Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1.4.4 - PC Drivers Headquarters, LP) <==== ATTENTION ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Fax (HKLM-x32\...\{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard) HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.) HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard) HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1219 - Hewlett-Packard) HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1124 - Hewlett-Packard) HP Photo & Imaging 3.1 (HKLM-x32\...\HP Photo & Imaging) (Version: 3.1 - HP) HP PSC & OfficeJet 3.0 (HKLM-x32\...\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}) (Version: 3.0 - HP) HP Quick Launch Buttons 6.40 L1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 L1 - Hewlett-Packard) HP Software Update (HKLM-x32\...\{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}) (Version: 1.0.18.20030625 - Hewlett-Packard) HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard) HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard) HP User Guides 0123 (HKLM-x32\...\{C1A138F0-DF67-4E8D-B7AF-30C71BF8435D}) (Version: 1.01.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{E5E29403-3D25-40C6-892B-F9FEE2A95585}) (Version: 3.50 A6 - Hewlett-Packard) HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden hpmdtab (HKLM-x32\...\{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}) (Version: 2.0.470.1598 - Hewlett-Packard) Hidden HPSystemDiagnostics (HKLM-x32\...\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}) (Version: 1.5.0.0 - Your Company Name) Hidden InstantShare (HKLM-x32\...\{745A92AF-53B4-41A7-91C3-9B026B1D5897}) (Version: 3.1.0.13 - Hewlett-Packard) Hidden Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.) LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.) LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Memories Disc Creator 2.0 (HKLM-x32\...\{2E132061-C78A-48D4-A899-1D13B9D189FA}) (Version: 2.0.470.1598 - Memories Disc Creator 2.0) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mobile Broadband Generic Drivers (HKLM-x32\...\{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}) (Version: 2.03.09.005.14 - Novatel Wireless) Hidden Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless) Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - ) Mozilla Firefox 31.7.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.7.0 ESR (x86 en-US)) (Version: 31.7.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd) My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent) NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.) Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.8.3.6 - Symantec Corporation) N-trig Software Bundle (HKLM-x32\...\{C283284D-FDB2-4438-A26A-40C62F7008E7}) (Version: 1.89.126 - N-trig) Overland (HKLM-x32\...\{1CAD83B0-87A3-4206-BF70-644546808731}) (Version: 1.76.0 - Hewlett-Packard) Hidden PhotoGallery (HKLM-x32\...\{C38BC5B7-62D3-4880-82DD-A4803FD81921}) (Version: 5.31.0.158 - Hewlett-Packard) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.) PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.) PrintScreen (HKLM-x32\...\{CFD1B282-555D-494d-8231-4175C2AF08C2}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden QFolder (HKLM-x32\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden QuickProjects (HKLM-x32\...\{5ADF6293-D60F-4425-AFA7-CEB820DB872B}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden Readme (HKLM-x32\...\{54e854d5-d5d4-452d-9c75-b39f5625b5fb}) (Version: 5.31.1.27 - Hewlett-Packard) Hidden Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5749 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.) Scan (HKLM-x32\...\{939227BD-19D8-4684-8A04-31AC9F6A564C}) (Version: 3.1.0.0 - Hewlett-Packard) Hidden Skins (HKLM-x32\...\{E2FB7D2C-061F-37D3-4ECE-BEB5F91AA183}) (Version: 2008.1210.1623.29379 - ATI) Hidden SkinsHP1 (HKLM-x32\...\{4FB6F304-A91D-4919-98E5-D96E074EA9E5}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden SkinsHP2 (HKLM-x32\...\{D545BB81-DEB0-49f7-BE26-197BC31AAF57}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media) SlingPlayer (HKLM-x32\...\{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media) Hidden SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media) SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.18.0 - Synaptics) TrayApp (HKLM-x32\...\{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden Unload (HKLM-x32\...\{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}) (Version: 3.1.0 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{06FAFD58-1C21-4C90-A2FC-C9DC5A2A9D09}) (Version: 1.0.1 - Smith Micro Software, Inc.) VZAccess Manager (HKLM-x32\...\{3FF660F4-147B-48CB-B824-2B595759D9EF}) (Version: 7.2.7.1 - Smith Micro Software Inc.) WebReg (HKLM-x32\...\{FBBF532A-47AC-457d-AC06-0D3163D8911E}) (Version: 5.31.0.147 - Hewlett-Packard) Hidden Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE) WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Search Protection (HKLM-x32\...\Yahoo! Search Defender) (Version: - ) <==== ATTENTION Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software) ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\16.8.3.6\NavShExt.dll [2011-10-11] (Symantec Corporation) ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\16.8.3.6\NavShExt.dll [2011-10-11] (Symantec Corporation) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2014-05-12] (Malwarebytes Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2008-11-28] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2014-05-12] (Malwarebytes Corporation) ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\16.8.3.6\NavShExt.dll [2011-10-11] (Symantec Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B18D898-C70D-497F-8F45-48414A3A08AC} - \Advanced-System Protector_startup -> No File <==== ATTENTION Task: {2E05E112-E7C9-46D2-9DE7-CF6CC0E8EA0D} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION Task: {3400ADFF-DF30-4280-94C2-EC66DA18B4A6} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard) Task: {50873DA9-1C44-40BC-BF01-337CF2C4D336} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-09-14] (AVAST Software) Task: {533995A0-62AB-4FA7-8332-2360D1A9F249} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2018-09-14] (AVAST Software) Task: {7E99AB70-E589-4820-AA4A-13AE8C36796C} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard) Task: {91219930-F119-4048-9380-03E25BBF612E} - System32\Tasks\{3E423F0B-7C77-4F9E-9757-3E702342922B} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\ Task: {A5390521-5831-438C-89F6-BE23204F96E4} - \RegClean Pro -> No File <==== ATTENTION Task: {FA4D0F25-CEC0-448E-9D8E-B18061DED313} - \RegClean Pro_UPDATES -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2008-12-10 13:05 - 2008-12-10 13:05 - 000118272 _____ () C:\Windows\system32\atitmm64.dll 2009-01-19 05:49 - 2008-12-17 20:11 - 000365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe 2009-01-19 05:37 - 2008-09-15 10:13 - 000241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2008-11-26 20:13 - 2008-11-26 20:13 - 000296320 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe 2008-11-26 20:13 - 2008-11-26 20:13 - 000116096 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe 2008-11-26 20:12 - 2008-11-26 20:12 - 000074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll 2009-03-20 05:20 - 2009-03-20 05:20 - 000014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2008-09-18 13:30 - 2008-09-18 13:30 - 001186816 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx 2008-10-29 20:34 - 2008-10-29 20:34 - 000016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2008-10-22 14:32 - 2008-10-22 14:32 - 000628016 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe 2014-10-02 23:07 - 2014-10-02 23:07 - 000301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2018-09-14 13:56 - 2018-09-14 13:56 - 005693072 _____ () C:\Program Files\AVAST Software\Avast\defs\18091406\algo.dll 2008-01-20 22:49 - 2008-01-20 22:49 - 000368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2009-01-19 05:49 - 2008-12-17 20:11 - 000132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 000263560 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 000038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 000124288 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 000349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll 2007-07-12 16:55 - 2007-07-12 16:55 - 001581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2007-08-14 16:59 - 2007-08-14 16:59 - 006365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2007-07-12 16:55 - 2007-07-12 16:55 - 000131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2008-11-18 14:57 - 2008-11-18 14:57 - 000057344 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2008-11-18 15:03 - 2008-11-18 15:03 - 000032768 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000118784 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2008-11-18 14:56 - 2008-11-18 14:56 - 000010240 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll 2008-11-18 14:57 - 2008-11-18 14:57 - 000007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll 2009-09-11 17:39 - 2009-05-26 21:06 - 000102400 _____ () C:\Program Files (x86)\Yahoo!\Messenger\clientmanager.dll 2009-09-11 17:39 - 2009-05-26 21:06 - 000913408 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll 2008-12-25 16:41 - 2008-12-25 16:41 - 000881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll 2014-10-02 23:07 - 2014-10-02 23:07 - 019329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 08:34 - 2006-09-18 17:37 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2922394905-3992045086-3367367720-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 192.168.254.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{B5B11AEB-86EC-4DEC-96DA-197E5F27FF5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{57D17229-C0D8-4146-BDEF-F7F7EE16B74D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe FirewallRules: [{2EF3549F-7019-41A9-A747-1301C216CF2D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe FirewallRules: [{469BF6FA-7E54-4237-AFC0-351960F45073}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe FirewallRules: [{CF0C0837-6EC4-44F3-BC86-A699C56E8C41}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe FirewallRules: [{1F9005BF-1DD8-4DCB-A832-EC783688B721}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe FirewallRules: [{9964A177-3CB2-4166-988D-42B830AB671F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{67505437-FE4C-4D45-822A-F5B64AAE7C4B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe FirewallRules: [{A89338E9-15EB-42A8-B6EF-F80F0635644C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe FirewallRules: [{727D61D2-5CE6-4B7D-9604-BFCAD5FEA6D3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe FirewallRules: [{E2DD64C1-C9C4-4411-8D8E-DF7A981AC473}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe FirewallRules: [{6CEB6162-4851-4AA2-A4D4-81F30FFECD92}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe FirewallRules: [{EF8A9F38-9410-4106-A3B1-7DAA39D242B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe FirewallRules: [{A14F34C4-504C-43DA-A947-2BD4C949351D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe FirewallRules: [{F5CDDF9D-B5C7-446B-8BAC-D0FE596E8D78}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{BF46E78D-61C0-4FE3-AA89-95D5DBE8D3BA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [TCP Query User{96A8C239-4889-4EDF-A59D-8C94C66B7A69}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe FirewallRules: [UDP Query User{F2D44E97-546B-4DA8-94A2-608DADA21540}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe FirewallRules: [{5551A276-B9A1-43F2-9806-270E138D2DC7}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe FirewallRules: [{8965C5D2-512F-4C42-96D5-8A93BF1E25A7}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe FirewallRules: [{3AB3DC77-39FF-4BD7-AE07-A89ED9EC2085}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe FirewallRules: [{10FC2DE3-0150-46D0-A4F0-C3BF7B22F59A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe FirewallRules: [{486807CF-24F8-45CA-BB1A-FA0295034037}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{25934DFD-876D-49A1-B551-B7C09CEEBA95}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe FirewallRules: [{B9914E9E-E660-4F73-B7E9-22EF5EBFBAFC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe FirewallRules: [{0AB69B22-2E46-489C-A0CC-9EF9CFC75959}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe FirewallRules: [{80785F79-BC54-4506-A0CB-FF57946B2E92}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe FirewallRules: [{D61EC525-1F61-40E9-9CFE-A86ACC054F80}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe FirewallRules: [{1AD14E91-5682-4DA5-9F99-DE9A19C8E27A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe FirewallRules: [{32547A5A-165F-40B3-91F2-F4186C20E023}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe ==================== Restore Points ========================= 17-05-2015 03:00:30 Windows Update 18-05-2015 03:00:22 Windows Update 19-05-2015 00:00:02 Scheduled Checkpoint 19-05-2015 03:00:22 Windows Update 20-05-2015 03:00:35 Windows Update 20-05-2015 20:21:00 Scheduled Checkpoint 21-05-2015 03:00:28 Windows Update 21-05-2015 23:21:49 Scheduled Checkpoint 22-05-2015 03:00:23 Windows Update 23-05-2015 03:00:29 Windows Update 24-05-2015 00:00:01 Scheduled Checkpoint 24-05-2015 03:00:12 Windows Update 25-05-2015 00:00:02 Scheduled Checkpoint 25-05-2015 03:00:12 Windows Update 28-05-2015 03:00:26 Windows Update 29-05-2015 00:00:02 Scheduled Checkpoint 29-05-2015 03:00:12 Windows Update 14-09-2018 11:33:36 Scheduled Checkpoint 14-09-2018 18:53:08 avast! antivirus system restore point ==================== Faulty Device Manager Devices ============= Name: 6TO4 Adapter Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.colubris.lan Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{70794814-EED6-4EB0-B6D9-9FAC505A5EDA} Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2018 08:02:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/14/2018 08:02:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/14/2018 08:02:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/14/2018 08:02:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/14/2018 08:02:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/14/2018 08:02:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/14/2018 08:02:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (09/14/2018 08:02:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . System errors: ============= Error: (09/14/2018 07:36:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFS Error: (09/14/2018 07:35:43 PM) (Source: HTTP) (EventID: 15016) (User: ) Description: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number. Error: (09/14/2018 07:34:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Event-ID 10003 Error: (09/14/2018 07:34:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Event-ID 10003 Error: (09/14/2018 07:34:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Event-ID 10003 Error: (09/14/2018 07:33:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/14/2018 07:33:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Biometric Authentication Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/14/2018 07:33:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The hpqwmiex service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2018-09-14 20:02:26.244 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-14 20:02:26.025 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-14 20:02:25.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-14 20:02:25.604 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-14 20:02:25.339 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-14 20:02:25.105 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-14 20:02:24.902 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2018-09-14 20:02:24.715 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80 Percentage of memory in use: 40% Total physical RAM: 3836.23 MB Available physical RAM: 2267.49 MB Total Virtual: 7880.48 MB Available Virtual: 5878.63 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:285.4 GB) (Free:195.38 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:12.69 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 3B330707) Partition 1: (Active) - (Size=285.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  9. Broni Friends laptop needed power port and screen worked on , Its been quite awhile till I got to him Malwarebytes would not allow copy to text , but did show a lot of "pups" and I thought I seen "trojans" I found the log but it is xml form . I did copy , but don't know if you want to see it that way . Rouge would not run , even is safe mode , so i ran "RKILL" will post the log . Adware ran and I will post those logs . FRST logs , sure looks like it will need a fixlist . This computer has a lot running on start up and HD activity Rkill 2.9.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2018 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/14/2018 07:24:00 PM in x64 mode. Windows Version: Windows Vista (TM) Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 09/14/2018 07:26:04 PM Execution time: 0 hours(s), 2 minute(s), and 4 seconds(s) # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.0 # ------------------------------- # Build: 08-30-2018 # Database: 2018-09-14.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-14-2018 # Duration: 00:00:23 # OS: Windows Vista (TM) Home Premium # Cleaned: 308 # Failed: 6 ***** [ Services ] ***** Deleted YahooAUService ***** [ Folders ] ***** Deleted C:\Users\John\Downloads\Driver Support Deleted C:\ProgramData\UAB Deleted C:\Program Files (x86)\Yahoo!\Companion Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion Deleted C:\Users\John\AppData\LocalLow\Yahoo!\Companion Deleted C:\Users\John\AppData\Roaming\Yahoo!\Companion Deleted C:\Users\John\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q Deleted C:\Users\John\AppData\LocalLow\YahooCouponAddOn Deleted C:\ProgramData\Yahoo! Companion Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion Deleted C:\Users\John\AppData\LocalLow\Yahoo! Companion ***** [ Files ] ***** Deleted C:\Program Files (x86)\Yahoo!\Common\unyt.exe Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Deleted C:\Users\Public\Desktop\eBay.lnk Deleted C:\Users\John\Desktop\Sync Folder.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\advanced-System Protector_startup ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Download &amp; Install Packages Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SunriseBrowse Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SunriseBrowse Deleted HKU\S-1-5-18\Software\Yahoo\YFriendsBar Deleted HKCU\Software\Yahoo\YFriendsBar Deleted HKU\.DEFAULT\Software\Yahoo\YFriendsBar Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2922394905-3992045086-3367367720-1000\Software\Yahoo\Companion Deleted HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion Deleted HKCU\Software\AppDataLow\Software\Yahoo\Companion Deleted HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion Deleted HKU\S-1-5-18\Software\Yahoo\Companion Deleted HKCU\Software\Yahoo\Companion Deleted HKU\.DEFAULT\Software\Yahoo\Companion Deleted HKCU\Software\BRS Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion Deleted HKCU\Software\SecuredDownload Deleted HKLM\Software\Wow6432Node\Classes\AppID\YTSingleInstance.DLL Deleted HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\YTNavAssist.DLL Deleted HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\YTMsgr.DLL Deleted HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\YTBM.DLL Deleted HKLM\SOFTWARE\Classes\AppID\YTBM.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\ytbbroker.EXE Deleted HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE Deleted HKLM\Software\Wow6432Node\Classes\AppID\YTabBar.DLL Deleted HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\yt.DLL Deleted HKLM\SOFTWARE\Classes\AppID\yt.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\YPUBC.DLL Deleted HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\YCAPlugin.DLL Deleted HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL Deleted HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers\MPCBContextMenu Deleted HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\MPCBContextMenu Deleted HKLM\Software\Wow6432Node\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249} Deleted HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249} Deleted HKLM\Software\Wow6432Node\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5} Deleted HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5} Deleted HKLM\Software\Wow6432Node\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6} Deleted HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6} Deleted HKLM\Software\Wow6432Node\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C} Deleted HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C} Deleted HKLM\Software\Wow6432Node\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501} Deleted HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501} Deleted HKLM\Software\Wow6432Node\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E} Deleted HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E} Deleted HKLM\Software\Wow6432Node\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90} Deleted HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90} Deleted HKLM\Software\Wow6432Node\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D} Deleted HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D} Deleted HKLM\Software\Wow6432Node\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7} Deleted HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7} Deleted HKLM\Software\Wow6432Node\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D} Deleted HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D} Deleted HKLM\Software\Wow6432Node\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91} Deleted HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91} Deleted HKLM\Software\Wow6432Node\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438} Deleted HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438} Deleted HKLM\Software\Wow6432Node\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85} Deleted HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85} Deleted HKLM\Software\Wow6432Node\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67} Deleted HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950} Deleted HKLM\Software\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B} Deleted HKLM\Software\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4} Deleted HKLM\Software\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED} Deleted HKLM\Software\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430} Deleted HKLM\Software\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479} Deleted HKLM\Software\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D} Deleted HKLM\Software\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} Deleted HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} Deleted HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} Deleted HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} Deleted HKLM\Software\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71} Deleted HKLM\Software\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C} Deleted HKLM\Software\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB} Deleted HKLM\Software\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A} Deleted HKLM\Software\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D} Deleted HKLM\Software\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F} Deleted HKLM\Software\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE} Deleted HKLM\Software\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF} Deleted HKLM\Software\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2} Deleted HKLM\Software\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982} Deleted HKLM\Software\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868} Deleted HKLM\Software\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21} Deleted HKLM\Software\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07} Deleted HKLM\Software\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D} Deleted HKLM\Software\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD} Deleted HKLM\Software\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD} Deleted HKLM\Software\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370} Deleted HKLM\Software\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB} Deleted HKLM\Software\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915} Deleted HKLM\Software\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C} Deleted HKLM\Software\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648} Deleted HKLM\Software\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980} Deleted HKLM\Software\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3} Deleted HKLM\Software\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46} Deleted HKLM\Software\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577} Deleted HKLM\Software\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345} Deleted HKLM\Software\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC} Deleted HKLM\Software\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C} Deleted HKLM\Software\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2} Deleted HKLM\Software\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} Deleted HKLM\Software\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484} Deleted HKLM\Software\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34} Deleted HKLM\Software\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D} Deleted HKLM\Software\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC} Deleted HKLM\Software\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D} Deleted HKLM\Software\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41} Deleted HKLM\Software\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} Deleted HKLM\Software\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} Deleted HKLM\Software\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1} Deleted HKLM\Software\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7} Deleted HKLM\Software\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} Deleted HKLM\Software\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01} Deleted HKLM\Software\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A} Deleted HKLM\Software\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} Deleted HKLM\Software\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043} Deleted HKLM\Software\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557} Deleted HKLM\Software\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD} Deleted HKLM\Software\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E} Deleted HKLM\Software\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8} Deleted HKLM\Software\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0} Deleted HKLM\Software\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB} Deleted HKLM\Software\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584} Deleted HKLM\Software\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32} Deleted HKLM\Software\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB} Deleted HKLM\Software\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62} Deleted HKLM\Software\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002} Deleted HKLM\Software\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942} Deleted HKLM\Software\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8} Deleted HKLM\Software\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C} Deleted HKLM\Software\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Deleted HKLM\Software\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F} Deleted HKLM\Software\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6} Deleted HKLM\Software\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273} Deleted HKLM\Software\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000F} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000F} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000E} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000E} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000D} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000D} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000C} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000B} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000B} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000A} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000A} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00009} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00009} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00008} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00008} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00007} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00007} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00006} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00006} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00005} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00005} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00004} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00004} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5} Deleted HKLM\Software\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255} Deleted HKLM\Software\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610} Deleted HKLM\Software\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} Deleted HKLM\Software\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Deleted HKLM\Software\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Deleted HKLM\Software\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted HKLM\Software\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Deleted HKLM\Software\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A} Deleted HKLM\Software\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A} Deleted HKLM\Software\Wow6432Node\Classes\yt.YToolbarBand Deleted HKLM\Software\Classes\yt.YToolbarBand Deleted HKLM\Software\Wow6432Node\Classes\yt.YTHelper Deleted HKLM\Software\Classes\yt.YTHelper Deleted HKLM\Software\Wow6432Node\Classes\yt.Clickstream Deleted HKLM\Software\Classes\yt.Clickstream Deleted HKLM\Software\Wow6432Node\Classes\yt.CacheLoader Deleted HKLM\Software\Classes\yt.CacheLoader Deleted HKLM\Software\Wow6432Node\Classes\Yahoo.PopupBlockerPlugin Deleted HKLM\Software\Classes\Yahoo.PopupBlockerPlugin Deleted HKLM\Software\Wow6432Node\Classes\Yahoo.AntiSpyPlugin Deleted HKLM\Software\Classes\Yahoo.AntiSpyPlugin Deleted HKLM\Software\Wow6432Node\Classes\Sample.YTBPartnerSample Deleted HKLM\Software\Classes\Sample.YTBPartnerSample Deleted HKLM\Software\Wow6432Node\Classes\Sample.BrowserHandler Deleted HKLM\Software\Classes\Sample.BrowserHandler Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CA416F80-8278-4E6E-A1A5-3DC7AF8C8080} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CA416F80-8278-4E6E-A1A5-3DC7AF8C8080} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CA416F80-8278-4E6E-A1A5-3DC7AF8C8080} Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Search Bar Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} Deleted HKLM\Software\Wow6432Node\Classes\*\shellex\ContextMenuHandlers\MPCBContextMenu Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\MPCBContextMenu Not Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES Not Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA4D0F25-CEC0-448E-9D8E-B18061DED313} Not Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA4D0F25-CEC0-448E-9D8E-B18061DED313} Not Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA4D0F25-CEC0-448E-9D8E-B18061DED313} Not Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA4D0F25-CEC0-448E-9D8E-B18061DED313} Not Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES Deleted HKLM\Software\Wow6432Node\Reimage Deleted HKLM\Software\Reimage ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [33668 octets] - [14/09/2018 19:32:05] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## didn't know if you wanted both # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.0 # ------------------------------- # Build: 08-30-2018 # Database: 2018-09-14.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-14-2018 # Duration: 00:00:30 # OS: Windows Vista (TM) Home Premium # Scanned: 41927 # Detected: 314 ***** [ Services ] ***** PUP.Optional.Legacy YahooAUService ***** [ Folders ] ***** PUP.Optional.DriverAgent C:\Users\John\Downloads\Driver Support PUP.Optional.DriverSupport C:\ProgramData\UAB PUP.Optional.Legacy C:\Program Files (x86)\Yahoo!\Companion PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion PUP.Optional.Legacy C:\Users\John\AppData\LocalLow\Yahoo!\Companion PUP.Optional.Legacy C:\Users\John\AppData\Roaming\Yahoo!\Companion PUP.Optional.Legacy C:\Users\John\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q PUP.Optional.Legacy C:\Users\John\AppData\LocalLow\YahooCouponAddOn PUP.Optional.Legacy C:\ProgramData\Yahoo! Companion PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion PUP.Optional.Legacy C:\Users\John\AppData\LocalLow\Yahoo! Companion ***** [ Files ] ***** PUP.Optional.Legacy C:\Program Files (x86)\Yahoo!\Common\unyt.exe PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk PUP.Optional.Legacy C:\Users\Public\Desktop\eBay.lnk PUP.Optional.Legacy C:\Users\John\Desktop\Sync Folder.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy C:\Windows\System32\Tasks\advanced-System Protector_startup ***** [ Registry ] ***** Adware.InstallCore HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Download &amp; Install Packages PUP.Optional.BrowseFox HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SunriseBrowse PUP.Optional.BrowseFox HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SunriseBrowse PUP.Optional.Legacy HKU\S-1-5-18\Software\Yahoo\YFriendsBar PUP.Optional.Legacy HKCU\Software\Yahoo\YFriendsBar PUP.Optional.Legacy HKU\.DEFAULT\Software\Yahoo\YFriendsBar PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2922394905-3992045086-3367367720-1000\Software\Yahoo\Companion PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Yahoo\Companion PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion PUP.Optional.Legacy HKU\S-1-5-18\Software\Yahoo\Companion PUP.Optional.Legacy HKCU\Software\Yahoo\Companion PUP.Optional.Legacy HKU\.DEFAULT\Software\Yahoo\Companion PUP.Optional.Legacy HKCU\Software\BRS PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion PUP.Optional.Legacy HKCU\Software\SecuredDownload PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\YTSingleInstance.DLL PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\YTNavAssist.DLL PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\YTMsgr.DLL PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\YTBM.DLL PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YTBM.DLL PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\ytbbroker.EXE PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\YTabBar.DLL PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\yt.DLL PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\yt.DLL PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\YPUBC.DLL PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\YCAPlugin.DLL PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers\MPCBContextMenu PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\MPCBContextMenu PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67} PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C} PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000F} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000F} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000E} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000E} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000D} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000C} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000C} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000B} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000B} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000A} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00009} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00009} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00008} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00008} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00007} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00007} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00006} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00006} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00005} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00005} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00004} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00004} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88} PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\yt.YToolbarBand PUP.Optional.Legacy HKLM\Software\Classes\yt.YToolbarBand PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\yt.YTHelper PUP.Optional.Legacy HKLM\Software\Classes\yt.YTHelper PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\yt.Clickstream PUP.Optional.Legacy HKLM\Software\Classes\yt.Clickstream PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\yt.CacheLoader PUP.Optional.Legacy HKLM\Software\Classes\yt.CacheLoader PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Yahoo.PopupBlockerPlugin PUP.Optional.Legacy HKLM\Software\Classes\Yahoo.PopupBlockerPlugin PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Yahoo.AntiSpyPlugin PUP.Optional.Legacy HKLM\Software\Classes\Yahoo.AntiSpyPlugin PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Sample.YTBPartnerSample PUP.Optional.Legacy HKLM\Software\Classes\Sample.YTBPartnerSample PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Sample.BrowserHandler PUP.Optional.Legacy HKLM\Software\Classes\Sample.BrowserHandler PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CA416F80-8278-4E6E-A1A5-3DC7AF8C8080} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CA416F80-8278-4E6E-A1A5-3DC7AF8C8080} PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CA416F80-8278-4E6E-A1A5-3DC7AF8C8080} PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Search Bar PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} PUP.Optional.MyPCBackup HKLM\Software\Wow6432Node\Classes\*\shellex\ContextMenuHandlers\MPCBContextMenu PUP.Optional.MyPCBackup HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\MPCBContextMenu PUP.Optional.RegCleanerPro HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES PUP.Optional.RegCleanerPro HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA4D0F25-CEC0-448E-9D8E-B18061DED313} PUP.Optional.RegCleanerPro HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA4D0F25-CEC0-448E-9D8E-B18061DED313} PUP.Optional.RegCleanerPro HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA4D0F25-CEC0-448E-9D8E-B18061DED313} PUP.Optional.RegCleanerPro HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA4D0F25-CEC0-448E-9D8E-B18061DED313} PUP.Optional.RegCleanerPro HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES PUP.Optional.Reimage HKLM\Software\Wow6432Node\Reimage PUP.Optional.Reimage HKLM\Software\Reimage ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
  10. nodsh

    Apache Open Office

    Due to licencing requirements the filters to import WordPerfect Documents has been removed from Apache OpenOffice. LibreOffice to my understanding still has the filters in place. Alternatively you could try Zamzar for file conversion from WordPerfect to Open Document Format (.odt extension for Writer documents) Thanks. I downloaded LibreOffice and it opens .wpd documents .... so far. Also used Zamzar and while it takes a bit of acrobatics to convert the .wpd files it does work. Thanks for the suggestions. I found the above and copied , you have brought up a good point , for instance "microsoft works " It was terrible even the teachers couldn't handle it , but yet' a lot of computers sold back in the past provided it free to low priced computers , those student's took their homework to the teacher who was lost how to load and see it , One thing to remember is rtf work on all if you save it that way !! I personally like "Libre office " , just cause it is usually the default with linux os ??
  11. nodsh

    Help with laptop

    Don , you shouldn't need their help , It should be simple , I'll give you an example . Turn laptop on , notice the wireless icon on bottom right . click on it . Pick your wireless and connect , put in your pass key or pass phrase . Usually on the bottom of your modem is the "network name" SSID ,( which would be the wireless you want , you may see others ,) and also the default 'Pass Key or Phrase . Some just have a WPS button procedure you can use , I haven't read the manual yet to see if yours has that feature . It is really easy and you have here to help, if any issue , buy it and have fun and enjoy wireless !!!!
  12. nodsh

    Help with laptop

    Quick look is showing me a cable modem with wireless , I downloaded the manual , will look at it later
  13. nodsh

    RIP Aretha Franklin

    Fran you could almost say he was the King of Soul , I did like both , now you have me wondering if they performed together ???
  14. nodsh

    Help with laptop

    Reply back with the make and model of that box , and that will give us some info that will help ??
  15. nodsh

    Help with laptop

    They would all provide chargers , so that connection is not necessary for being connected to something , power wise . As far as the wireless concern , it would help to know your model and type of your modem , it may be wireless now , most providers if it was updated , are usually including wireless , but , if not , you just get a wireless router needed for the type of your connection . Getting wireless up and running is usually easy and straightforward . Some things also to be concerned with are distance from , walls etc; from .
×