TechSpot

Anne Kofod

By Anne Kofod
Oct 23, 2016
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
    Ran by Annie Lee (administrator) on ANNIELEE-HP (23-10-2016 22:10:07)
    Running from C:\Users\Annie Lee\Downloads
    Loaded Profiles: Annie Lee (Available Profiles: Annie Lee)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Cisco) C:\Users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
    (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe



    ==================== End of FRST.txt ============================
     
  2. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\Run: [VideoGuardMonitor] => C:\Users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {daf85b93-c0e5-11e3-a56f-e02a8207562a} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {e5e705d4-59fc-11e3-adc5-e02a8207562a} - G:\ToolLauncher-Bootstrap.exe
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {e9b6173a-56de-11e3-b275-e02a8207562a} - G:\TL_Bootstrap.exe
    HKU\S-1-5-18\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-17] (Microsoft Corporation)
    Lsa: [Notification Packages] DPPassFilter scecli
    ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\System Mechanic.lnk [2016-08-05]
    ShortcutTarget: System Mechanic.lnk -> C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe (iolo technologies, LLC)
    BootExecute: autocheck autochk *

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{2330AF55-1D6D-4902-A5B2-EBEAC223EC3E}: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}: [DhcpNameServer] 192.168.254.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
    SearchScopes: HKLM -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-03] (Sun Microsystems, Inc.)
    BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-21] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-21] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
     
  3. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    FireFox:
    ========
    FF ProfilePath: C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289
    FF DefaultSearchEngine.US: Bing
    FF Homepage: hxxp://www.msn.com/en-us/?pc=U227&ocid=U227DHP&DT=111514
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-16] ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-16] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-21] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @addlive.com/AddLive(v3),version=3.0.16.5 -> C:\Users\Annie Lee\AppData\LocalLow\AddLive_v3\3.0.16.5\npAddLive.dll [2016-06-22] (LiveFoundry Inc.)
    FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @hulu.com/Hulu Desktop -> C:\Users\Annie Lee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
    FF Extension: Ebates Cash Back - C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-05-12]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-20]
    FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
    FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2016-04-06]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
    CHR Extension: (Google Drive) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
    CHR Extension: (YouTube) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
    CHR Extension: (Google Search) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
    CHR Extension: (Google Calendar) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
    CHR Extension: (Gmail) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
    S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
    S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
    S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
    R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (http://libusb-win32.sourceforge.net)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation)
    S3 SkyhawkeUSBLan; C:\Windows\System32\DRIVERS\btblan.sys [47600 2010-04-15] (Belcarra Technologies)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2016-04-06] ()
    S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2013-05-06] (LG Electronics Inc.)
    S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2013-05-06] (LG Electronics Inc.)
    S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2013-10-14] (LG Electronics Inc.)
    U2 TMAgent; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-23 22:10 - 2016-10-23 22:11 - 00022912 _____ C:\Users\Annie Lee\Downloads\FRST.txt
    2016-10-23 22:09 - 2016-10-23 22:10 - 00000000 ____D C:\FRST
    2016-10-23 22:08 - 2016-10-23 22:09 - 02193920 _____ (Farbar) C:\Users\Annie Lee\Downloads\FRST64.exe
    2016-10-23 19:54 - 2016-10-23 19:54 - 00000168 _____ C:\Windows\setupact.log
    2016-10-23 19:54 - 2016-10-23 19:54 - 00000000 _____ C:\Windows\setuperr.log
    2016-10-20 20:49 - 2016-10-23 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-10-20 18:59 - 2016-10-20 18:59 - 00000000 ____D C:\Users\Annie Lee\Documents\Avatar
    2016-10-20 18:01 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2016-10-20 18:01 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\LocalLow\Cisco
    2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\Cisco
    2016-10-16 15:14 - 2016-10-16 15:15 - 48275464 _____ (Cisco Systems, Inc) C:\Users\Annie Lee\Downloads\CiscoVideoGuard.6.7.exe
    2016-10-16 12:07 - 2016-10-23 18:49 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForAnnie Lee.job
    2016-10-16 12:07 - 2016-10-23 11:19 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnnie Lee
    2016-09-28 09:20 - 2016-09-28 09:20 - 00013031 _____ C:\Users\Annie Lee\Downloads\Astro Chart.htm
    2016-09-28 09:20 - 2016-09-28 09:20 - 00000000 ____D C:\Users\Annie Lee\Downloads\Astro Chart_files
    2016-09-27 23:01 - 2016-10-03 08:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-09-27 23:01 - 2016-09-27 23:01 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-27 23:01 - 2016-09-27 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-09-27 23:00 - 2016-09-27 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-09-27 23:00 - 2016-09-27 23:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-09-27 23:00 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-09-27 23:00 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-09-27 23:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-09-27 22:31 - 2016-09-27 22:32 - 22851472 _____ (Malwarebytes ) C:\Users\Annie Lee\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
    2016-09-26 19:20 - 2016-09-26 19:20 - 01060087 _____ C:\Users\Annie Lee\Documents\kimretire.hmk
     
  4. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-23 22:03 - 2013-12-11 17:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-23 21:27 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-23 21:27 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-23 21:21 - 2013-11-15 18:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-23 20:39 - 2016-04-06 20:38 - 00000374 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job
    2016-10-23 20:39 - 2013-09-16 01:02 - 01268459 _____ C:\Windows\WindowsUpdate.log
    2016-10-23 19:54 - 2013-11-15 18:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-23 19:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-23 18:56 - 2016-08-05 13:25 - 00003118 _____ C:\Windows\System32\Tasks\iolo Process Governor
    2016-10-23 12:45 - 2013-09-17 19:53 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\HpUpdate
    2016-10-23 10:38 - 2014-01-17 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-10-20 22:28 - 2013-09-16 20:20 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-20 22:21 - 2013-09-16 20:20 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-20 22:20 - 2013-09-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-10-20 22:17 - 2013-09-19 20:56 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\SoftGrid Client
    2016-10-16 13:03 - 2013-12-11 17:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-10-16 13:03 - 2013-09-16 22:40 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-10-16 13:03 - 2013-09-16 22:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-16 13:03 - 2013-09-16 22:40 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-16 13:03 - 2010-09-03 00:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-10-04 13:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-10-03 17:23 - 2013-11-15 18:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-03 17:23 - 2013-11-15 18:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-09-28 11:07 - 2016-08-22 07:54 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-09-28 11:07 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-09-28 11:07 - 2013-11-08 23:25 - 00001945 _____ C:\Windows\epplauncher.mif
    2016-09-28 11:06 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

    ==================== Files in the root of some directories =======

    2014-07-10 17:57 - 2014-07-10 17:57 - 0003584 _____ () C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-08-22 07:26 - 2016-08-22 07:26 - 0000036 _____ () C:\Users\Annie Lee\AppData\Local\housecall.guid.cache
    2013-09-17 19:49 - 2013-09-17 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-05-03 10:47 - 2016-05-03 10:53 - 0000304 _____ () C:\ProgramData\hpzinstall.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-09-03 02:23 - 2010-09-03 02:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-09-03 02:18 - 2010-09-03 02:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2013-09-16 01:29 - 2013-09-16 01:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-09-03 02:17 - 2010-09-03 02:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-09-03 02:19 - 2010-09-03 02:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2013-09-16 01:30 - 2013-09-16 01:31 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-15 10:52

    ==================== End of FRST.txt ============================
     
  5. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
    Ran by Annie Lee (administrator) on ANNIELEE-HP (23-10-2016 22:10:07)
    Running from C:\Users\Annie Lee\Downloads
    Loaded Profiles: Annie Lee (Available Profiles: Annie Lee)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Cisco) C:\Users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
    (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\Run: [VideoGuardMonitor] => C:\Users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {daf85b93-c0e5-11e3-a56f-e02a8207562a} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {e5e705d4-59fc-11e3-adc5-e02a8207562a} - G:\ToolLauncher-Bootstrap.exe
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {e9b6173a-56de-11e3-b275-e02a8207562a} - G:\TL_Bootstrap.exe
    HKU\S-1-5-18\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-17] (Microsoft Corporation)
    Lsa: [Notification Packages] DPPassFilter scecli
    ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\System Mechanic.lnk [2016-08-05]
    ShortcutTarget: System Mechanic.lnk -> C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe (iolo technologies, LLC)
    BootExecute: autocheck autochk *
     
  6. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{2330AF55-1D6D-4902-A5B2-EBEAC223EC3E}: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}: [DhcpNameServer] 192.168.254.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
    SearchScopes: HKLM -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-03] (Sun Microsystems, Inc.)
    BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-21] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-21] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289
    FF DefaultSearchEngine.US: Bing
    FF Homepage: hxxp://www.msn.com/en-us/?pc=U227&ocid=U227DHP&DT=111514
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-16] ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-16] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-21] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @addlive.com/AddLive(v3),version=3.0.16.5 -> C:\Users\Annie Lee\AppData\LocalLow\AddLive_v3\3.0.16.5\npAddLive.dll [2016-06-22] (LiveFoundry Inc.)
    FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @hulu.com/Hulu Desktop -> C:\Users\Annie Lee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
    FF Extension: Ebates Cash Back - C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-05-12]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-20]
    FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
    FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2016-04-06]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
    CHR Extension: (Google Drive) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
    CHR Extension: (YouTube) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
    CHR Extension: (Google Search) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
    CHR Extension: (Google Calendar) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
    CHR Extension: (Gmail) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
     
  7. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
    S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
    S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
    S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
    R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (http://libusb-win32.sourceforge.net)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation)
    S3 SkyhawkeUSBLan; C:\Windows\System32\DRIVERS\btblan.sys [47600 2010-04-15] (Belcarra Technologies)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2016-04-06] ()
    S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2013-05-06] (LG Electronics Inc.)
    S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2013-05-06] (LG Electronics Inc.)
    S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2013-10-14] (LG Electronics Inc.)
    U2 TMAgent; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-23 22:10 - 2016-10-23 22:11 - 00022912 _____ C:\Users\Annie Lee\Downloads\FRST.txt
    2016-10-23 22:09 - 2016-10-23 22:10 - 00000000 ____D C:\FRST
    2016-10-23 22:08 - 2016-10-23 22:09 - 02193920 _____ (Farbar) C:\Users\Annie Lee\Downloads\FRST64.exe
    2016-10-23 19:54 - 2016-10-23 19:54 - 00000168 _____ C:\Windows\setupact.log
    2016-10-23 19:54 - 2016-10-23 19:54 - 00000000 _____ C:\Windows\setuperr.log
    2016-10-20 20:49 - 2016-10-23 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-10-20 18:59 - 2016-10-20 18:59 - 00000000 ____D C:\Users\Annie Lee\Documents\Avatar
    2016-10-20 18:01 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2016-10-20 18:01 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\LocalLow\Cisco
    2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\Cisco
    2016-10-16 15:14 - 2016-10-16 15:15 - 48275464 _____ (Cisco Systems, Inc) C:\Users\Annie Lee\Downloads\CiscoVideoGuard.6.7.exe
    2016-10-16 12:07 - 2016-10-23 18:49 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForAnnie Lee.job
    2016-10-16 12:07 - 2016-10-23 11:19 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnnie Lee
    2016-09-28 09:20 - 2016-09-28 09:20 - 00013031 _____ C:\Users\Annie Lee\Downloads\Astro Chart.htm
    2016-09-28 09:20 - 2016-09-28 09:20 - 00000000 ____D C:\Users\Annie Lee\Downloads\Astro Chart_files
    2016-09-27 23:01 - 2016-10-03 08:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-09-27 23:01 - 2016-09-27 23:01 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-27 23:01 - 2016-09-27 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-09-27 23:00 - 2016-09-27 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-09-27 23:00 - 2016-09-27 23:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-09-27 23:00 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-09-27 23:00 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-09-27 23:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-09-27 22:31 - 2016-09-27 22:32 - 22851472 _____ (Malwarebytes ) C:\Users\Annie Lee\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
    2016-09-26 19:20 - 2016-09-26 19:20 - 01060087 _____ C:\Users\Annie Lee\Documents\kimretire.hmk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-23 22:03 - 2013-12-11 17:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-23 21:27 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-23 21:27 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-23 21:21 - 2013-11-15 18:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-23 20:39 - 2016-04-06 20:38 - 00000374 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job
    2016-10-23 20:39 - 2013-09-16 01:02 - 01268459 _____ C:\Windows\WindowsUpdate.log
    2016-10-23 19:54 - 2013-11-15 18:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-23 19:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-23 18:56 - 2016-08-05 13:25 - 00003118 _____ C:\Windows\System32\Tasks\iolo Process Governor
    2016-10-23 12:45 - 2013-09-17 19:53 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\HpUpdate
    2016-10-23 10:38 - 2014-01-17 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-10-20 22:28 - 2013-09-16 20:20 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-20 22:21 - 2013-09-16 20:20 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-20 22:20 - 2013-09-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-10-20 22:17 - 2013-09-19 20:56 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\SoftGrid Client
    2016-10-16 13:03 - 2013-12-11 17:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-10-16 13:03 - 2013-09-16 22:40 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-10-16 13:03 - 2013-09-16 22:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-16 13:03 - 2013-09-16 22:40 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-16 13:03 - 2010-09-03 00:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-10-04 13:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-10-03 17:23 - 2013-11-15 18:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-03 17:23 - 2013-11-15 18:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-09-28 11:07 - 2016-08-22 07:54 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-09-28 11:07 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-09-28 11:07 - 2013-11-08 23:25 - 00001945 _____ C:\Windows\epplauncher.mif
    2016-09-28 11:06 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

    ==================== Files in the root of some directories =======

    2014-07-10 17:57 - 2014-07-10 17:57 - 0003584 _____ () C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-08-22 07:26 - 2016-08-22 07:26 - 0000036 _____ () C:\Users\Annie Lee\AppData\Local\housecall.guid.cache
    2013-09-17 19:49 - 2013-09-17 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-05-03 10:47 - 2016-05-03 10:53 - 0000304 _____ () C:\ProgramData\hpzinstall.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-09-03 02:23 - 2010-09-03 02:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-09-03 02:18 - 2010-09-03 02:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2013-09-16 01:29 - 2013-09-16 01:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-09-03 02:17 - 2010-09-03 02:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-09-03 02:19 - 2010-09-03 02:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2013-09-16 01:30 - 2013-09-16 01:31 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-15 10:52

    ==================== End of FRST.txt ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    Please do NOT create multiple topics.
    This time I merged all your topics.

    You posted FRST.txt log twice.
    I still need Addition.txt log.

    You're not saying what's wrong with your computer.
     
  9. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Hello, I'm sorry I'm kind of new at this. My CPU usage is running very high even when supposedly idle. If I play a game on Face book it's pegged to 100%. 6 months ago I had a new motherboard installed and I'm not sure if I updated all the drivers properly. For the most part the computer seem a bit slow. I run all my scans and do their fixes. It never finds any virus or malware is it does It is quarantined. Can I copy and paste my Addition.txt here?. Thanks in advance. Anne
     
  10. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    I'm pretty sure I copied and pasted the Addition.txt file last night. It would have been the last 2 or 3 topics. But I can do it again...let me know. Thanks, Anne.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes, you have to post it because it's not up there.
     
  12. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Okay here is Addition-Notepad I'm sorry I thought I aready cut and pasted. Hopefully this is it!
    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Cisco) C:\Users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
    (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\Run: [VideoGuardMonitor] => C:\Users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {daf85b93-c0e5-11e3-a56f-e02a8207562a} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {e5e705d4-59fc-11e3-adc5-e02a8207562a} - G:\ToolLauncher-Bootstrap.exe
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\MountPoints2: {e9b6173a-56de-11e3-b275-e02a8207562a} - G:\TL_Bootstrap.exe
    HKU\S-1-5-18\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-17] (Microsoft Corporation)
    Lsa: [Notification Packages] DPPassFilter scecli
    ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\System Mechanic.lnk [2016-08-05]
    ShortcutTarget: System Mechanic.lnk -> C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe (iolo technologies, LLC)
    BootExecute: autocheck autochk *
    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{2330AF55-1D6D-4902-A5B2-EBEAC223EC3E}: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}: [DhcpNameServer] 192.168.254.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
    SearchScopes: HKLM -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {062BA6EE-078E-402D-9ED7-E8017B33E3D5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-03] (Sun Microsystems, Inc.)
    BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-21] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-21] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289
    FF DefaultSearchEngine.US: Bing
    FF Homepage: hxxp://www.msn.com/en-us/?pc=U227&ocid=U227DHP&DT=111514
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-16] ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-16] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-21] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @addlive.com/AddLive(v3),version=3.0.16.5 -> C:\Users\Annie Lee\AppData\LocalLow\AddLive_v3\3.0.16.5\npAddLive.dll [2016-06-22] (LiveFoundry Inc.)
    FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @hulu.com/Hulu Desktop -> C:\Users\Annie Lee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
    FF Extension: Ebates Cash Back - C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-05-12]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-20]
    FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
    FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2016-04-06]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
    CHR Extension: (Google Drive) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
    CHR Extension: (YouTube) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
    CHR Extension: (Google Search) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
    CHR Extension: (Google Calendar) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
    CHR Extension: (Gmail) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
    S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
    S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
    S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
    R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (http://libusb-win32.sourceforge.net)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation)
    S3 SkyhawkeUSBLan; C:\Windows\System32\DRIVERS\btblan.sys [47600 2010-04-15] (Belcarra Technologies)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2016-04-06] ()
    S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2013-05-06] (LG Electronics Inc.)
    S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2013-05-06] (LG Electronics Inc.)
    S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2013-10-14] (LG Electronics Inc.)
    U2 TMAgent; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-23 22:10 - 2016-10-23 22:11 - 00022912 _____ C:\Users\Annie Lee\Downloads\FRST.txt
    2016-10-23 22:09 - 2016-10-23 22:10 - 00000000 ____D C:\FRST
    2016-10-23 22:08 - 2016-10-23 22:09 - 02193920 _____ (Farbar) C:\Users\Annie Lee\Downloads\FRST64.exe
    2016-10-23 19:54 - 2016-10-23 19:54 - 00000168 _____ C:\Windows\setupact.log
    2016-10-23 19:54 - 2016-10-23 19:54 - 00000000 _____ C:\Windows\setuperr.log
    2016-10-20 20:49 - 2016-10-23 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-10-20 18:59 - 2016-10-20 18:59 - 00000000 ____D C:\Users\Annie Lee\Documents\Avatar
    2016-10-20 18:01 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2016-10-20 18:01 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\LocalLow\Cisco
    2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\Cisco
    2016-10-16 15:14 - 2016-10-16 15:15 - 48275464 _____ (Cisco Systems, Inc) C:\Users\Annie Lee\Downloads\CiscoVideoGuard.6.7.exe
    2016-10-16 12:07 - 2016-10-23 18:49 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForAnnie Lee.job
    2016-10-16 12:07 - 2016-10-23 11:19 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnnie Lee
    2016-09-28 09:20 - 2016-09-28 09:20 - 00013031 _____ C:\Users\Annie Lee\Downloads\Astro Chart.htm
    2016-09-28 09:20 - 2016-09-28 09:20 - 00000000 ____D C:\Users\Annie Lee\Downloads\Astro Chart_files
    2016-09-27 23:01 - 2016-10-03 08:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-09-27 23:01 - 2016-09-27 23:01 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-27 23:01 - 2016-09-27 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-09-27 23:00 - 2016-09-27 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-09-27 23:00 - 2016-09-27 23:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-09-27 23:00 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-09-27 23:00 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-09-27 23:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-09-27 22:31 - 2016-09-27 22:32 - 22851472 _____ (Malwarebytes ) C:\Users\Annie Lee\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
    2016-09-26 19:20 - 2016-09-26 19:20 - 01060087 _____ C:\Users\Annie Lee\Documents\kimretire.hmk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-23 22:03 - 2013-12-11 17:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-23 21:27 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-23 21:27 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-23 21:21 - 2013-11-15 18:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-23 20:39 - 2016-04-06 20:38 - 00000374 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job
    2016-10-23 20:39 - 2013-09-16 01:02 - 01268459 _____ C:\Windows\WindowsUpdate.log
    2016-10-23 19:54 - 2013-11-15 18:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-23 19:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-23 18:56 - 2016-08-05 13:25 - 00003118 _____ C:\Windows\System32\Tasks\iolo Process Governor
    2016-10-23 12:45 - 2013-09-17 19:53 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\HpUpdate
    2016-10-23 10:38 - 2014-01-17 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-10-20 22:28 - 2013-09-16 20:20 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-20 22:21 - 2013-09-16 20:20 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-20 22:20 - 2013-09-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-10-20 22:17 - 2013-09-19 20:56 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\SoftGrid Client
    2016-10-16 13:03 - 2013-12-11 17:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-10-16 13:03 - 2013-09-16 22:40 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-10-16 13:03 - 2013-09-16 22:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-16 13:03 - 2013-09-16 22:40 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-16 13:03 - 2010-09-03 00:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-10-04 13:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-10-03 17:23 - 2013-11-15 18:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-03 17:23 - 2013-11-15 18:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-09-28 11:07 - 2016-08-22 07:54 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-09-28 11:07 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-09-28 11:07 - 2013-11-08 23:25 - 00001945 _____ C:\Windows\epplauncher.mif
    2016-09-28 11:06 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

    ==================== Files in the root of some directories =======

    2014-07-10 17:57 - 2014-07-10 17:57 - 0003584 _____ () C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-08-22 07:26 - 2016-08-22 07:26 - 0000036 _____ () C:\Users\Annie Lee\AppData\Local\housecall.guid.cache
    2013-09-17 19:49 - 2013-09-17 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-05-03 10:47 - 2016-05-03 10:53 - 0000304 _____ () C:\ProgramData\hpzinstall.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-09-03 02:23 - 2010-09-03 02:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-09-03 02:18 - 2010-09-03 02:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2013-09-16 01:29 - 2013-09-16 01:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-09-03 02:17 - 2010-09-03 02:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-09-03 02:19 - 2010-09-03 02:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2013-09-16 01:30 - 2013-09-16 01:31 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-15 10:52
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    This is not the right log.
    Re-run FRST again.
    It'll produce two logs: FRST.txt and Addition.txt.
    I need the latter one.
     
  14. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Okay sorry!
     
  15. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Wow it's taking awhile, sorry!
     
  16. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Hopefully this what your looking for?

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
    Ran by Annie Lee (2016-10-24 21:49:11)
    Running from C:\Users\Annie Lee\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2013-09-16 03:23:25)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2899254803-3239824921-2955042760-500 - Administrator - Disabled)
    Annie Lee (S-1-5-21-2899254803-3239824921-2955042760-1001 - Administrator - Enabled) => C:\Users\Annie Lee
    Guest (S-1-5-21-2899254803-3239824921-2955042760-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2899254803-3239824921-2955042760-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    AddLive(v3) Browser Plugin (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\AddLive(v3)) (Version: 3.0.16.5 - LiveFoundry Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
    American Greetings CreataCard Select 6 (HKLM-x32\...\{9770A25C-45A7-478E-AF50-4FDE53EED270}) (Version: - )
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    ATI Catalyst Install Manager (HKLM\...\{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CaddieSync Express 1.5.14 (HKLM-x32\...\CaddieSync Express) (Version: 1.5.14 - SkyHawke Technologies)
    ccc-core-static (x32 Version: 2010.0416.541.8279 - ATI) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
    Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
    Contents (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation)
    Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
    DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dropbox (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
    Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hallmark Card Studio 2012 Deluxe (HKLM-x32\...\{8777089A-4CF4-44BA-910B-9A4580669DED}) (Version: 13.0.4.3 - Creative Home)
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
    HP Documentation (HKLM-x32\...\{7D4318AC-9560-46F0-910F-0B38D6CDC009}) (Version: 1.1.2.0 - Hewlett-Packard)
    HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
    HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
    HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}) (Version: 1.0.9.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
    HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
    HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
    HP SimplePass Identity Protection (HKLM\...\{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}) (Version: 5.20.233 - DigitalPersona, Inc.)
    HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
    Hulu Desktop (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
    ICA (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    ICA (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
    IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
    ISCOM (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    ISCOM (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
    LG VZW United Drivers (HKLM-x32\...\{E86DE69E-A94E-41B6-8661-7372FCA1A83C}) (Version: 2.13.0 - LG Electronics)
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
    Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    PaintShop Photo Pro X3 Registration Incentive (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
    PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
    PureHD (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
    Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
    Setup (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    Setup (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
    Share (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    Share64 (Version: 1.6.0.286 - Corel Corporation) Hidden
    Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    System Mechanic (HKLM-x32\...\InstallShield_{49DCB5CB-235B-4A14-BD8E-1E9FC1B0311C}) (Version: 16.1.0.42 - iolo technologies, LLC)
    System Mechanic (x32 Version: 16.1.0.42 - iolo technologies, LLC) Hidden
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.061 - The New York Times Company)
    Times Reader (x32 Version: 2.061 - The New York Times Company) Hidden
    UltraISO Premium V9.52 (HKLM-x32\...\UltraISO_is1) (Version: - )
    Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.)
    Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.8 - Verizon)
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
    VIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
    VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    VSPro (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    15-09-2016 16:14:54 Windows Update
    19-09-2016 14:59:38 Windows Update
    20-09-2016 14:24:44 Configured System Mechanic
    20-09-2016 14:40:11 Configured System Mechanic
    20-09-2016 23:22:36 Windows Update
    25-09-2016 12:11:40 Windows Update
    28-09-2016 11:05:23 Windows Update
    03-10-2016 20:52:05 Windows Update
    07-10-2016 09:12:28 Windows Update
    20-10-2016 22:18:13 Windows Update
    21-10-2016 06:45:34 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-08-19 08:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00B649DC-7B88-49EC-872A-0413CF289B86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
    Task: {045A0317-4BB2-4A7F-87E1-C9B027E7CD30} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\iolo\System Mechanic\ioloSmartUpdater.exe [2016-09-16] (iolo technologies, LLC)
    Task: {0CA0BFBC-5C97-4D16-A7BA-20EFAB618546} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {1A88C284-4C4C-41D4-A590-D08F5E41A940} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
    Task: {1C9F8177-E031-40FB-9880-24AF33874C14} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {1E8D5CDA-A73B-4199-92EF-85FDD8DE9638} - System32\Tasks\{EFE2E0DF-B8C1-4DB2-A853-0F63F1F15731} => pcalua.exe -a G:\InstallSeagateManager.exe -d G:\
    Task: {2576F414-AAEE-4F93-AE94-9F988D810973} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {25C0417A-4F1A-461C-9425-ACE98ADF33B4} - System32\Tasks\HP AR Program Upload - a6e1f55f372343868e5b3e46b6bfe10cabb36aa454cc4005a5745b6869086c38 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {31386B15-D0D9-4DBA-884C-B8C472891040} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {36A84976-0E16-416E-A5DD-C9D967E03BE2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2013-02-20] ()
    Task: {44051B2C-931B-4FD8-80C7-62FA73792788} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {4432F518-1E58-4B5F-A7A6-07F735F1EE19} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
    Task: {475A4A2E-9852-4BF1-AD1D-B918258EC01F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {477D0335-6312-4FE4-9899-47D6465517B5} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {4C9B2CD6-D87B-43A7-8ADD-5E5C3DB62E84} - System32\Tasks\Annie Lee DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
    Task: {55C38A09-D05B-4C43-B1E1-B23C1D655612} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
    Task: {57FC4C23-B03C-454B-9A27-A9961AC89A70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
    Task: {585AEB12-A6CA-45E1-8488-9A818538C4C8} - System32\Tasks\Annie Lee1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
    Task: {6DBC8E47-C5F7-430E-97B6-A574D8649600} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
    Task: {83EDC170-6349-463A-B74A-92082EA68C81} - System32\Tasks\HPCeeScheduleForAnnie Lee => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {8A2A321C-FD0A-4353-B451-E8EBEF8CE19F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {91D6C1EC-4915-4196-8E7A-75D42EA06D50} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-09-16] (iolo technologies, LLC)
    Task: {925A2AA8-6966-4575-BCAA-62CFA681941C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-03-25] (Microsoft Corporation)
    Task: {93AF3862-BE7D-44FD-BEBF-4597D181E8BA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {95BF789A-E1C8-4179-8F5D-0478CB2FB3E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {9CE4D57D-87CE-4ED5-8AC3-F536AB876683} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe [2016-09-16] (iolo technologies, LLC)
    Task: {AC7A3036-2950-49FA-B0E0-4ACD311AA6CA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-03-20] (Microsoft Corporation)
    Task: {B11B9267-A275-4FC5-9A3B-ACF871D87EFB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
    Task: {B51C98DF-DCFA-41B9-B83A-57352DC7AFBE} - System32\Tasks\{D21898AE-FD32-4D29-9083-EB0F20E18FAA} => pcalua.exe -a "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe" -d C:\Windows\system32
    Task: {B63F8206-279F-4A10-A252-E90CF30D4722} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
    Task: {B6CF989A-78CF-4037-8754-2B59334C2BE8} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {B71C92F0-534A-4637-96D7-D41176AB48FE} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
    Task: {C640475A-4E68-4B64-8771-28491728D962} - System32\Tasks\ioloToaster => C:\Program Files (x86)\iolo\System Mechanic\ioloToaster.exe [2016-09-16] (iolo technologies, LLC)
    Task: {E82AE93B-37FB-4A59-BB98-92E157757A77} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
    Task: {E873A0FA-D091-4459-BD30-65A9D12EE6F9} - System32\Tasks\Annie Lee1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
    Task: {F68519EB-5CD6-44B9-B9D2-8512F0A8747C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-03-20] (Microsoft Corporation)
    Task: {FF74CAD9-4864-49AC-A486-CB2E11B8813E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-16] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForAnnie Lee.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2010-01-20 19:20 - 2010-01-20 19:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2016-10-16 13:03 - 2016-10-16 13:03 - 19635392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Annie Lee\Documents\Annie Walker.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 1.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 10.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 11.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 12.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 13.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 14.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 15.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 2.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 3.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 4.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 5.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 6.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 7.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 8.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 9.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Annie Lee\Documents\Tanya Thanks.avi:TOC.WMV

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Annie Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.254.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Forget Me Not.lnk => C:\Windows\pss\Forget Me Not.lnk.CommonStartup
    MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
    MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    MSCONFIG\startupreg: VerizonCloud => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{C70A8F1B-6255-436F-A34D-386D68C70B1E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{956D37A3-C816-4092-B512-5EAC6787657C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{C492717A-5C9A-4D2C-A4A3-BA8684AB2CB1}] => (Allow) svchost.exe
    FirewallRules: [{BA868B56-6F8B-4C06-8C7A-D364E688304A}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{E9406A49-894F-4548-B161-BD58D5CD3EF6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
    FirewallRules: [{D10D95B4-2608-4E26-955D-943E9567994D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{DBCE8E7A-EFF1-4707-AB76-7F46BFA79EB5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{ABBE0784-97D8-4930-AD37-BCA1EB277FDE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{9A1FBB7D-F554-49ED-8BDF-9F2B89B3E79B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{24AA8D61-A521-4A30-B884-656D0005B405}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{38D35CBB-A72E-4079-A69C-819F16E6B648}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{01F902E4-13C6-48B8-AD25-13B48771CC1A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{05C36025-79B5-42D3-8136-BE3A8F71463F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{1A115508-7489-4EA2-894C-D89778F66BB0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{43FB7325-4D71-4181-BEA7-24717D3F6E83}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
    FirewallRules: [{1339D4B3-C814-4A90-99A5-07DF8D307067}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
    FirewallRules: [{BF11FB17-9348-4196-BABB-EC579A1249F2}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
    FirewallRules: [{FBDB488B-EA21-45EC-AEB8-E11B7142B351}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
    FirewallRules: [{0FFA21BB-8412-4766-8D10-C27196C02B98}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
    FirewallRules: [{94C21FB3-57B2-4BCB-B5CA-14EFBD5CF639}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{52EC9F2E-E9AA-4101-8FB5-C042EE591AC6}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{7C03FDDB-1CD4-40AB-AB72-998B12A668AC}C:\program files\verizon cloud\verizon.exe] => (Allow) C:\program files\verizon cloud\verizon.exe
    FirewallRules: [UDP Query User{F2BD0414-BEDB-4FE8-9095-1885FE1F90A1}C:\program files\verizon cloud\verizon.exe] => (Allow) C:\program files\verizon cloud\verizon.exe
    FirewallRules: [TCP Query User{8C94E785-12A3-431E-A82C-0E60258627A8}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
    FirewallRules: [UDP Query User{53925B2E-9653-426D-9E81-CA34267140BB}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
    FirewallRules: [TCP Query User{2FD0B2F3-E57C-4D1E-816D-5EF2B10FF829}C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe] => (Allow) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
    FirewallRules: [UDP Query User{81E482E9-E9E5-4F92-BB5F-60285D746896}C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe] => (Allow) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
    FirewallRules: [{6F495731-76EB-4A16-AF2E-270BF15A953B}] => (Block) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
    FirewallRules: [{535130A4-FF02-4BB3-81F3-639C41D2A721}] => (Block) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
    FirewallRules: [TCP Query User{B5251C47-691A-4951-A5CF-84BA442B50B4}C:\program files\verizon cloud\verizon cloud service.exe] => (Block) C:\program files\verizon cloud\verizon cloud service.exe
    FirewallRules: [UDP Query User{5FFEEA7D-BB59-4418-AD35-4572E467304C}C:\program files\verizon cloud\verizon cloud service.exe] => (Block) C:\program files\verizon cloud\verizon cloud service.exe
    FirewallRules: [{2262AB93-8669-4416-947C-B49BC8DA0DF0}] => (Allow) C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{184B76AD-8C71-42DA-829C-ED1A2D68EB1D}] => (Allow) C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{2972F64F-0605-4D62-A6C0-D34C7AD43F35}] => (Allow) LPort=8888
    FirewallRules: [TCP Query User{8447185E-7CA5-49D2-B9EC-C9FFD5BC7052}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
    FirewallRules: [UDP Query User{1D2B96DF-87B4-46F1-B4CA-3197DA003193}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
    FirewallRules: [{E8CBC82B-A8D7-4874-B94A-14F4ADD19CD1}] => (Allow) LPort=8888
    FirewallRules: [{823CA12A-2DD1-4F14-A2B9-4850C379B351}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3E334AC9-BBF5-4A70-97B6-19FF04020C29}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{59AB761F-0607-4463-B3FF-85BDE9F50236}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{726B7157-5B85-4E4F-AB6B-2E32CB56708E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{1F539854-2028-443A-A292-C3304FC9CD97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AEE54630-9ED9-4321-AD62-874140D7E3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{31EA8F9F-1507-4345-B4F3-FC1D976E7782}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A5A848D3-7C00-43F6-8DA5-AD981B225FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{45ECA376-40E2-44A5-9409-F8E1A21CA14D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{613A5B42-EC8C-4075-B753-CA954125B237}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{FC0790DF-AA19-4AA9-82B9-0A4C427DDD38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{DC231899-3E4F-4DD3-9ADF-464A737B8DE2}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
    FirewallRules: [UDP Query User{8AA91B7F-E990-4D50-9B52-78DF9F0245C9}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
    FirewallRules: [{95B2CECD-3153-4011-A22D-AEDB05F9320E}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
    FirewallRules: [{00D39A77-90D3-4934-878C-6DB591A9CBC6}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
    FirewallRules: [{32703C21-3E2C-4C1F-9FEF-26898E5B0443}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
    FirewallRules: [{7AB78B71-F016-4F83-984C-6FE55B6A3297}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
    FirewallRules: [{29B71756-DE34-4564-BBFB-B4C817BB4209}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/24/2016 01:05:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2231

    Error: (10/24/2016 01:05:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2231

    Error: (10/24/2016 01:05:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/24/2016 01:05:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1186

    Error: (10/24/2016 01:05:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1186

    Error: (10/24/2016 01:05:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/24/2016 12:52:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2449

    Error: (10/24/2016 12:52:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2449

    Error: (10/24/2016 12:52:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/24/2016 12:52:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1185


    System errors:
    =============
    Error: (10/23/2016 07:55:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

    Error: (10/23/2016 10:44:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Solutions Framework Service service failed to start due to the following error:
    %%1053

    Error: (10/23/2016 10:44:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

    Error: (10/23/2016 10:39:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

    Error: (10/21/2016 06:49:20 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

    Error: (10/20/2016 09:13:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DiagTrack service.

    Error: (10/19/2016 03:43:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.229.1843.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (10/19/2016 02:59:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect.

    Error: (10/19/2016 02:58:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

    Error: (10/19/2016 02:56:56 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.229.1843.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.10.205.00

    Source Path: 4.10.205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) II N640 Dual-Core Processor
    Percentage of memory in use: 61%
    Total physical RAM: 5882.9 MB
    Available physical RAM: 2276.4 MB
    Total Virtual: 11763.99 MB
    Available Virtual: 7946.12 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:677.05 GB) (Free:573.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:21.29 GB) (Free:3.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 2FA17596)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    This is correct :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    Already installed:
    2.0 Threat Scan
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  18. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Okay can I leave this window open or should I print everything so I can close it? Should I also close all the notepad windows too?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    It really doesn't matter.
     
  20. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Haha figured out that I couldn't close this window! This is taking a while so I'll probably only get through the RogueKiller tonight. Thanks for your patience with me and your help so far!
     
  21. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Annie Lee [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 10/24/2016 22:35:45 (Duration : 01:13:35)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\driverscanner -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [PUP] %WINDIR%\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ( /doScheduledScan) -> Not selected
    [PUP] \SlimCleaner Plus (Scheduled Scan - Annie Lee) -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (/doScheduledScan) -> Not selected

    ¤¤¤ Files : 5 ¤¤¤
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\DriverCure -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Roaming\DriverCure\LogFile.txt -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\ParetoLogic -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\ParetoLogic\RegCure Pro -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 14-19-29 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 14-19-41 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 20-37-18 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 22-26-37 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 23-36-04 0.log -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers\US-131044741290199732.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers\US-131044743037389665.log -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage-journal -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\cookiefilter.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\settings -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus -> Deleted
    [PUP][Folder] C:\ProgramData\ParetoLogic -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\License_Time.rdat -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\RB.rdat -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\tfn.xml -> Deleted
    [PUP][Folder] C:\ProgramData\ParetoLogic\RegCure Pro -> Deleted
    [PUP][Folder] C:\ProgramData\Uniblue -> Deleted
    [PUP][Folder] C:\ProgramData\Uniblue\DriverScanner -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HN-M750MBB ATA Device +++++
    --- User ---
    [MBR] d9884192f1c37244b004b70e180bae14
    [BSP] a72c9303ff0b2f607b85b1ac3eed0372 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 693299 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1420285952 | Size: 21802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: HP Photosmart 5520 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Annie Lee [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 10/24/2016 22:35:45 (Duration : 01:13:35)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\driverscanner -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [PUP] %WINDIR%\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ( /doScheduledScan) -> Not selected
    [PUP] \SlimCleaner Plus (Scheduled Scan - Annie Lee) -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (/doScheduledScan) -> Not selected

    ¤¤¤ Files : 5 ¤¤¤
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\DriverCure -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Roaming\DriverCure\LogFile.txt -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\ParetoLogic -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\ParetoLogic\RegCure Pro -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 14-19-29 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 14-19-41 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 20-37-18 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 22-26-37 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 23-36-04 0.log -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers\US-131044741290199732.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers\US-131044743037389665.log -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage-journal -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\cookiefilter.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\settings -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus -> Deleted
    [PUP][Folder] C:\ProgramData\ParetoLogic -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\License_Time.rdat -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\RB.rdat -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\tfn.xml -> Deleted
    [PUP][Folder] C:\ProgramData\ParetoLogic\RegCure Pro -> Deleted
    [PUP][Folder] C:\ProgramData\Uniblue -> Deleted
    [PUP][Folder] C:\ProgramData\Uniblue\DriverScanner -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HN-M750MBB ATA Device +++++
    --- User ---
    [MBR] d9884192f1c37244b004b70e180bae14
    [BSP] a72c9303ff0b2f607b85b1ac3eed0372 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 693299 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1420285952 | Size: 21802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: HP Photosmart 5520 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Annie Lee [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 10/24/2016 22:35:45 (Duration : 01:13:35)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\driverscanner -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [PUP] %WINDIR%\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ( /doScheduledScan) -> Not selected
    [PUP] \SlimCleaner Plus (Scheduled Scan - Annie Lee) -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (/doScheduledScan) -> Not selected

    ¤¤¤ Files : 5 ¤¤¤
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\DriverCure -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Roaming\DriverCure\LogFile.txt -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\ParetoLogic -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\ParetoLogic\RegCure Pro -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 14-19-29 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 14-19-41 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 20-37-18 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 22-26-37 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 23-36-04 0.log -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers\US-131044741290199732.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers\US-131044743037389665.log -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage-journal -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\cookiefilter.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\settings -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus -> Deleted
    [PUP][Folder] C:\ProgramData\ParetoLogic -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\License_Time.rdat -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\RB.rdat -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\tfn.xml -> Deleted
    [PUP][Folder] C:\ProgramData\ParetoLogic\RegCure Pro -> Deleted
    [PUP][Folder] C:\ProgramData\Uniblue -> Deleted
    [PUP][Folder] C:\ProgramData\Uniblue\DriverScanner -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HN-M750MBB ATA Device +++++
    --- User ---
    [MBR] d9884192f1c37244b004b70e180bae14
    [BSP] a72c9303ff0b2f607b85b1ac3eed0372 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 693299 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1420285952 | Size: 21802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: HP Photosmart 5520 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Annie Lee [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 10/24/2016 22:35:45 (Duration : 01:13:35)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\driverscanner -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\SlimWare Utilities Inc -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [PUP] %WINDIR%\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ( /doScheduledScan) -> Not selected
    [PUP] \SlimCleaner Plus (Scheduled Scan - Annie Lee) -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (/doScheduledScan) -> Not selected

    ¤¤¤ Files : 5 ¤¤¤
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\DriverCure -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Roaming\DriverCure\LogFile.txt -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\ParetoLogic -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Roaming\ParetoLogic\RegCure Pro -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 14-19-29 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 14-19-41 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 20-37-18 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 22-26-37 0.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-04-06 23-36-04 0.log -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\DriverUpdate -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers\US-131044741290199732.log -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers\US-131044743037389665.log -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\Installers -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage-journal -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\cookiefilter.db -> Deleted
    [PUP][File] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\settings -> Deleted
    [PUP][Folder] C:\Users\Annie Lee\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus -> Deleted
    [PUP][Folder] C:\ProgramData\ParetoLogic -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\License_Time.rdat -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\RB.rdat -> Deleted
    [PUP][File] C:\ProgramData\ParetoLogic\RegCure Pro\tfn.xml -> Deleted
    [PUP][Folder] C:\ProgramData\ParetoLogic\RegCure Pro -> Deleted
    [PUP][Folder] C:\ProgramData\Uniblue -> Deleted
    [PUP][Folder] C:\ProgramData\Uniblue\DriverScanner -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HN-M750MBB ATA Device +++++
    --- User ---
    [MBR] d9884192f1c37244b004b70e180bae14
    [BSP] a72c9303ff0b2f607b85b1ac3eed0372 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 693299 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1420285952 | Size: 21802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: HP Photosmart 5520 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    I think I got them all. I'll do more scans tomorrow! Thanks again!
     
  22. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Ugh, I'm not sure now that I got them all. Every time I click on the header the notepad file changes. I saved everything so if I didn't include something let me know. Thanks for working with a beginner like me!
     
  23. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    I think this is the report you want from Malwarebytes Anti-Malware
    <?xml version="1.0" encoding="UTF-16"?>
    -<mbam-log> -<header> <date>2016/10/25 09:00:12 -0400</date> <logfile>mbam-log-2016-10-25 (09-00-08).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.2.1.1043</version> <malware-database>v2016.10.25.08</malware-database> <rootkit-database>v2016.09.26.02</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <hostname>ANNIELEE-HP</hostname> <ip>192.168.254.27</ip> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Annie Lee</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>354942</objects> <time>1666</time> <processes>0</processes> <modules>0</modules> <keys>4</keys> <values>1</values> <datas>0</datas> <folders>0</folders> <files>2</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{477D0335-6312-4FE4-9899-47D6465517B5}</path><vendor>PUP.Optional.SlimCleanerPlus</vendor><action>delete-on-reboot</action><hash>54189c01e5b5da5cf2515fb127deb947</hash></key> -<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SlimCleaner Plus (Scheduled Scan - Annie Lee)</path><vendor>PUP.Optional.SlimCleanerPlus</vendor><action>delete-on-reboot</action><hash>5715801da1f923134ffb1cf44cb9d32d</hash></key> -<key><path>HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.</path><vendor>PUP.Optional.SlimCleanerPlus</vendor><action>success</action><hash>c8a42d70c4d637ff5884ea21e2233bc5</hash></key> -<key><path>HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\SOFTWARE\SlimWare Utilities Inc</path><vendor>PUP.Optional.SlimCleanerPlus</vendor><action>success</action><hash>620a128be5b55ed829b244c7bf46867a</hash></key> -<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{477D0335-6312-4FE4-9899-47D6465517B5}</path><valuename>Path</valuename><vendor>PUP.Optional.SlimCleanerPlus</vendor><action>delete-on-reboot</action><valuedata>\SlimCleaner Plus (Scheduled Scan - Annie Lee)</valuedata><hash>54189c01e5b5da5cf2515fb127deb947</hash></value> -<file><path>C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee).job</path><vendor>PUP.Optional.SlimCleanerPlus</vendor><action>success</action><hash>f5771e7f7f1b0630f00a9a6c976eb24e</hash></file> -<file><path>C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Annie Lee)</path><vendor>PUP.Optional.SlimCleanerPlus</vendor><action>success</action><hash>b9b3693433671c1a0f3062ae4fb6f010</hash></file> </items> </mbam-log>
     
  24. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    Ugh, I'm getting confused, hopefully this is what you need.

    <?xml version="1.0" encoding="UTF-8"?>
    -<logs> <record subtype="Malware Protection" result="Starting" last_modified_tag="2bcdfd81-a4af-4957-8a4d-2b810493905d" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T08:59:08.343745-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malware Protection" result="Started" last_modified_tag="839da2e2-8f4c-4f63-b6f3-f930dcf1ff47" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T08:59:08.385747-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="df99cab2-7b58-42f4-a707-dd6ef02d5e64" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T08:59:08.533756-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Started" last_modified_tag="14b8bf1d-8625-4ac8-85d0-b578f1645d70" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T08:59:10.954894-04:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="de7c116f-3323-4609-aa21-9ecf1a142fc1" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Manual" datetime="2016-10-25T08:59:44.649821-04:00" LoggingEventType="1" severity="debug" toVersion="2016.9.21.1" name="Remediation Database" fromVersion="2016.2.12.1"/> <record last_modified_tag="add20d32-b714-46a1-a73e-71fd17ffc03b" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Manual" datetime="2016-10-25T08:59:45.404865-04:00" LoggingEventType="1" severity="debug" toVersion="2016.9.26.2" name="Rootkit Database" fromVersion="2016.2.8.1"/> <record last_modified_tag="d8005be9-4651-45b0-b4ab-4afc8779f56a" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Manual" datetime="2016-10-25T08:59:46.079903-04:00" LoggingEventType="1" severity="debug" toVersion="2016.10.25.1" name="IP Database" fromVersion="2016.2.8.1"/> <record last_modified_tag="f4aa1a61-5a12-42aa-a74f-b2a5763670da" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Manual" datetime="2016-10-25T08:59:47.229969-04:00" LoggingEventType="1" severity="debug" toVersion="2016.10.24.5" name="Domain Database" fromVersion="2016.2.16.8"/> <record last_modified_tag="17b5e174-7e0b-4ea3-8cbf-7f5b6e46f527" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Manual" datetime="2016-10-25T08:59:53.063303-04:00" LoggingEventType="1" severity="debug" toVersion="2016.10.25.8" name="Malware Database" fromVersion="2016.2.16.6"/> <record subtype="Refresh" result="Starting" last_modified_tag="69743d07-83f2-44b3-9256-293e57b51356" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T08:59:53.150308-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="ed26e5fc-1353-42bb-b7a6-6625c9bfbce8" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T08:59:53.177309-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="92e8310c-128b-443f-8741-49781622e799" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T08:59:53.619334-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Refresh" result="Success" last_modified_tag="dc384ca8-04e3-4ddb-922c-eb3059183c29" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T09:00:00.422724-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="310efcc6-54b2-492d-89b8-c7b2a85ffffd" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T09:00:00.486727-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Started" last_modified_tag="418bc442-77ac-494f-b830-41429b27b044" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T09:00:02.839862-04:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="783636a3-d2eb-4acc-bf6d-ed1f57b39336" systemname="ANNIELEE-HP" username="SYSTEM" type="Scan" source="Manual" datetime="2016-10-25T09:30:04.286234-04:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="14" malwaredetections="0" duration="1666" starttime="2016-10-25T09:00:12-04:00" scantype="threat"/> <record subtype="Malware Protection" result="Starting" last_modified_tag="47d1de2e-df8f-45fd-b68f-fdf5a15377fc" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T09:35:54.798721-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malware Protection" result="Started" last_modified_tag="16a73de9-4847-4790-bcec-74c43563ecb2" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T09:35:54.861121-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="83691356-15ae-4a9d-9eaa-03df9c4ef83c" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T09:35:54.954721-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Started" last_modified_tag="9075f336-061d-47aa-a101-af18ef01ca1a" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T09:36:40.943601-04:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="4ba95d79-d416-40eb-a414-5ce941f4af60" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-10-25T10:06:05.622919-04:00" LoggingEventType="1" severity="debug" toVersion="2016.10.25.9" name="Malware Database" fromVersion="2016.10.25.8"/> <record subtype="Refresh" result="Starting" last_modified_tag="bf6f8f29-bc09-43dc-a95d-6d95be98bc73" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T10:06:05.654119-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="561ba7a3-5570-4aff-b176-858f4599f5cc" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T10:06:05.669719-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="24867b51-1965-4062-8d2d-c5316bfb5aab" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T10:06:06.184520-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Refresh" result="Success" last_modified_tag="ea4b3c27-1a26-420b-9903-036d29f6b80c" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T10:06:37.790175-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="feb0f640-9b5d-4303-b9a9-53bffc7219ed" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T10:06:37.821376-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Started" last_modified_tag="add329cf-9ba6-4843-ad97-2a69b50dc89a" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T10:06:40.223780-04:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="cefc64f6-7c2d-4d21-85f8-8267c9dd49fc" systemname="ANNIELEE-HP" username="SYSTEM" type="Scan" source="Manual" datetime="2016-10-25T10:36:46.186966-04:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="2893" starttime="2016-10-25T09:48:32-04:00" scantype="threat"/> <record last_modified_tag="f4697ed5-6396-412c-acf7-bb5b41b17c16" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-10-25T11:02:52.104052-04:00" LoggingEventType="1" severity="debug" message="Failed" code="No Internet connection detected"/> <record last_modified_tag="56b47881-bd05-402f-b0a4-948368223de0" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-10-25T11:06:02.080586-04:00" LoggingEventType="1" severity="debug" toVersion="2016.10.25.10" name="Malware Database" fromVersion="2016.10.25.9"/> <record subtype="Refresh" result="Starting" last_modified_tag="55a34895-7032-4029-b7ef-7196818fe2cf" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T11:06:02.204593-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="df22fbe1-11fb-4445-a0ac-3461a7a94728" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T11:06:02.234595-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="8c2da0fe-777f-421a-b121-b91df6826b45" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T11:06:02.866631-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Refresh" result="Success" last_modified_tag="e625d6a9-34ff-463a-9c2a-c0c7d53c0121" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T11:06:21.636704-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="06459547-d1b5-4d32-895b-49c0731f9096" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T11:06:21.695708-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Started" last_modified_tag="aae4b419-ce3d-443c-a93a-5c64e726cac7" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T11:06:25.384919-04:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="feae9c7d-f417-400f-b014-2bcff9acc546" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-10-25T13:23:15.563003-04:00" LoggingEventType="1" severity="debug" message="Failed" code="No Internet connection detected"/> <record last_modified_tag="32e111db-3b81-4209-9a37-2c1aa57f70e1" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-10-25T13:26:21.021528-04:00" LoggingEventType="1" severity="debug" toVersion="2016.10.25.2" name="IP Database" fromVersion="2016.10.25.1"/> <record last_modified_tag="70f92c50-e665-49a6-8259-c5368a86e304" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-10-25T13:26:22.091589-04:00" LoggingEventType="1" severity="debug" toVersion="2016.10.25.1" name="Domain Database" fromVersion="2016.10.24.5"/> <record last_modified_tag="71707f25-e3c1-46b9-afb2-ad58a8207203" systemname="ANNIELEE-HP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-10-25T13:26:26.564845-04:00" LoggingEventType="1" severity="debug" toVersion="2016.10.25.11" name="Malware Database" fromVersion="2016.10.25.10"/> <record subtype="Refresh" result="Starting" last_modified_tag="593757e8-e013-40b3-b1ec-dd0b3fad73ab" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T13:26:26.650850-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="e58c28f8-bd74-4595-b1a6-dbecf498fa4d" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T13:26:26.671851-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="5f4999f0-61d8-45ae-bb95-fee9e215eac0" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T13:26:27.160879-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Refresh" result="Success" last_modified_tag="32a3fb82-a554-4c48-841c-54981bb62c76" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T13:26:33.951267-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="d78be42b-3e23-462a-9d8b-084ff82185f0" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T13:26:33.976269-04:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Started" last_modified_tag="72882f17-fa03-4f39-8c1b-f72ae5c3a98d" systemname="ANNIELEE-HP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-10-25T13:26:36.447410-04:00" LoggingEventType="2" severity="debug"/> </logs>
     
  25. Anne Kofod

    Anne Kofod TS Member Topic Starter Posts: 43

    I'm not going any further until I hear from you. Hopefully I haven't screwed anything up!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...