Solved Will my brother in law ever learn?

Broni · Feb 12, 2017

Try to disable Windows Defender momentarily.
If that doesn't help update MBAM manually.
Download this: http://data.mbamupdates.com/tools/mbam-rules.exe and double click on downloaded file.

glhglh · Feb 12, 2017

That didn't do it. same error.

Broni · Feb 12, 2017

Did you try manual update?

glhglh · Feb 13, 2017

Mbam ran 8 hours twice, but each time after the heuristic test it started to check for updates. I finally went into the settings for Mbam and unchecked auto update. Then did one manual update. The disk was very full, I deleted some old files, and the recycle file then ran it again, and got this reading, put checked into quarantine:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/13/17
Scan Time: 12:17 PM
Logfile: mbam.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1253
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: HP-RRR\Randy

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 108647
Time Elapsed: 14 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Disabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 17
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [1206], [335828],1.0.1253
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [1206], [335828],1.0.1253
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [1206], [335828],1.0.1253
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}, No Action By User, [1206], [335836],1.0.1253
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{959D527D-6C27-4879-A644-065526D6969C}, No Action By User, [1206], [335833],1.0.1253
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}, No Action By User, [1206], [335831],1.0.1253
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\GeekBuddyRSP, No Action By User, [2245], [342277],1.0.1253
PUP.Optional.IoloSC, HKLM\SOFTWARE\WOW6432NODE\IOLO\System Checkup, No Action By User, [2533], [349242],1.0.1253
PUP.Optional.GeekBuddy, HKLM\SYSTEM\SOFTWARE\COMODO\CLPS 4, No Action By User, [2245], [342292],1.0.1253
PUP.Optional.InstallCore, HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\ICSW1.18, No Action By User, [8], [239562],1.0.1253
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\UNDEFINED, No Action By User, [1359], [334354],1.0.1253
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{261dc3b1}, No Action By User, [46], [260250],1.0.1253
PUP.Optional.SpeedyPC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5888B29F-A4A4-4A01-83F0-070CAD86847C}, No Action By User, [2193], [340768],1.0.1253
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\GeekBuddyRSP, No Action By User, [2245], [342277],1.0.1253
PUP.Optional.GeekBuddy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\GeekBuddyRSP, No Action By User, [2245], [362758],1.0.1253
PUP.Optional.ProCleaningSoftware, HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\4a555618_0, No Action By User, [1290], [255416],1.0.1253
PUP.Optional.BrowserAir, HKU\S-1-5-21-2783097096-289569773-1546617986-1001_Classes\FTP\DEFAULTICON, No Action By User, [1852], [262296],1.0.1253

Registry Value: 3
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\UNDEFINED|FLASHPLAYERPRO [1].EXE, No Action By User, [1359], [334354],1.0.1253
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{261dc3b1}|1, No Action By User, [46], [260250],1.0.1253
PUP.Optional.SpeedyPC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5888B29F-A4A4-4A01-83F0-070CAD86847C}|PATH, No Action By User, [2193], [340768],1.0.1253

Registry Data: 26
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer, Replace-on-Reboot, [18141], [293494],1.0.1253
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{21464931-263a-4a60-930e-a79b690b399f}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{21464931-263a-4a60-930e-a79b690b399f}|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{31ea90e4-35d4-4540-a94c-eab28ac7c7e0}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{31ea90e4-35d4-4540-a94c-eab28ac7c7e0}|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{34167375-BE40-466A-AF7E-71F5E33959CD}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3973625b-d550-4482-8626-055c851fa7f8}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3973625b-d550-4482-8626-055c851fa7f8}|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3D493812-5A6C-4569-8948-931983678700}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6F79DAF9-0BD7-4158-9C0C-745284478CE4}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{825E0274-4ABB-4A35-83B7-62488622A3B1}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{82f2cad0-7a7c-4d6d-95d4-2003995ef9f1}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{95c3e60d-7d80-41db-be01-e26265544b30}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ed4e3568-60c7-4154-bc8c-83374c0e6f1c}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ed4e3568-60c7-4154-bc8c-83374c0e6f1c}|DhcpNameServer, Replace-on-Reboot, [18141], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{FBBE2E80-E2E3-4A4F-A6F0-ABB719E6CDEE}|NameServer, Replace-on-Reboot, [18141], [-1],0.0.0

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.IoloSC, C:\PROGRAMDATA\iolo\SCU, No Action By User, [2533], [349238],1.0.1253

File: 7
PUP.Optional.APNToolBar, C:\PROGRAMDATA\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WEATHERBUGSETUP.RES, No Action By User, [8699], [76243],1.0.1253
PUP.Optional.APNToolBar, C:\USERS\RANDY\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\THE WEATHER CHANNEL APP.MSI, No Action By User, [8699], [76243],1.0.1253
PUP.Optional.SpeedyPC, C:\WINDOWS\SYSTEM32\TASKS\SPEEDYPC UPDATE VERSION3 STARTUP TASK, No Action By User, [2193], [340766],1.0.1253
PUP.Optional.WinYahoo, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\COMPONENTS\MRT.JS, No Action By User, [117], [257707],1.0.1253
PUP.Optional.Yontoo, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage, No Action By User, [71], [304355],1.0.1253
PUP.Optional.Yontoo, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage-journal, No Action By User, [71], [304355],1.0.1253
PUP.Optional.WinYahoo, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\COMPONENTS\COMPONENTS.MANIFEST, No Action By User, [117], [302781],1.0.1253

Physical Sector: 0
(No malicious items detected)

(end)

glhglh · Feb 13, 2017

Want to uninstall Slim Cleaner Plus; Speedy Backup; pdanet; AOL Uninstaller? and others?

glhglh · Feb 13, 2017

Also, I think the local drive Q: is something bac.

Broni · Feb 13, 2017

Those programs are not malicious per se.
You can try to uninstall them but from what I've seen some of our tools took care of them.
They may be just leftovers in Control Panel listing.
Give it a shot if you don't need them.

Then....

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

glhglh · Feb 13, 2017

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Mozilla Firefox 27.0 Firefox out of Date!
Google Chrome (56.0.2924.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Randy Desktop Virus SecurityCheck.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

glhglh · Feb 13, 2017

Farbar Service Scanner Version: 27-01-2016
Ran by Randy (administrator) on 13-02-2017 at 19:11:59
Running from "C:\Users\Randy\Desktop\Virus"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

glhglh · Feb 14, 2017

2017-02-14 04:41:45.810 Sophos Virus Removal Tool version 2.5.6
2017-02-14 04:41:45.810 Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-02-14 04:41:45.810 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-02-14 04:41:45.810 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2017-02-14 04:41:45.812 Checking for updates...
2017-02-14 04:41:45.946 Update progress: proxy server not available
2017-02-14 04:42:05.921 Option all = no
2017-02-14 04:42:05.921 Option recurse = yes
2017-02-14 04:42:05.930 Option archive = no
2017-02-14 04:42:05.930 Option service = yes
2017-02-14 04:42:05.930 Option confirm = yes
2017-02-14 04:42:05.930 Option sxl = yes
2017-02-14 04:42:05.930 Option max-data-age = 35
2017-02-14 04:42:05.930 Option vdl-logging = yes
2017-02-14 04:42:05.940 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-02-14 04:42:05.940 Machine ID: 01a9aad2482a40eea174a9b0c73437d4
2017-02-14 04:42:05.941 Component SVRTcli.exe version 2.5.6
2017-02-14 04:42:05.941 Component control.dll version 2.5.6
2017-02-14 04:42:05.941 Component SVRTservice.exe version 2.5.6
2017-02-14 04:42:05.941 Component engine\osdp.dll version 1.44.1.2280
2017-02-14 04:42:05.941 Component engine\veex.dll version 3.68.0.2280
2017-02-14 04:42:05.941 Component engine\savi.dll version 9.0.7.2280
2017-02-14 04:42:05.942 Component rkdisk.dll version 1.5.31.1
2017-02-14 04:42:05.942 Version info: Product version 2.5.6
2017-02-14 04:42:05.942 Version info: Detection engine 3.68.0
2017-02-14 04:42:05.942 Version info: Detection data 5.36
2017-02-14 04:42:05.942 Version info: Build date 2/7/2017
2017-02-14 04:42:05.942 Version info: Data files added 158
2017-02-14 04:42:05.942 Version info: Last successful update (not yet updated)
2017-02-14 04:42:10.430 Downloading updates...
2017-02-14 04:42:10.433 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-02-14 04:42:10.433 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-14 04:42:10.433 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-14 04:42:10.433 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-02-14 04:42:10.433 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-02-14 04:42:10.433 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-02-14 04:42:10.433 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-02-14 04:42:10.433 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-02-14 04:42:10.433 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-02-14 04:42:10.433 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-02-14 04:42:10.433 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-02-14 04:42:10.433 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-02-14 04:42:10.433 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-14 04:42:10.958 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-02-14 04:42:10.958 Update progress: [I19463] Product download size 158884372 bytes
2017-02-14 04:42:40.322 Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-02-14 04:42:40.322 Update progress: [I19463] Product download size 2537599 bytes
2017-02-14 04:42:42.115 Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-02-14 04:42:42.115 Update progress: [I19463] Product download size 424038 bytes
2017-02-14 04:42:42.455 Installing updates...
2017-02-14 04:42:43.532 Error level 1
2017-02-14 04:42:52.427 Update successful
2017-02-14 04:43:08.862 Option all = no
2017-02-14 04:43:08.862 Option recurse = yes
2017-02-14 04:43:08.862 Option archive = no
2017-02-14 04:43:08.862 Option service = yes
2017-02-14 04:43:08.862 Option confirm = yes
2017-02-14 04:43:08.862 Option sxl = yes
2017-02-14 04:43:08.864 Option max-data-age = 35
2017-02-14 04:43:08.864 Option vdl-logging = yes
2017-02-14 04:43:08.877 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-02-14 04:43:08.877 Machine ID: 01a9aad2482a40eea174a9b0c73437d4
2017-02-14 04:43:08.878 Component SVRTcli.exe version 2.5.6
2017-02-14 04:43:08.878 Component control.dll version 2.5.6
2017-02-14 04:43:08.878 Component SVRTservice.exe version 2.5.6
2017-02-14 04:43:08.878 Component engine\osdp.dll version 1.44.1.2280
2017-02-14 04:43:08.878 Component engine\veex.dll version 3.68.0.2280
2017-02-14 04:43:08.878 Component engine\savi.dll version 9.0.7.2280
2017-02-14 04:43:08.879 Component rkdisk.dll version 1.5.31.1
2017-02-14 04:43:08.879 Version info: Product version 2.5.6
2017-02-14 04:43:08.880 Version info: Detection engine 3.68.0
2017-02-14 04:43:08.880 Version info: Detection data 5.36
2017-02-14 04:43:08.880 Version info: Build date 2/7/2017
2017-02-14 04:43:08.880 Version info: Data files added 158
2017-02-14 04:43:08.880 Version info: Last successful update 2/13/2017 8:42:52 PM

2017-02-14 04:44:02.590 Warning: rootkit scan failed to open volume "\\?\Volume{3e10846e-358b-11e2-bde0-74e543244a4e}" (5)
2017-02-14 05:48:06.709 Could not open C:\hiberfil.sys
2017-02-14 05:48:30.345 Could not open C:\pagefile.sys
2017-02-14 06:03:02.455 Could not open C:\swapfile.sys
2017-02-14 06:04:34.465 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-14 06:04:34.465 Could not open C:\System Volume Information\{78f327ba-f24e-11e6-93d5-74e543244a4e}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-14 06:04:34.466 Could not open C:\System Volume Information\{8b338414-5dfb-11e6-93cc-74e543244a4e}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-14 06:04:34.466 Could not open C:\System Volume Information\{8c73e03e-a959-11e6-93cd-28924a3bacfb}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-14 06:05:40.633 Could not open C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Current Session
2017-02-14 06:05:40.634 Could not open C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2017-02-14 06:20:05.018 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-02-14 06:20:05.019 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-02-14 06:20:09.619 Could not open C:\Windows\System32\config\BBI
2017-02-14 06:20:09.819 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-02-14 06:20:09.849 Could not open C:\Windows\System32\config\RegBack\SAM
2017-02-14 06:20:09.858 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-02-14 06:20:09.870 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-02-14 06:20:09.871 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-02-14 06:48:46.159 Could not open LOGICAL:0004:00000000
2017-02-14 06:48:46.162 Could not open E:\
2017-02-14 06:48:46.162 Could not open LOGICAL:0010:00000000
2017-02-14 06:48:46.162 Could not open Q:\
2017-02-14 06:48:48.139 Error level 0

2017-02-14 10:20:53.530 Scan completed.
2017-02-14 10:20:53.530

------------------------------------------------------------

Broni · Feb 14, 2017

Update Firefox to the current version.

===================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

glhglh · Feb 15, 2017

Here is still something wrong. after the del program. on Chrome, I got 2 messages Your computer has been blocked: Error % 26803 and other 26803-xc00037

please call immediately 1-68203617

I have to pick my son up from work. I'll copy he whole messages tomorrow.

it says something like if you close program, I'll be locked out for good.
What might this be?

glhglh · Feb 15, 2017

You might be infected with adware / spyware virus
Call 1-866-928-0684 immediately. Fast assistance with removing viruses.
(Toll-FREE, High Priority Call Line)
What you must do:
More about the virus:
Seeing these pop-up’s means that you may have a virus installed on your computer which puts the security of your personal data at a serious risk. It’s strongly advised that you call the number above and get your computer fixed before you continue using your internet, especially for shopping.

Possible Privacy Breach if virus not removed immediately:
Data exposed to risk:
1. Your credit card details and banking information
2. Your e-mail passwords and other account passwords
3. Your Facebook, Skype, AIM, ICQ and other chat logs
4. Your private photos, family photos and other sensitive files
5. Your webcam could be accessed remotely by stalkers with a VPN virus

Action Required

Windows Virus Warning!

Identity Theft and Hacking Possibilities

Identity Theft and Hacking Possibilities
Contact emergency virus support now – 1-844-345-5488
The system may find (149) viruses that pose a serious threat:

Broni · Feb 15, 2017

On Chrome only?
While visiting some particular page?

glhglh · Feb 15, 2017

No, I didn't visit a page, just deleting those programs I thought were a problem, but I think one of them were a problem.
I just ran a mbam:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/15/17
Scan Time: 5:07 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1272
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: HP-RRR\Randy

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375155
Time Elapsed: 18 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Disabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 18
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}, Delete-on-Reboot, [1206], [335831],1.0.1272
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Delete-on-Reboot, [1206], [335828],1.0.1272
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Delete-on-Reboot, [1206], [335828],1.0.1272
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Delete-on-Reboot, [1206], [335828],1.0.1272
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}, Delete-on-Reboot, [1206], [335836],1.0.1272
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{959D527D-6C27-4879-A644-065526D6969C}, Delete-on-Reboot, [1206], [335833],1.0.1272
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\GeekBuddyRSP, Delete-on-Reboot, [2245], [342277],1.0.1272
PUP.Optional.GeekBuddy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\GeekBuddyRSP, Delete-on-Reboot, [2245], [362758],1.0.1272
PUP.Optional.GeekBuddy, HKLM\SYSTEM\SOFTWARE\COMODO\CLPS 4, Delete-on-Reboot, [2245], [342292],1.0.1272
PUP.Optional.InstallCore, HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\ICSW1.18, Delete-on-Reboot, [8], [239562],1.0.1272
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\UNDEFINED, Delete-on-Reboot, [1359], [334354],1.0.1272
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\GeekBuddyRSP, Delete-on-Reboot, [2245], [342277],1.0.1272
PUP.Optional.BrowserAir, HKLM\SOFTWARE\CLASSES\ChromiumHTM.ULZ4VQQJSBHV67A7PRZ3FGL4WY, Delete-on-Reboot, [1852], [262293],1.0.1272
PUP.Optional.SpeedyPC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SpeedyPC Update Version3 Startup Task, Delete-on-Reboot, [2193], [340767],1.0.1272
PUP.Optional.IoloSC, HKLM\SOFTWARE\WOW6432NODE\IOLO\System Checkup, Delete-on-Reboot, [2533], [349242],1.0.1272
PUP.Optional.VBates, HKU\S-1-5-21-2783097096-289569773-1546617986-1001_Classes\SOFTWARE\{76CAC0DC-C42D-4250-8E4A-D2F0344C40AF}, Delete-on-Reboot, [156], [258304],1.0.1272
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\CRSBRWSHTML, Delete-on-Reboot, [8048], [237102],1.0.1272
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-18\SOFTWARE\shopperz281120151811, Delete-on-Reboot, [11162], [255016],1.0.1272

Registry Value: 2
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\UNDEFINED|FLASHPLAYERPRO [1].EXE, Delete-on-Reboot, [1359], [334354],1.0.1272
PUP.Optional.VBates, HKU\S-1-5-21-2783097096-289569773-1546617986-1001_Classes\SOFTWARE\{76CAC0DC-C42D-4250-8E4A-D2F0344C40AF}|NAME, Delete-on-Reboot, [156], [258304],1.0.1272

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.IoloSC, C:\PROGRAMDATA\iolo\SCU, Quarantined, [2533], [349238],1.0.1272
PUP.Optional.DriverDetective, C:\Users\Randy\AppData\Local\PC_Drivers_Headquarters\DriversHQ.DriverDetective_Url_oyrgnd0wu0mkxjtmcylpxdaojzemhpcz\10.1.2.41, Quarantined, [1876], [335963],1.0.1272
PUP.Optional.DriverDetective, C:\Users\Randy\AppData\Local\PC_Drivers_Headquarters\DriversHQ.DriverDetective_Url_oyrgnd0wu0mkxjtmcylpxdaojzemhpcz\10.1.2.44, Quarantined, [1876], [335963],1.0.1272
PUP.Optional.DriverDetective, C:\USERS\RANDY\APPDATA\LOCAL\PC_Drivers_Headquarters\DriversHQ.DriverDetective_Url_oyrgnd0wu0mkxjtmcylpxdaojzemhpcz, Quarantined, [1876], [335963],1.0.1272

File: 13
PUP.Optional.APNToolBar, C:\PROGRAMDATA\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WEATHERBUGSETUP.RES, Delete-on-Reboot, [8742], [76243],1.0.1272
PUP.Optional.APNToolBar, C:\USERS\RANDY\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\THE WEATHER CHANNEL APP.MSI, Delete-on-Reboot, [8742], [76243],1.0.1272
PUP.Optional.PricePeep, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_static.pricepeep00.pricepeep.net_0.localstorage, Delete-on-Reboot, [8942], [241978],1.0.1272
PUP.Optional.PricePeep, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Delete-on-Reboot, [8942], [241978],1.0.1272
PUP.Optional.WinYahoo, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\COMPONENTS\MRT.JS, Delete-on-Reboot, [117], [257707],1.0.1272
PUP.Optional.Yontoo, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage, Delete-on-Reboot, [71], [304355],1.0.1272
PUP.Optional.Yontoo, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage-journal, Delete-on-Reboot, [71], [304355],1.0.1272
PUP.Optional.UTop, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_utop.it_0.localstorage, Delete-on-Reboot, [18070], [258623],1.0.1272
PUP.Optional.UTop, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_utop.it_0.localstorage-journal, Delete-on-Reboot, [18070], [258623],1.0.1272
PUP.Optional.DriverDetective, C:\USERS\RANDY\APPDATA\LOCAL\PC_Drivers_Headquarters\DriversHQ.DriverDetective_Url_oyrgnd0wu0mkxjtmcylpxdaojzemhpcz\10.1.2.41\user.config, Delete-on-Reboot, [1876], [335963],1.0.1272
PUP.Optional.DriverDetective, C:\Users\Randy\AppData\Local\PC_Drivers_Headquarters\DriversHQ.DriverDetective_Url_oyrgnd0wu0mkxjtmcylpxdaojzemhpcz\10.1.2.44\user.config, Delete-on-Reboot, [1876], [335963],1.0.1272
PUP.Optional.WinYahoo, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\COMPONENTS\COMPONENTS.MANIFEST, Removal Failed, [117], [302781],1.0.1272
PUP.Optional.SpeedyPC, C:\WINDOWS\SYSTEM32\TASKS\SPEEDYPC UPDATE VERSION3 STARTUP TASK, Delete-on-Reboot, [2193], [340766],1.0.1272

Physical Sector: 0
(No malicious items detected)

(end)

glhglh · Feb 15, 2017

My brother in law moved back to MN, and as soon as this thing is clean, I'll send it to him. Although I'll set up a login password (which I've done before. the only reason I'm helping this time is it was so screwed up, and I helped him buy the computer. but he's the kind of "old" guy (though he is 6 years younger than me) that doesn't want a password, or to leave Yahoo, where he has had his email since the beginning of time.

glhglh · Feb 15, 2017

Actually, it popped up when I was trying to update the computer, and clicked one of the buttons in the manual update section.

one of the failed to install links from 2/11. in the update history section. I just tried to copy the 5-6 file but I couldn't u cut and paste.

Broni · Feb 15, 2017

How are things now after running MBAM?

glhglh · Feb 15, 2017

The mbam log is up above this After that reboot, opening Chrome was OK, but I ran a Adwcleaner, and after the reboot, Chrome came up and it automatically opened a bunch of tabs.

the spedyPC stuff is down n thre somewhere.

here is the AdwCleaner Log:
# AdwCleaner v6.043 - Logfile created 15/02/2017 at 18:04:44
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Randy - HP-RRR
# Running from : C:\Users\Randy\Desktop\Virus\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\speedypc software
[#] Key deleted on reboot: HKCU\Software\speedypc software
[#] Key deleted on reboot: [x64] HKCU\Software\speedypc software

***** [ Web browsers ] *****

[-] [C:\Users\Randy\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1089 Bytes] - [15/02/2017 18:04:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [1353 Bytes] - [15/02/2017 18:04:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1235 Bytes] ##########

I'll update mbam with defender off.

Broni · Feb 15, 2017

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

glhglh · Feb 15, 2017

OK, but here is a just ompleted mbam scan, with much more back on.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/15/17
Scan Time: 6:19 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1272
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: HP-RRR\Randy

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 430123
Time Elapsed: 29 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Disabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
PUP.Optional.SpeedyPC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5888B29F-A4A4-4A01-83F0-070CAD86847C}, Delete-on-Reboot, [2193], [340768],1.0.1272
PUP.Optional.DriverDetective, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DriversHQ.DriverDetective.Client, Delete-on-Reboot, [1876], [335968],1.0.1272
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{261dc3b1}, Delete-on-Reboot, [46], [260250],1.0.1272
PUP.Optional.ProCleaningSoftware, HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\4a555618_0, Delete-on-Reboot, [1290], [255416],1.0.1272
PUP.Optional.BrowserAir, HKU\S-1-5-21-2783097096-289569773-1546617986-1001_Classes\FTP\DEFAULTICON, Delete-on-Reboot, [1852], [262296],1.0.1272

Registry Value: 2
PUP.Optional.SpeedyPC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5888B29F-A4A4-4A01-83F0-070CAD86847C}|PATH, Delete-on-Reboot, [2193], [340768],1.0.1272
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{261dc3b1}|1, Delete-on-Reboot, [46], [260250],1.0.1272

Registry Data: 23
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{31ea90e4-35d4-4540-a94c-eab28ac7c7e0}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{31ea90e4-35d4-4540-a94c-eab28ac7c7e0}|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{34167375-BE40-466A-AF7E-71F5E33959CD}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3973625b-d550-4482-8626-055c851fa7f8}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3973625b-d550-4482-8626-055c851fa7f8}|DhcpNameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3D493812-5A6C-4569-8948-931983678700}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5d4a1c6d-c9d7-11e5-93ba-806e6f6e6963}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6F79DAF9-0BD7-4158-9C0C-745284478CE4}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{825E0274-4ABB-4A35-83B7-62488622A3B1}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{82f2cad0-7a7c-4d6d-95d4-2003995ef9f1}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{95c3e60d-7d80-41db-be01-e26265544b30}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ed4e3568-60c7-4154-bc8c-83374c0e6f1c}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ed4e3568-60c7-4154-bc8c-83374c0e6f1c}|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove, Quarantined, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\USERS\RANDY\APPDATA\LOCAL\{3A700C2C-1ED8-6094-7340-457C5728B9E4}, Quarantined, [117], [302717],1.0.1272

File: 25
PUP.Optional.APNToolBar, C:\PROGRAMDATA\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WEATHERBUGSETUP.RES, Delete-on-Reboot, [8742], [76243],1.0.1272
PUP.Optional.APNToolBar, C:\USERS\RANDY\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\THE WEATHER CHANNEL APP.MSI, Delete-on-Reboot, [8742], [76243],1.0.1272
PUP.Optional.WinYahoo, C:\USERS\RANDY\APPDATA\LOCAL\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HOWTOREMOVE\HOWTOREMOVE.HTML, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\chromium-min.jpg, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\control panel-min-min.JPG, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\down.png, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\ff menu.JPG, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\ff search engine-min.png, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\hp-min ff.png, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\hp-min ie.png, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\search engine.gif, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\setup pages.gif, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\sp-min.png, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\start-min.jpg, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\HowToRemove\up.png, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.WinYahoo, C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}\noti, Delete-on-Reboot, [117], [302717],1.0.1272
PUP.Optional.SpeedyPC, C:\WINDOWS\SYSTEM32\TASKS\SPEEDYPC UPDATE VERSION3 STARTUP TASK, Delete-on-Reboot, [2193], [340766],1.0.1272
PUP.Optional.PricePeep, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_static.pricepeep00.pricepeep.net_0.localstorage, Delete-on-Reboot, [8942], [241978],1.0.1272
PUP.Optional.PricePeep, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Delete-on-Reboot, [8942], [241978],1.0.1272
PUP.Optional.UTop, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_utop.it_0.localstorage, Delete-on-Reboot, [18070], [258623],1.0.1272
PUP.Optional.UTop, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_utop.it_0.localstorage-journal, Delete-on-Reboot, [18070], [258623],1.0.1272
PUP.Optional.WinYahoo, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\COMPONENTS\COMPONENTS.MANIFEST, Removal Failed, [117], [302781],1.0.1272
PUP.Optional.WinYahoo, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\COMPONENTS\MRT.JS, Delete-on-Reboot, [117], [257707],1.0.1272
PUP.Optional.Yontoo, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage, Delete-on-Reboot, [71], [304355],1.0.1272
PUP.Optional.Yontoo, C:\USERS\RANDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage-journal, Delete-on-Reboot, [71], [304355],1.0.1272

Physical Sector: 0
(No malicious items detected)

(end)

I chose to quarantine all. I'll uninstall Chrome now. maybe not reinstall it. the keys on this computer don't work well.

Broni · Feb 15, 2017

glhglh · Feb 15, 2017

Chrome off, I won't put it back on till all the little bits are gone.

Broni · Feb 15, 2017

Go ahead and re-run MBAM, AdwCleaner and JRT one more time.

glhglh · Feb 15, 2017

From the start again.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Randy (administrator) on HP-RRR (15-02-2017 20:02:24)
Running from C:\Users\Randy\Desktop\Virus
Loaded Profiles: Randy (Available Profiles: Randy & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [576568 2011-11-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\Run: [Chromium] => c:\users\randy\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
ShellIconOverlayIdentifiers: [ CustomFolderNotSynced] -> {4008A679-BE48-456D-A32E-97DE3F48E10D} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll -> No File
ShellIconOverlayIdentifiers: [ CustomFolderSynced] -> {4DD1429E-055B-4585-9E4D-614252FD7FC1} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll -> No File
ShellIconOverlayIdentifiers: [ FileNotSynced] -> {267973DC-2B3C-41CE-93F1-D2C5CCC06663} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll -> No File
ShellIconOverlayIdentifiers: [ FileSynced] -> {DBD42211-56CD-4C08-A3E4-48ED07AD7759} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll -> No File
ShellIconOverlayIdentifiers: [ FolderExcluded] -> {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll -> No File
ShellIconOverlayIdentifiers: [ FolderNotSynced] -> {3E2576B1-5B08-47DE-8803-95C6ECA734EE} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll -> No File
ShellIconOverlayIdentifiers: [ FolderSynced] -> {2858A960-566F-45CF-951E-4B3099E70E6F} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ CustomFolderNotSynced] -> {4008A679-BE48-456D-A32E-97DE3F48E10D} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ CustomFolderSynced] -> {4DD1429E-055B-4585-9E4D-614252FD7FC1} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FileNotSynced] -> {267973DC-2B3C-41CE-93F1-D2C5CCC06663} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FileSynced] -> {DBD42211-56CD-4C08-A3E4-48ED07AD7759} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderExcluded] -> {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderNotSynced] -> {3E2576B1-5B08-47DE-8803-95C6ECA734EE} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderSynced] -> {2858A960-566F-45CF-951E-4B3099E70E6F} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk [2015-12-11]
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\Broderbund\PrintMaster\pmremind.exe (Broderbund Properties LLC)
Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-02-02] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{31ea90e4-35d4-4540-a94c-eab28ac7c7e0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{31ea90e4-35d4-4540-a94c-eab28ac7c7e0}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{34167375-BE40-466A-AF7E-71F5E33959CD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3973625b-d550-4482-8626-055c851fa7f8}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3973625b-d550-4482-8626-055c851fa7f8}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{3D493812-5A6C-4569-8948-931983678700}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d4a1c6d-c9d7-11e5-93ba-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6F79DAF9-0BD7-4158-9C0C-745284478CE4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{825E0274-4ABB-4A35-83B7-62488622A3B1}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{82f2cad0-7a7c-4d6d-95d4-2003995ef9f1}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{95c3e60d-7d80-41db-be01-e26265544b30}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ed4e3568-60c7-4154-bc8c-83374c0e6f1c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ed4e3568-60c7-4154-bc8c-83374c0e6f1c}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655671564010&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655672036951&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655672053665&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19] (Atheros Commnucations)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default [2017-02-11]
FF NewTab: Mozilla\Firefox\Profiles\w1n6vmjf.default -> about:newtab
FF Extension: (No Name) - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\videoresumer@jetpack [not found]
FF Extension: (No Name) - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml [2015-12-15]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2783097096-289569773-1546617986-1001: bluejeans.com/bjninstallplugin -> C:\Users\Randy\AppData\Roaming\Blue Jeans\bjnplugin\2.115.57.5\npbjninstallplugin_2.115.57.5.dll [2015-10-15] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2783097096-289569773-1546617986-1001: bluejeans.com/bjnplugin -> C:\Users\Randy\AppData\Roaming\Blue Jeans\bjnplugin\2.115.57.5\npbjnplugin_2.115.57.5.dll [2015-10-15] (Blue Jeans)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 lehidmini; C:\WINDOWS\system32\drivers\leath_hid.sys [36128 2012-01-19] (Atheros) [File not signed]
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-15] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-29] (Realtek )
S3 ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [10112 2015-06-29] (support.com, Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 wanatw; \SystemRoot\System32\drivers\wanatw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 20:02 - 2017-02-15 20:02 - 00000000 ____D C:\FRST
2017-02-15 18:01 - 2017-02-15 18:04 - 00000000 ____D C:\AdwCleaner
2017-02-14 21:26 - 2017-02-14 21:26 - 00003638 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-14 21:25 - 2017-02-14 21:26 - 00001335 _____ C:\DelFix.txt
2017-02-13 20:41 - 2017-02-13 20:41 - 00000000 ____D C:\ProgramData\Sophos
2017-02-13 20:40 - 2017-02-13 20:40 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-02-13 20:40 - 2017-02-13 20:40 - 00002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2017-02-13 20:40 - 2017-02-13 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-02-13 20:40 - 2017-02-13 20:40 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-02-13 18:54 - 2017-02-13 18:54 - 00000002 _____ C:\WINDOWS\msoffice.ini
2017-02-12 19:56 - 2017-02-13 11:28 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-12 19:55 - 2017-02-15 18:18 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-12 19:55 - 2017-02-15 18:18 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-12 19:55 - 2017-02-12 19:57 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-12 19:55 - 2017-02-12 19:55 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-12 19:55 - 2017-02-12 19:55 - 00001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2017-02-12 19:55 - 2017-02-12 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-12 19:55 - 2017-02-12 19:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-12 19:55 - 2017-02-12 19:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-12 19:55 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-12 16:58 - 2017-02-12 22:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2017-02-12 15:09 - 2017-02-12 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-12 15:09 - 2017-02-12 15:09 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-11 18:00 - 2016-12-20 23:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-02-11 18:00 - 2016-11-22 01:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-02-11 18:00 - 2016-11-22 01:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-02-11 18:00 - 2016-11-22 01:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-02-11 18:00 - 2016-11-22 00:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-02-11 18:00 - 2016-11-22 00:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-02-11 18:00 - 2016-11-22 00:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-02-11 18:00 - 2016-11-22 00:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-02-11 18:00 - 2016-11-21 23:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-02-11 18:00 - 2016-11-21 23:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-02-11 18:00 - 2016-11-21 23:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-02-11 18:00 - 2016-11-21 22:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-02-11 18:00 - 2016-11-21 22:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-02-11 18:00 - 2016-11-02 05:32 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-02-11 18:00 - 2016-11-02 05:31 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-02-11 18:00 - 2016-10-25 01:34 - 00454496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-02-11 18:00 - 2016-10-25 00:32 - 01862000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-02-11 18:00 - 2016-10-25 00:32 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-02-11 18:00 - 2016-10-25 00:32 - 00845568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-02-11 18:00 - 2016-10-25 00:32 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2017-02-11 18:00 - 2016-10-25 00:28 - 01083648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2017-02-11 18:00 - 2016-10-25 00:05 - 00712032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-11 18:00 - 2016-10-24 23:45 - 00032096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2017-02-11 18:00 - 2016-10-24 23:39 - 00306840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-02-11 18:00 - 2016-10-24 23:37 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-11 18:00 - 2016-10-24 23:37 - 01349632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-11 18:00 - 2016-10-24 23:37 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-02-11 18:00 - 2016-10-24 23:37 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-02-11 18:00 - 2016-10-24 23:37 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-11 18:00 - 2016-10-24 23:37 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-02-11 18:00 - 2016-10-24 23:31 - 01824272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-02-11 18:00 - 2016-10-24 23:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-02-11 18:00 - 2016-10-24 23:30 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-02-11 18:00 - 2016-10-24 23:29 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-02-11 18:00 - 2016-10-24 23:27 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-11 18:00 - 2016-10-24 23:27 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-11 18:00 - 2016-10-24 23:27 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-02-11 18:00 - 2016-10-24 23:26 - 05240952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-02-11 18:00 - 2016-10-24 23:26 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-02-11 18:00 - 2016-10-24 23:26 - 01355344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2017-02-11 18:00 - 2016-10-24 23:26 - 00836752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-02-11 18:00 - 2016-10-24 23:26 - 00569752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-02-11 18:00 - 2016-10-24 23:22 - 00268040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-02-11 18:00 - 2016-10-24 23:19 - 00295776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-11 18:00 - 2016-10-24 23:18 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-02-11 18:00 - 2016-10-24 22:56 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-02-11 18:00 - 2016-10-24 22:54 - 00273760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-02-11 18:00 - 2016-10-24 22:53 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-02-11 18:00 - 2016-10-24 22:27 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-02-11 18:00 - 2016-10-24 22:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-02-11 18:00 - 2016-10-24 22:21 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2017-02-11 18:00 - 2016-10-24 22:08 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-02-11 18:00 - 2016-10-24 22:06 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-02-11 18:00 - 2016-10-24 22:00 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-02-11 18:00 - 2016-10-24 21:59 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-02-11 18:00 - 2016-10-24 21:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-02-11 18:00 - 2016-10-24 21:50 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-02-11 18:00 - 2016-10-24 21:50 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-02-11 18:00 - 2016-10-24 21:50 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-11 18:00 - 2016-10-24 21:49 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-02-11 18:00 - 2016-10-24 21:49 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3ui.dll
2017-02-11 18:00 - 2016-10-24 21:48 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-02-11 18:00 - 2016-10-24 21:48 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-02-11 18:00 - 2016-10-24 21:45 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-02-11 18:00 - 2016-10-24 21:45 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneOm.dll
2017-02-11 18:00 - 2016-10-24 21:44 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2017-02-11 18:00 - 2016-10-24 21:43 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\filemgmt.dll
2017-02-11 18:00 - 2016-10-24 21:42 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-02-11 18:00 - 2016-10-24 21:41 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-02-11 18:00 - 2016-10-24 21:39 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-02-11 18:00 - 2016-10-24 21:39 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-02-11 18:00 - 2016-10-24 21:39 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-11 18:00 - 2016-10-24 21:37 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2017-02-11 18:00 - 2016-10-24 21:37 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-02-11 18:00 - 2016-10-24 21:37 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-02-11 18:00 - 2016-10-24 21:36 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-02-11 18:00 - 2016-10-24 21:36 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-02-11 18:00 - 2016-10-24 21:36 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-02-11 18:00 - 2016-10-24 21:36 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-02-11 18:00 - 2016-10-24 21:36 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64

Solved Will my brother in law ever learn?

Posts: 56,041 +516

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Similar threads