Inactive Am I Infected? I hope not.

[LadyNia]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Roniesha (administrator) on RONIESHA-PC (12-02-2017 17:37:48)
Running from C:\Users\Roniesha\Downloads
Loaded Profiles: Roniesha (Available Profiles: Roniesha)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\DFDWiz.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
() C:\Windows\System32\rpcnetp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Spotify Ltd) C:\Users\Roniesha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-09] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-240996578-1074617293-3798557580-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-240996578-1074617293-3798557580-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-240996578-1074617293-3798557580-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\PROGRA~2\LEEGTS~1\GARDEN~1\GARDEN~1.SCR
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\windows\system32\pfmshx_463.dll [2010-07-07] (Pismo Technic Inc.)
ShellIconOverlayIdentifiers-x32: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\windows\SysWOW64\pfmshx_463.dll [2010-07-07] (Pismo Technic Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-08-16]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk /p \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4EF48F28-E890-4FA3-958F-9D3CF4758812}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DDFA4058-A472-4BD4-9EBE-2ED56EEC7E17}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-240996578-1074617293-3798557580-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-240996578-1074617293-3798557580-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> DefaultScope {EB57A574-A870-4C23-A4BA-E6B103D36DEA} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {EB57A574-A870-4C23-A4BA-E6B103D36DEA} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {B8AC39AA-E99E-471A-BA39-14AC1D08D100} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {B8AC39AA-E99E-471A-BA39-14AC1D08D100} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-240996578-1074617293-3798557580-1001 -> DefaultScope {4A39D7B3-8E1D-49C3-AC6B-75649473CC2E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS429
SearchScopes: HKU\S-1-5-21-240996578-1074617293-3798557580-1001 -> {4A39D7B3-8E1D-49C3-AC6B-75649473CC2E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS429
SearchScopes: HKU\S-1-5-21-240996578-1074617293-3798557580-1001 -> {B8AC39AA-E99E-471A-BA39-14AC1D08D100} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2017-02-09] (F-Secure Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files (x86)\ArcSoft\MediaConverter 2.5 for Philips\Stream Ripper\ArcURLRecord.dll [2008-11-12] (ArcSoft, Inc.)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2017-02-09] (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Roniesha\AppData\Roaming\Mozilla\Firefox\Profiles\32xqvx46.default-1462243994895 [2017-02-09]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Roniesha\AppData\Roaming\Mozilla\Firefox\Profiles\32xqvx46.default-1462243994895\Extensions\artur.dubovoy@gmail.com [2017-01-14]
FF Extension: (Print Edit WE) - C:\Users\Roniesha\AppData\Roaming\Mozilla\Firefox\Profiles\32xqvx46.default-1462243994895\Extensions\printedit-we@DW-dev.xpi [2016-11-05]
FF Extension: (Print Edit) - C:\Users\Roniesha\AppData\Roaming\Mozilla\Firefox\Profiles\32xqvx46.default-1462243994895\Extensions\printedit@DW-dev.xpi [2016-12-20]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2017-02-09]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-240996578-1074617293-3798557580-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Roniesha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-240996578-1074617293-3798557580-1001: @talk.google.com/O1DPlugin -> C:\Users\Roniesha\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-240996578-1074617293-3798557580-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Roniesha\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-240996578-1074617293-3798557580-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Roniesha\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-240996578-1074617293-3798557580-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roniesha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Roniesha\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Roniesha\AppData\Roaming\mo

 

[LadyNia]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Roniesha\AppData\Local\Google\Chrome\User Data\Default [2017-02-12]
CHR Extension: (Google Cast) - C:\Users\Roniesha\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-15]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Roniesha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-10-18]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Roniesha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-09-10]
CHR Extension: (Grammarly for Chrome) - C:\Users\Roniesha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roniesha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Roniesha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-30]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.QXI4CXIPSDV2JQQCDXJBTQWEDE - C:\Users\Roniesha\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [186840 2016-03-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-11-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [123320 2013-09-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-22] (DT Soft Ltd)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [229080 2017-02-02] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [106712 2017-02-02] (F-Secure Corporation)
R0 fsbts; C:\windows\System32\Drivers\fsbts.sys [73928 2016-07-06] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [110288 2017-02-09] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2015-10-08] ()
R1 pfmfs_463; C:\windows\System32\Drivers\pfmfs_463.sys [249704 2010-07-07] (Pismo Technic Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-14] ()
S3 WsAudioDevice_383S(1); C:\windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 WsAudio_Device; C:\windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
U3 WsDrvInst; C:\Program Files (x86)\KeepVid\KeepVid Music\DriverInstall.exe [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 17:37 - 2017-02-12 17:40 - 00024801 _____ C:\Users\Roniesha\Downloads\FRST.txt
2017-02-12 17:36 - 2017-02-12 17:37 - 00000000 ____D C:\FRST
2017-02-12 17:35 - 2017-02-12 17:35 - 02421248 _____ (Farbar) C:\Users\Roniesha\Downloads\FRST64.exe
2017-02-12 01:08 - 2017-02-12 01:08 - 00051258 _____ C:\Users\Roniesha\Downloads\great-vibes.zip
2017-02-12 00:24 - 2017-02-12 00:24 - 00002984 _____ C:\windows\System32\Tasks\{9027F463-DE06-4782-A507-7120E60D9803}
2017-02-03 23:22 - 2017-02-03 23:22 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-02-03 23:22 - 2017-02-03 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-02-03 22:47 - 2017-02-03 22:49 - 162481144 _____ (Sophos Limited) C:\Users\Roniesha\Downloads\Sophos Virus Removal Tool.exe
2017-01-31 21:52 - 2017-01-31 21:52 - 139594041 _____ C:\Users\Roniesha\Downloads\dwayne Baskin revival day 3.mp4
2017-01-31 14:42 - 2017-01-31 14:42 - 11372089 _____ C:\Users\Roniesha\Desktop\Roniesha biggs bi weekly payment 2.pdf
2017-01-31 14:39 - 2017-01-31 14:39 - 11331664 _____ C:\Users\Roniesha\Desktop\Roniesha biggs bi weekly payment copy.pdf
2017-01-31 14:33 - 2017-01-31 14:33 - 11329670 _____ C:\Users\Roniesha\Desktop\Roniesha biggs bi weekly payment.pdf
2017-01-31 12:33 - 2017-01-31 12:33 - 65088438 _____ C:\Users\Roniesha\Downloads\dwayne baskin revival day 2 2.mp4
2017-01-31 12:32 - 2017-01-31 12:32 - 28472068 _____ C:\Users\Roniesha\Downloads\dwayne baskin revival day 2.mp4
2017-01-27 19:07 - 2017-01-27 19:09 - 331984819 _____ C:\Users\Roniesha\Downloads\Dwayne Baskin Arkansas Preaching.mp4
2017-01-23 18:55 - 2017-01-24 19:57 - 00000000 ____D C:\Users\Roniesha\AppData\LocalLow\uTorrent
2017-01-21 09:58 - 2017-01-21 09:58 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-21 09:56 - 2017-01-21 09:28 - 00110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2017-01-21 09:29 - 2017-01-21 09:28 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-01-21 09:27 - 2017-01-21 09:27 - 00000000 ____D C:\Program Files\Java
2017-01-16 21:44 - 2017-01-17 00:27 - 00000000 ____D C:\Users\Roniesha\Downloads\Joonie
2017-01-15 08:44 - 2017-01-15 08:44 - 00034095 _____ C:\Users\Roniesha\Desktop\Roniesha Printing the Driver History Report 1-15-2017.pdf
2017-01-15 08:43 - 2017-01-15 08:43 - 00105855 _____ C:\Users\Roniesha\Desktop\Roniesha dmv Payment Confirmation 1-15-2017.pdf
2017-01-14 15:54 - 2017-01-14 15:54 - 32718574 _____ C:\Users\Roniesha\Desktop\mama edison bill 2.pdf
2017-01-14 15:52 - 2017-01-14 15:52 - 27482931 _____ C:\Users\Roniesha\Desktop\Mama's edison bill 1.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 17:25 - 2015-11-28 01:33 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-02-12 17:22 - 2012-12-06 11:45 - 00000000 ____D C:\Users\Roniesha\AppData\Local\Spotify
2017-02-12 16:57 - 2012-12-06 11:45 - 00000000 ____D C:\Users\Roniesha\AppData\Roaming\Spotify
2017-02-11 23:15 - 2011-05-30 20:47 - 00000000 ____D C:\Users\Roniesha\AppData\Local\ElevatedDiagnostics
2017-02-11 23:07 - 2009-07-13 22:45 - 00018736 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-11 23:07 - 2009-07-13 22:45 - 00018736 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-11 22:46 - 2014-07-19 00:16 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.dll
2017-02-11 22:46 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-02-11 22:43 - 2015-10-28 19:36 - 00000000 ____D C:\Users\Roniesha\Desktop\Woman of Truth
2017-02-11 22:42 - 2011-05-10 23:52 - 03085124 _____ C:\windows\ntbtlog.txt
2017-02-11 20:57 - 2014-05-14 21:46 - 00000000 ____D C:\Users\Roniesha\Desktop\Rozjae
2017-02-09 20:18 - 2016-03-03 16:54 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-09 20:12 - 2014-07-19 00:16 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.exe
2017-02-09 20:12 - 2011-04-21 13:49 - 00017920 _____ C:\windows\system32\rpcnetp.exe
2017-02-09 19:08 - 2016-11-22 16:49 - 00000000 ____D C:\Users\Roniesha\AppData\LocalLow\Mozilla
2017-02-09 19:04 - 2011-12-31 13:45 - 00000000 ____D C:\Program Files (x86)\Viva Media
2017-02-03 19:27 - 2009-07-13 23:13 - 00006226 _____ C:\windows\system32\PerfStringBackup.INI
2017-02-03 13:56 - 2014-07-23 18:05 - 00000000 ____D C:\Users\Roniesha\Documents\Springleaf
2017-02-01 22:47 - 2016-02-16 16:59 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 22:47 - 2016-02-16 16:59 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-31 19:42 - 2016-12-16 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 19:42 - 2016-02-03 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 21:57 - 2016-02-03 22:28 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-29 21:57 - 2016-02-03 22:28 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-29 18:39 - 2013-11-01 03:10 - 00000000 ____D C:\ProgramData\Ashampoo
2017-01-27 19:12 - 2012-08-31 01:03 - 00000000 ____D C:\Users\Roniesha\AppData\Roaming\uTorrent
2017-01-27 19:04 - 2013-11-04 23:47 - 00000000 ____D C:\Users\Roniesha\Desktop\Mama
2017-01-27 17:14 - 2015-09-02 17:29 - 00000000 ____D C:\Users\Roniesha\Desktop\Business License
2017-01-24 19:57 - 2009-07-13 23:08 - 00032586 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-01-23 19:06 - 2015-10-28 19:44 - 00000000 ____D C:\Users\Roniesha\AppData\Local\CrashDumps
2017-01-21 10:06 - 2013-10-19 05:22 - 00002669 _____ C:\Users\Roniesha\Desktop\µTorrent.lnk
2017-01-21 10:06 - 2013-10-19 05:22 - 00002669 _____ C:\Users\Roniesha\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-01-21 09:58 - 2015-07-23 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-21 09:57 - 2013-06-01 07:47 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-19 20:15 - 2015-10-28 17:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-17 00:38 - 2016-09-11 04:34 - 00000000 ____D C:\Users\Roniesha\AppData\Roaming\Audacity
2017-01-16 21:02 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache

==================== Files in the root of some directories =======

2016-05-11 12:34 - 2016-05-11 12:34 - 6748160 _____ () C:\Program Files (x86)\GUTCF51.tmp
2016-08-05 10:43 - 2016-08-05 10:43 - 0000000 _____ () C:\Users\Roniesha\AppData\Local\{8A18C3F8-BCD0-4044-B856-7C19489D4A29}

Some files in TEMP:
====================
2017-02-09 18:58 - 2016-10-13 18:22 - 0323927 _____ () C:\Users\Roniesha\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-24 22:33

==================== End of FRST.txt ============================

 

[LadyNia]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Roniesha (12-02-2017 17:41:40)
Running from C:\Users\Roniesha\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-25 19:08:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-240996578-1074617293-3798557580-500 - Administrator - Disabled)
Guest (S-1-5-21-240996578-1074617293-3798557580-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-240996578-1074617293-3798557580-1004 - Limited - Enabled)
Roniesha (S-1-5-21-240996578-1074617293-3798557580-1001 - Administrator - Enabled) => C:\Users\Roniesha

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Computer Security by F-Secure (Enabled - Up to date) {4CBE0CB6-C6C6-9D82-ECD2-A076E5981AC9}
AS: Computer Security by F-Secure (Enabled - Up to date) {F7DFED52-E0FC-920C-D662-9B049E1F5074}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-240996578-1074617293-3798557580-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
Charter Security Suite (HKLM-x32\...\F-Secure ServiceEnabler 42626) (Version: 2.50.214.0 - F-Secure Corporation)
Charter Security Suite (x32 Version: 2.50.214.0 - F-Secure Corporation) Hidden
ChromecastApp (HKU\S-1-5-21-240996578-1074617293-3798557580-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Computer Security 14.150.101.0 (release) (x32 Version: 14.150.101.0 - F-Secure Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.72.115.709 (release) (x32 Version: 1.72.115.709 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.04.119 (x32 Version: 1.04.119 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.09.109.0 (release) (x32 Version: 1.09.109.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.51 - Conexant Systems)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mavis Beacon Keyboarding Kidz (remove only) (HKLM-x32\...\Mavis Beacon Keyboarding Kidz) (Version: - Encore Software, Inc.)
Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
MediaConverter 2.5 for Philips (HKLM-x32\...\{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}) (Version: 2.5.2.114 - ArcSoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Online Safety 2.150.3659.2518 (x32 Version: 2.150.3659.2518 - F-Secure Corporation) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Product Improvement Study for HP Deskjet 1010 series (HKLM\...\{CF7BA3AB-8B08-46C9-B187-514EA7719CCC}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
Rootkit Unhooker LE 3.8 SR 2 (HKLM-x32\...\{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1) (Version: - UG North)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version: - )
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Spotify (HKU\S-1-5-21-240996578-1074617293-3798557580-1001\...\Spotify) (Version: 1.0.47.13.gd8e05b1f - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Tax Forms Helper 2009 9.0 (HKLM-x32\...\Tax Forms Helper 2009_is1) (Version: - )
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.04.01.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.6.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.04.01.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.6.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Unity Web Player (HKU\S-1-5-21-240996578-1074617293-3798557580-1001\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)

 

[LadyNia]

Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-240996578-1074617293-3798557580-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Roniesha\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-240996578-1074617293-3798557580-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Roniesha\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-240996578-1074617293-3798557580-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Roniesha\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-240996578-1074617293-3798557580-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Roniesha\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-240996578-1074617293-3798557580-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Roniesha\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B6C9B34-DB34-4D0D-BDEC-1F52B554F001} - System32\Tasks\{B893A00E-2957-4F52-AD8E-F171C194AE31} => C:\Program Files (x86)\LeeGT-Games\Soap Opera Dash\Soap Opera Dash.exe
Task: {0FFB3629-4298-4591-ACEC-87012AADC64F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0979714ddbec8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {119997EB-F8DD-464B-A153-FB9036E6E96B} - System32\Tasks\{E009FCF7-48A5-4B0F-A808-421A78499CC0} => pcalua.exe -a "C:\Users\Roniesha\Downloads\Sally's Salon.exe"
Task: {16258C1A-1826-41F7-9319-C7268AA8E043} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1E04B19B-CDF5-4818-869E-A437EFF392F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1F5C99D0-8CCC-4165-B6AA-1451BFC546C8} - System32\Tasks\{88464559-5886-4B84-B5A0-FB8C545443E2} => C:\Program Files (x86)\eReflect\Ultimate Typing 2014\UberReader.exe
Task: {3054CF26-D050-4A61-9FCB-0005E1A95E0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {36234A4B-783A-489F-9EAA-A7598522C857} - System32\Tasks\{AFF86D99-7F54-4D51-B2DC-2C9C229A7365} => pcalua.exe -a C:\Users\Roniesha\Downloads\AdobeFlashPlayer_13.0.0.182_NPAPI_SPS.exe -d C:\Users\Roniesha\Downloads
Task: {4902A7FD-A5D2-4532-BC33-934F62C7B88A} - System32\Tasks\HPCustParticipation HP Deskjet 1010 series => C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {4B3F3595-BC64-458B-AF6F-2C0AB7D3E3BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001UA1d0bf8a3fef3382 => C:\Users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4F34285E-59FB-47CF-B6E2-20E2C575A73A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001Core => C:\Users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6E4DED02-3E76-4B0A-A984-695E7138D0B3} - System32\Tasks\{ABE0BA1D-DA1C-4D97-B748-E2CCD3548EEF} => pcalua.exe -a C:\Users\Roniesha\Downloads\AdobeAIRInstaller_3.2.0.2070(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {6E90C30B-C6D0-43F0-B2EE-6578CEB5EFBC} - System32\Tasks\{9027F463-DE06-4782-A507-7120E60D9803} => C:\Users\Roniesha\AppData\Roaming\Spotify\spotify.exe [2017-01-28] (Spotify Ltd)
Task: {6EE6F16B-D899-4E84-A502-2FFC4F5AD65F} - System32\Tasks\{E850DFC7-FC61-400D-BB87-380CDF968A9C} => C:\Users\Roniesha\Downloads\Youda Sushi Chef 2\Youda Sushi Chef 2.exe
Task: {7042232D-29DA-4E52-9589-D8C2AAFB5578} - System32\Tasks\{E9BF7DEC-8C0F-4BDB-BC73-C7C0E37841A1} => pcalua.exe -a C:\Users\Roniesha\Downloads\0007-64bit_Win7_Win8_Win81_Win10_R280.exe -d C:\Users\Roniesha\Downloads
Task: {771A709D-B316-49C4-A98C-A5927FE02AA6} - System32\Tasks\{192676B3-AC3A-4E20-8BE3-DA1E1AA35E03} => pcalua.exe -a "C:\Users\Roniesha\Downloads\Typing Master Pro Portable . Increase your touch typing speed $@YW@+.exe" -d C:\Users\Roniesha\Downloads
Task: {8716AB40-183A-485A-A3DA-44EEA8AE8F8C} - System32\Tasks\{7D744E18-2B63-4F30-9B7F-188767C8A556} => C:\Program Files (x86)\LeeGT-Games\Soap Opera Dash\Soap Opera Dash.exe
Task: {9731E343-6F90-443E-8AD5-7F0D727DD4B5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {9BB41EA9-5E67-491D-99FE-E6FF98CF3ACB} - System32\Tasks\{111B9668-5548-49E2-8146-63B7ADD03D5B} => C:\Users\Roniesha\Downloads\portcs6\Adobe Photoshop CS6 Portable Final\Adobe Photoshop CS6.exe [2012-04-28] (Adobe Systems, Incorporated)
Task: {A24176B0-74E4-4093-8014-16A0016D956A} - System32\Tasks\{D5879688-683B-4257-81A2-5D4401CA1FF5} => pcalua.exe -a C:\Users\Roniesha\Downloads\AdobeAIRInstaller_3.2.0.2070.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A85DD900-EFA7-4242-9E4C-0674E6AC7B8D} - System32\Tasks\{661274CC-BFAB-4A40-9D0D-A0C9A7373283} => pcalua.exe -a "C:\Users\Roniesha\Downloads\Firefox Setup 10.0.3esr en-US.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A88EB7FE-759E-4CC3-8C19-D6AB71ADEFD7} - System32\Tasks\{F9C3695D-CE87-486A-9357-A429033661C2} => C:\Program Files (x86)\LeeGT-Games\Soap Opera Dash\Soap Opera Dash.exe
Task: {AD96C16C-83AE-4F74-B7E1-9981B4377A7A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {BF50930B-59F2-4282-B6FD-61B4F7B3F308} - System32\Tasks\{AF58DA8E-24B9-4EC0-8439-7C2E2B0B9056} => C:\Program Files (x86)\LeeGT-Games\Soap Opera Dash\Soap Opera Dash.exe
Task: {C3DC06BC-6A73-43E8-A87C-2BB554085748} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001UA => C:\Users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CB8878BE-3DC8-45A3-93DC-2E0861DE777B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001Core1d0bf8a3f9a0d63 => C:\Users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EA285F96-EDA1-4DBD-8C69-26409C30B6AF} - System32\Tasks\{80CE851A-F3DA-402D-AF72-87FC83EECE88} => pcalua.exe -a "C:\Program Files (x86)\LeeGT-Games\Posh Boutique 2\Uninstall.exe"
Task: {ED5518FA-5473-4D6C-8A9A-30B0FEF21BBB} - System32\Tasks\F-Secure\F-Secure GUI => C:\Program Files (x86)\Charter Security Suite\FsGuiStarter.exe [2016-03-11] (F-Secure Corporation)
Task: {F70F367A-2532-4996-9052-94BA8CE77C13} - System32\Tasks\GoogleUpdateTaskMachineCore1d0979714722a25 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FC052D87-9E8C-4161-8952-1E0E84BAC1FC} - System32\Tasks\{A3D411AA-FA49-4E80-BBA8-24FBD5D00E99} => C:\Program Files (x86)\LeeGT-Games\Soap Opera Dash\Soap Opera Dash.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001Core.job => C:\Users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001UA.job => C:\Users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-04-21 13:49 - 2017-02-09 20:12 - 00017920 _____ () C:\windows\System32\rpcnetp.exe
2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-04-21 20:59 - 2009-06-22 16:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 18:38 - 2009-07-25 18:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-03-12 16:41 - 2010-03-12 16:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2017-02-01 22:47 - 2017-02-01 03:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-01 22:47 - 2017-02-01 03:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2013-12-12 01:53 - 2015-11-24 04:26 - 00072744 _____ () C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2016-03-11 15:14 - 2016-03-11 15:14 - 00250840 _____ () C:\Program Files (x86)\Charter Security Suite\daas2.dll
2013-12-12 01:54 - 2016-12-16 19:24 - 00212008 _____ () C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Spam Control\fsas.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\system32\autochk.exe:BAK [46082]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-04-15 21:21 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-240996578-1074617293-3798557580-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roniesha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

 

[LadyNia]

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5BBE83AC-61F3-4609-8BE0-ED98014E33F1}] => C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{81524BE9-6950-4B3B-8866-78186B3174AE}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E5166D07-C376-4003-9B98-998742B85EBD}] => svchost.exe
FirewallRules: [{6293584A-539D-4E8B-A2C8-90E0F78E5BAF}] => C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{8269AF98-8C46-4297-A4FA-A79F83EBF8A0}] => C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{99DE69E3-6630-4AF0-9446-33F674A9A11C}] => C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{058A8B67-1DA1-4E71-8C7C-9C921AEFD840}] => LPort=50000
FirewallRules: [{FC4D7973-AB29-4E20-8E70-1D80A63C09DD}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{337C2A1E-841A-4122-B25C-C68CE2F249C4}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{C86C9A69-AC0A-4AC3-8D6F-5C15577C1860}] => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{51B2414D-6A5F-46A4-BD66-D54D0E26FD71}] => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{BF87F10D-FE6A-4EE3-A6C2-35A567FB572A}] => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{F046B235-7A0C-4731-91D1-733BCDFFC339}] => C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [TCP Query User{DAD48BB4-2089-48A0-A497-C924654CFE9B}C:\users\roniesha\appdata\roaming\spotify\spotify.exe] => C:\users\roniesha\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{99170261-C352-4E79-B712-32611E7E6B94}C:\users\roniesha\appdata\roaming\spotify\spotify.exe] => C:\users\roniesha\appdata\roaming\spotify\spotify.exe
FirewallRules: [{26990C6A-241C-4E73-B509-2FC6B66D092C}] => C:\Users\Roniesha\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{09AB8044-83A3-43A2-813A-308D63552807}] => C:\Users\Roniesha\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{19F7DD74-CE2A-4EF7-9EBD-65FAD7EB013F}] => C:\Users\Roniesha\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{156B1892-ACE5-49A6-B73A-21A4B6DA50BF}] => C:\Users\Roniesha\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2C65E9E0-AF90-46BC-B147-9CF9D6E87BFC}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6B8EB305-1165-4CDD-ABCC-C32DB10013DF}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{6AF93834-50E2-47F8-946A-0E0437388F0C}C:\games\nicole 1.0\winter_wolves_howler.exe] => C:\games\nicole 1.0\winter_wolves_howler.exe
FirewallRules: [UDP Query User{FBC31203-1BA1-494C-B8BB-CB311DC6C202}C:\games\nicole 1.0\winter_wolves_howler.exe] => C:\games\nicole 1.0\winter_wolves_howler.exe
FirewallRules: [{D4016005-DF26-44B0-A319-D917ECBDF2F6}] => C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{8792753A-2DF0-46F6-8504-3A397D1857F1}] => C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{CBBD986A-6F8E-4A89-A977-48B0DDFE182A}] => C:\Users\Roniesha\AppData\Local\Temp\7zS6EBD\HPDiagnosticCoreUI.exe
FirewallRules: [{9693B6FA-8398-4BF4-90B7-BF6FF997C46F}] => C:\Users\Roniesha\AppData\Local\Temp\7zS6EBD\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{54ADE568-195E-4214-B719-276DB9714630}C:\users\roniesha\appdata\roaming\spotify\spotify.exe] => C:\users\roniesha\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{00D89A1E-7742-44B2-9A14-B8F292DD3BCE}C:\users\roniesha\appdata\roaming\spotify\spotify.exe] => C:\users\roniesha\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5715D06E-CAC5-4A5C-A49C-B9598E01213F}C:\program files (x86)\aimersoft\video converter ultimate\urlreqservice.exe] => C:\program files (x86)\aimersoft\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{15156649-671F-4331-A7A2-0ADBE0BE24FF}C:\program files (x86)\aimersoft\video converter ultimate\urlreqservice.exe] => C:\program files (x86)\aimersoft\video converter ultimate\urlreqservice.exe
FirewallRules: [TCP Query User{6BEA04BA-FF83-41B7-A692-C01F46D7E180}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{F7D91AD9-88B2-489B-989F-20F4409A139C}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [TCP Query User{AEDA6461-EE07-4213-97FD-D007B0717FA9}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F9029A93-2212-4047-BC27-8FEA4C1DBDDF}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3808C81A-4A34-4574-B58D-98218AB9BC0E}C:\program files (x86)\aimersoft\video converter ultimate\urlreqservice.exe] => C:\program files (x86)\aimersoft\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{847977F4-48F6-4B4F-BDCE-3007AD9553C1}C:\program files (x86)\aimersoft\video converter ultimate\urlreqservice.exe] => C:\program files (x86)\aimersoft\video converter ultimate\urlreqservice.exe
FirewallRules: [{9D32BE67-CE08-45A4-9115-8CE6D321C9C8}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E761291-0D70-4094-B4C0-D77FB8B720AB}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9298C684-9A2E-4AD7-84E6-2932B96428A6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A07A5CDC-E5CC-4D48-99F7-BAE140E57A76}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F4884E3-FD89-423D-B6BB-66B43F41ED6B}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7742B381-5274-43E3-8D8C-B41584CCEFF2}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FB226528-499D-46A5-A555-123E4101CD16}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB07E0DA-9484-4C08-936A-708801AE33FF}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92BC1183-0002-4525-B227-6BCF3A83CC2D}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{224D1732-6635-44A9-8C2A-19B13ED9CFA1}] => C:\Users\Roniesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6137DD6C-B176-42DF-8CDB-94611D7B88D4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-02-2017 23:21:30 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2017 05:03:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (02/12/2017 12:30:31 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2017-02-12 00:30:26-05:00 RONIESHA-PC Roniesha-PC\Roniesha F-Secure Anti-Virus
Scanning of C:\USERS\RONIESHA\DOWNLOADS\PORTCS6\ADOBE PHOTOSHOP CS6 PORTABLE FINAL\ADOBE PHOTOSHOP CS6.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (02/12/2017 12:00:28 AM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (02/11/2017 11:53:19 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2017-02-11 23:53:13-05:00 RONIESHA-PC Roniesha-PC\Roniesha F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\PFMAPI_463.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (02/11/2017 11:22:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/11/2017 11:13:22 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (02/11/2017 10:56:44 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2017-02-11 22:56:43-05:00 RONIESHA-PC RONIESHA-PC\Roniesha F-Secure Anti-Virus
No scanner engines loaded and enabled. Virus protection is disabled.

Error: (02/11/2017 10:52:36 PM) (Source: THSA) (EventID: 100) (User: )
Description: %1

Error: (02/11/2017 10:45:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (02/09/2017 08:01:15 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2017-02-09 20:01:13-05:00 RONIESHA-PC RONIESHA-PC\Roniesha F-Secure Anti-Virus
No scanner engines loaded and enabled. Virus protection is disabled.


System errors:
=============
Error: (02/12/2017 04:58:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (02/12/2017 02:02:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

Error: (02/11/2017 11:53:06 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (02/11/2017 11:34:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (02/11/2017 11:02:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (02/11/2017 10:56:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/11/2017 10:52:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Toshiba Laptop Checkup Application Launcher service hung on starting.

Error: (02/11/2017 10:36:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server:
{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (02/11/2017 10:27:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/11/2017 10:27:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2016-04-15 22:21:10.180
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-15 22:21:09.806
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-26 17:57:57.525
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-26 17:57:57.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-26 17:57:56.948
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-26 17:57:56.683
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-09 19:02:26.425
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 19:02:26.345
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 19:02:26.125
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-09 19:02:26.045
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 48%
Total physical RAM: 3932.95 MB
Available physical RAM: 2044.34 MB
Total Virtual: 7864.07 MB
Available Virtual: 5043.14 MB

==================== Drives ================================

Drive c: (TI105868W0C) (Fixed) (Total:281.25 GB) (Free:17.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (My ISO) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8C04C798)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=281.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=17)

==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

You're not saying what the issues are.

 

[LadyNia]

My laptop keeps telling me that Windows Defender isn't turned on and also that my Fsecure antivirus isn't turned on and when I try to turn them both on it doesn't do anything.

 

[Broni]

So far I don't see much.
We can run some more checks but first...

Did you try to reinstall F-Secure?

 

[LadyNia]

Nope I didn't try to reinstall F-secure. I was wondering if it is the reason why my computer is acting wonky. Right now I just got a message that says Windows Defender needs to scan your computer.

 

[Broni]

Go ahead and reinstall F-Secure to see if it'll work.

 

[LadyNia]

Okay I did uninstall the F-secure but can't reinstall it because we no longer have Charter which the anti-virus was being offered through. However the computer seems to load a little faster but now it is saying that Windows Defender encountered an error: 0x800106ba.

 

[Broni]

You must have some AV program running...

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 and 10 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.

Next...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.