Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unwanted One System [Solved]

Started by Bezzy , Dec 29 2015 06:46 AM

  • This topic is locked This topic is locked

#1
Bezzy
Posted 29 December 2015 - 06:46 AM

Bezzy

    New Member

  • Member
  • Pip
  • 6 posts

Hello Geeks,

 

Please could I get some help to get rid of One System from my HP Stream?

 

It's even more irritating than Christmas pine needles in your new fluffy slippers.


  • 0

Advertisements

#2
Essexboy
Posted 29 December 2015 - 09:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first I will need a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please post both logs generated.

  • 0

#3
Bezzy
Posted 30 December 2015 - 07:04 AM

Bezzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Ok, so far so good.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by Kate (administrator) on HOMEWORKMACHINE (30-12-2015 12:59:17)
Running from C:\Users\Kate\Downloads
Loaded Profiles: Kate (Available Profiles: Kate & edieb & dougb)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Web Bar Media) C:\Program Files\WebBar\2.0.5749.22382\wb.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-12] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-09-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-09] (Lavasoft)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c0b8b981-560d-4934-a9c2-de428ddc1185}: [DhcpNameServer] 40.24.1.15
Tcpip\..\Interfaces\{d9c0d3b9-ceec-4b00-a12c-86ded7860f72}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D112615-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM-x32 -> {C413B8F6-32A7-46F2-BAF8-99B03883FC12} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-877075864-1442605631-1392213970-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D112615-A880FF2AB0987464788F&form=CONBDF&conlogo=CT3332041&q={searchTerms}
SearchScopes: HKU\S-1-5-21-877075864-1442605631-1392213970-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D112615-A880FF2AB0987464788F&form=CONBDF&conlogo=CT3332041&q={searchTerms}
SearchScopes: HKU\S-1-5-21-877075864-1442605631-1392213970-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=1000&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-877075864-1442605631-1392213970-1001 -> {C413B8F6-32A7-46F2-BAF8-99B03883FC12} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-04] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-04] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-877075864-1442605631-1392213970-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2015-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
 
Chrome: 
=======
CHR Profile: C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-26]
CHR Extension: (Google Docs) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-26]
CHR Extension: (Google Drive) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-26]
CHR Extension: (Google Search) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Google Sheets) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-26]
CHR Extension: (Norton Identity Safe) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-26]
CHR Extension: (Gmail) - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-11-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-09] (Lavasoft Limited)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-12] (Realtek Semiconductor)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-09] ()
S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2015-09-28] (Web Bar Media)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2015-06-11] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-21] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-19] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151229.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-05] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151228.023\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151228.023\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-09-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-09-06] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-11-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-30 12:59 - 2015-12-30 12:59 - 00021327 _____ C:\Users\Kate\Downloads\FRST.txt
2015-12-30 12:58 - 2015-12-30 12:59 - 00000000 ____D C:\FRST
2015-12-30 12:58 - 2015-12-30 12:58 - 02370560 _____ (Farbar) C:\Users\Kate\Downloads\FRST64.exe
2015-12-30 12:57 - 2015-12-30 12:57 - 01721856 _____ (Farbar) C:\Users\Kate\Downloads\FRST.exe
2015-12-30 12:16 - 2015-12-30 12:16 - 00016148 _____ C:\WINDOWS\system32\HOMEWORKMACHINE_Kate_HistoryPrediction.bin
2015-12-30 10:38 - 2015-12-30 10:38 - 00000000 ___HD C:\OneDriveTemp
2015-12-29 11:39 - 2015-12-29 11:39 - 00026624 _____ C:\Users\Kate\Downloads\emm_sample_1.xls
2015-12-29 11:27 - 2015-12-29 11:27 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-29 11:27 - 2015-12-29 11:27 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-29 11:27 - 2015-12-29 11:27 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-29 11:27 - 2015-12-29 11:27 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-29 11:27 - 2015-12-29 11:27 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-29 11:27 - 2015-12-29 11:27 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-29 11:27 - 2015-12-29 11:27 - 00002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-29 11:27 - 2015-12-29 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-12-29 11:25 - 2015-12-29 11:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-24 11:20 - 2015-12-24 11:20 - 00016148 _____ C:\WINDOWS\system32\HOMEWORKMACHINE_edieb_HistoryPrediction.bin
2015-12-24 10:52 - 2015-12-24 10:53 - 00520192 _____ C:\Users\edieb\Downloads\Criteria_sheet (1).pub
2015-12-20 15:24 - 2015-12-20 15:24 - 01300480 _____ C:\Users\edieb\Downloads\edies quote calender (1).pub
2015-12-20 13:16 - 2015-12-20 13:25 - 01413120 _____ C:\Users\edieb\Downloads\edies quote calender.pub
2015-12-18 14:44 - 2015-12-18 14:44 - 00000000 ___SD C:\Users\Kate\Documents\My Data Sources
2015-12-18 14:16 - 2015-12-29 13:52 - 00000000 ____D C:\Users\Kate\AppData\Local\Microsoft Help
2015-12-12 18:16 - 2015-12-12 18:16 - 00016148 _____ C:\WINDOWS\system32\HOMEWORKMACHINE_dougb_HistoryPrediction.bin
2015-12-11 17:23 - 2015-12-11 17:23 - 00520192 _____ C:\Users\edieb\Downloads\Criteria_sheet.pub
2015-12-09 16:29 - 2015-11-25 05:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 16:29 - 2015-11-25 04:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 16:29 - 2015-11-25 04:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 16:29 - 2015-11-25 04:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 16:29 - 2015-11-25 04:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 16:29 - 2015-11-25 04:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 16:29 - 2015-11-25 04:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 16:29 - 2015-11-25 04:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 16:29 - 2015-11-25 04:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 16:29 - 2015-11-25 04:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 16:29 - 2015-11-25 04:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 16:29 - 2015-11-25 04:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 16:29 - 2015-11-25 04:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 16:29 - 2015-11-25 04:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 16:29 - 2015-11-25 04:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 16:28 - 2015-12-01 07:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 16:28 - 2015-12-01 06:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 16:28 - 2015-12-01 05:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 16:28 - 2015-12-01 05:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 16:28 - 2015-12-01 05:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 16:28 - 2015-12-01 05:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 16:28 - 2015-12-01 04:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 16:28 - 2015-11-25 05:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 16:28 - 2015-11-25 05:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 16:28 - 2015-11-25 05:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 16:28 - 2015-11-25 05:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 16:28 - 2015-11-25 05:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 16:28 - 2015-11-25 05:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 16:28 - 2015-11-25 05:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 16:28 - 2015-11-25 05:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 16:28 - 2015-11-25 05:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 16:28 - 2015-11-25 05:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 16:28 - 2015-11-25 04:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 16:28 - 2015-11-25 04:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 16:28 - 2015-11-25 04:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 16:28 - 2015-11-25 04:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 16:28 - 2015-11-25 04:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 16:28 - 2015-11-25 04:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 16:28 - 2015-11-25 04:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 16:28 - 2015-11-25 04:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 16:28 - 2015-11-25 04:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 16:28 - 2015-11-25 04:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 16:28 - 2015-11-25 04:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 16:28 - 2015-11-25 04:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 16:28 - 2015-11-25 04:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 16:28 - 2015-11-25 04:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 16:28 - 2015-11-25 04:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 16:28 - 2015-11-25 04:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 16:28 - 2015-11-25 04:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 16:28 - 2015-11-25 04:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 16:28 - 2015-11-25 04:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 16:28 - 2015-11-25 04:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 16:28 - 2015-11-25 04:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 16:28 - 2015-11-25 04:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 16:28 - 2015-11-25 04:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 16:28 - 2015-11-25 04:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 16:28 - 2015-11-25 04:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 16:28 - 2015-11-25 04:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 16:28 - 2015-11-25 04:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 16:28 - 2015-11-25 04:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 16:28 - 2015-11-25 04:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 16:28 - 2015-11-25 04:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 16:28 - 2015-11-25 04:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 16:28 - 2015-11-25 04:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 16:28 - 2015-11-25 04:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 16:28 - 2015-11-25 04:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 16:28 - 2015-11-25 04:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 16:28 - 2015-11-25 04:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 16:28 - 2015-11-25 04:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 16:28 - 2015-11-25 04:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 16:28 - 2015-11-25 04:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 16:28 - 2015-11-25 04:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 16:28 - 2015-11-25 04:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 16:28 - 2015-11-25 04:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 16:28 - 2015-11-25 04:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 16:28 - 2015-11-25 04:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 16:28 - 2015-11-25 04:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 16:28 - 2015-11-25 04:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 16:28 - 2015-11-25 02:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 16:28 - 2015-11-25 02:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-02 18:51 - 2015-12-02 20:50 - 00000000 ____D C:\Users\dougb\AppData\Local\WebBar
2015-12-02 18:51 - 2015-12-02 20:00 - 00000000 ____D C:\Users\dougb\AppData\Local\Google
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-30 12:58 - 2015-07-10 09:05 - 00000000 ____D C:\Windows
2015-12-30 12:38 - 2015-11-26 14:28 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-30 12:38 - 2015-11-26 14:28 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 12:12 - 2015-11-26 14:31 - 00000306 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-12-30 12:07 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-30 10:53 - 2015-09-09 21:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-30 10:46 - 2015-09-06 13:31 - 00968010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-30 10:46 - 2015-07-10 11:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-30 10:44 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-30 10:43 - 2015-11-28 17:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2015-12-30 10:43 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 10:38 - 2015-09-06 11:03 - 00000000 ___RD C:\Users\Kate\OneDrive
2015-12-30 10:38 - 2015-09-06 10:57 - 00000000 __SHD C:\Users\Kate\IntelGraphicsProfiles
2015-12-30 10:36 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-29 15:16 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-29 12:57 - 2015-09-06 10:57 - 00000000 ____D C:\Users\Kate\AppData\Local\Packages
2015-12-29 11:29 - 2015-07-10 11:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-29 10:42 - 2015-09-09 20:48 - 00000000 ____D C:\WINDOWS\Panther
2015-12-29 10:38 - 2015-10-30 19:02 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-29 10:15 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-26 08:58 - 2015-07-10 11:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 08:58 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-24 11:20 - 2015-09-07 17:47 - 00000000 ___RD C:\Users\edieb\OneDrive
2015-12-24 10:47 - 2015-09-07 17:42 - 00000000 __SHD C:\Users\edieb\IntelGraphicsProfiles
2015-12-21 12:35 - 2015-11-24 10:17 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKate.job
2015-12-21 10:28 - 2015-11-24 10:17 - 00003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKate
2015-12-21 10:28 - 2015-09-06 11:05 - 00000000 ____D C:\Users\Kate\AppData\Local\Hewlett-Packard
2015-12-20 15:28 - 2015-09-07 17:42 - 00000000 ____D C:\Users\edieb\AppData\Local\Packages
2015-12-18 14:50 - 2015-11-26 14:31 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-12-18 13:03 - 2015-11-26 14:29 - 00000000 ____D C:\Users\Kate\AppData\Local\Google
2015-12-18 12:43 - 2015-11-26 14:29 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-18 12:29 - 2015-09-06 15:38 - 00002413 _____ C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-14 17:06 - 2015-09-07 17:47 - 00002416 _____ C:\Users\edieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-12 18:16 - 2015-09-11 15:51 - 00000000 ___RD C:\Users\dougb\OneDrive
2015-12-12 17:57 - 2015-09-11 15:47 - 00000000 __SHD C:\Users\dougb\IntelGraphicsProfiles
2015-12-11 16:09 - 2015-07-10 12:20 - 00356112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-09 18:43 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 18:16 - 2015-09-06 19:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 18:11 - 2015-09-06 19:04 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-05 12:33 - 2015-11-26 14:28 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 12:33 - 2015-11-26 14:28 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 18:32 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-01 11:49 - 2015-06-11 03:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-12-01 11:49 - 2015-06-11 03:30 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-01 11:44 - 2015-07-10 11:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
 
Some files in TEMP:
====================
C:\Users\Kate\AppData\Local\Temp\Extract.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-06 13:27
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by Kate (2015-12-30 13:00:30)
Running from C:\Users\Kate\Downloads
Windows 10 Home (X64) (2015-09-06 15:30:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-877075864-1442605631-1392213970-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-877075864-1442605631-1392213970-503 - Limited - Disabled)
dougb (S-1-5-21-877075864-1442605631-1392213970-1005 - Limited - Enabled) => C:\Users\dougb
edieb (S-1-5-21-877075864-1442605631-1392213970-1004 - Limited - Enabled) => C:\Users\edieb
Guest (S-1-5-21-877075864-1442605631-1392213970-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-877075864-1442605631-1392213970-1003 - Limited - Enabled)
Kate (S-1-5-21-877075864-1442605631-1392213970-1001 - Administrator - Enabled) => C:\Users\Kate
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{C925BFCB-DB7B-486A-B551-D637E054FC02}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{403E9EFF-C4B4-4308-BA4E-7093B6BA03D5}) (Version: 2.5.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2210 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1041 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1041 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1041 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1041 - Microsoft Corporation) Hidden
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.10.10.0 - OneSystemCare) <==== ATTENTION
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29081 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7339 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Web Bar 2.0.5749.22382 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 2.0.5749.22382 - Web Bar Media) <==== ATTENTION
Web Companion (HKLM-x32\...\{dd376721-a03d-47ac-9195-1e22d061ebca}) (Version: 2.1.1265.2535 - Lavasoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-877075864-1442605631-1392213970-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kate\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-877075864-1442605631-1392213970-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0198C760-840C-4DD7-B3CB-36E6A4F56C96} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {0247B505-99F2-4FD3-8D37-A15DC6EDC1ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {13F61341-82B4-4EDE-895D-E18C9DB262A9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {20CBA964-F581-49C6-945A-342076A9CA40} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-10-26] () <==== ATTENTION
Task: {387DE112-11A9-488E-9CB6-D2A42286EE85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {3A1C093F-AA82-436A-9E2D-585006023B7A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {5157A9CB-C1A8-4093-970B-14E704EA1D79} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {57E9D806-A69E-4D0B-B10A-315701096902} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {5EE58F45-F949-4D3B-B31E-B6321C109A3B} - System32\Tasks\HPCeeScheduleForKate => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {7C6A6C8B-088C-4A73-A7D4-48C30548F19C} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {808362C2-4DDD-404B-84CD-20A9770B7EE2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {86AB617B-5E61-453D-859E-55676D148652} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {8CDADF60-B97A-4C58-8515-09AE3C05A332} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {8D92F497-E096-4072-A4DA-FB0DFD8A421E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {9E6D69DC-E31D-4CAB-B390-09F408006121} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {9FE2E217-267E-4749-B9C5-1C0972E88C16} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A2B6E7B1-865C-40BD-A0A2-9D70300F845B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {B349181D-2DBE-425D-9116-4CE8C09A92D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C82875BE-454D-4B49-8402-8846390215EA} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {D4AC115A-C6E7-4356-ADAA-A22F1F427982} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {E6CE5FF4-DC31-46D2-AFC3-B573532195AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {EC08708D-F610-49C6-9F6C-08CC8F11B365} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-10-26] () <==== ATTENTION
Task: {EC9CC06B-1E07-4F91-A456-F41AD39140A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F94F08B3-1A82-44E4-9EE4-C4021CA22983} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {F98613C3-0C78-4E1B-A8CE-13D8EE0EE034} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKate.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job =>  <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Public\Desktop\Get Dropbox Offer.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=en_gb&pf=cnnb&s=db_dticon&tp=dropbox
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-06 14:19 - 2015-09-06 14:19 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-06 14:19 - 2015-09-06 14:19 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-04 18:32 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-11-26 14:29 - 2015-12-09 16:13 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-10-01 08:59 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 08:59 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-04 18:34 - 2015-12-04 18:34 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-11-26 14:31 - 2015-09-14 13:39 - 00253440 _____ () C:\Program Files\WebBar\2.0.5749.22382\isa_x64.dll
2015-10-01 08:59 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 10:59 - 2015-07-10 10:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-09 16:29 - 2015-11-25 04:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 16:28 - 2015-11-25 04:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 16:28 - 2015-11-25 04:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 08:59 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 11:00 - 2015-07-10 16:28 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-12-11 16:14 - 2015-12-11 16:14 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-11 16:14 - 2015-12-11 16:14 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 17:50 - 2015-11-19 17:50 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-26 12:58 - 2015-10-26 12:58 - 02613856 _____ () C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
2015-11-26 14:29 - 2015-12-09 16:13 - 00113424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-12-09 16:13 - 2015-12-09 16:13 - 00044304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2015-12-09 16:13 - 2015-12-09 16:13 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00272656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00029968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-11-26 14:29 - 2015-12-09 16:13 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-12-18 12:43 - 2015-12-11 03:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-18 12:43 - 2015-12-11 03:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\microsoft.com -> hxxps://www.microsoft.com
IE trusted site: HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F3960F93-19FE-4AAC-816A-0BD015CE2DDA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{21CFF0EE-28AE-4EAB-AD06-5AD042B25998}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76077C89-D20A-414F-A16E-F27D578F6601}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3482BD65-32FF-4757-AF51-791449266A44}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{985C4B9F-42BE-48F7-B5F7-2846A43523F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{811AF468-F746-4D58-8205-942D6A66F869}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{1DD9693D-0642-47DE-98B7-90382899605F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{57FB4A74-3461-48BE-BFAC-E6275AD0ADE7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2015 12:09:22 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7108) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/30/2015 12:09:22 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7108) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/30/2015 12:09:11 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7108) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/30/2015 12:09:11 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7108) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/30/2015 12:09:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7108) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/30/2015 12:09:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7108) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/30/2015 12:08:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7108) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/30/2015 12:08:51 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7108) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/30/2015 12:08:40 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7108) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/30/2015 12:08:40 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7108) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (12/30/2015 12:09:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (12/30/2015 10:39:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/30/2015 10:39:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/30/2015 10:39:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/30/2015 10:39:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/30/2015 10:39:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/30/2015 10:39:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/30/2015 10:39:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/30/2015 10:39:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/30/2015 10:39:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 82%
Total physical RAM: 1939.04 MB
Available physical RAM: 347.26 MB
Total Virtual: 3091.04 MB
Available Virtual: 933.05 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:27.94 GB) (Free:5.86 GB) NTFS
Drive d: (Transcend) (Removable) (Total:3.63 GB) (Free:3.58 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: CF59F296)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#4
Essexboy
Posted 30 December 2015 - 08:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-09] (Lavasoft)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-09] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-09] ()
S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2015-09-28] (Web Bar Media)
2015-12-02 18:51 - 2015-12-02 20:50 - 00000000 ____D C:\Users\dougb\AppData\Local\WebBar
2015-12-30 12:12 - 2015-11-26 14:31 - 00000306 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-12-18 14:50 - 2015-11-26 14:31 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
Task: {20CBA964-F581-49C6-945A-342076A9CA40} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-10-26] () <==== ATTENTION
Task: {5157A9CB-C1A8-4093-970B-14E704EA1D79} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7C6A6C8B-088C-4A73-A7D4-48C30548F19C} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {808362C2-4DDD-404B-84CD-20A9770B7EE2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9FE2E217-267E-4749-B9C5-1C0972E88C16} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {B349181D-2DBE-425D-9116-4CE8C09A92D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EC08708D-F610-49C6-9F6C-08CC8F11B365} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-10-26] () <==== ATTENTION
Task: {EC9CC06B-1E07-4F91-A456-F41AD39140A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F98613C3-0C78-4E1B-A8CE-13D8EE0EE034} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
C:\Program Files\WebBar
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
Bezzy
Posted 30 December 2015 - 10:47 AM

Bezzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-09] (Lavasoft)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-09] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-09] ()
S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2015-09-28] (Web Bar Media)
2015-12-02 18:51 - 2015-12-02 20:50 - 00000000 ____D C:\Users\dougb\AppData\Local\WebBar
2015-12-30 12:12 - 2015-11-26 14:31 - 00000306 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-12-18 14:50 - 2015-11-26 14:31 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
Task: {20CBA964-F581-49C6-945A-342076A9CA40} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-10-26] () <==== ATTENTION
Task: {5157A9CB-C1A8-4093-970B-14E704EA1D79} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7C6A6C8B-088C-4A73-A7D4-48C30548F19C} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {808362C2-4DDD-404B-84CD-20A9770B7EE2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9FE2E217-267E-4749-B9C5-1C0972E88C16} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {B349181D-2DBE-425D-9116-4CE8C09A92D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EC08708D-F610-49C6-9F6C-08CC8F11B365} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-10-26] () <==== ATTENTION
Task: {EC9CC06B-1E07-4F91-A456-F41AD39140A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F98613C3-0C78-4E1B-A8CE-13D8EE0EE034} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
C:\Program Files\WebBar
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000017" => key removed successfully
LavasoftTcpService => Unable to stop service.
LavasoftTcpService => service removed successfully
SearchProtectionService => Unable to stop service.
SearchProtectionService => service removed successfully
wbsvc => service removed successfully
C:\Users\dougb\AppData\Local\WebBar => moved successfully
C:\WINDOWS\Tasks\One System CarePeriod.job => moved successfully
C:\Program Files (x86)\OneSystemCare => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20CBA964-F581-49C6-945A-342076A9CA40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20CBA964-F581-49C6-945A-342076A9CA40}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Monitor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5157A9CB-C1A8-4093-970B-14E704EA1D79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5157A9CB-C1A8-4093-970B-14E704EA1D79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C6A6C8B-088C-4A73-A7D4-48C30548F19C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C6A6C8B-088C-4A73-A7D4-48C30548F19C}" => key removed successfully
C:\WINDOWS\System32\Tasks\WebBarUpdateTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarUpdateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{808362C2-4DDD-404B-84CD-20A9770B7EE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{808362C2-4DDD-404B-84CD-20A9770B7EE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FE2E217-267E-4749-B9C5-1C0972E88C16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FE2E217-267E-4749-B9C5-1C0972E88C16}" => key removed successfully
C:\WINDOWS\System32\Tasks\WebBarLaunchTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarLaunchTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B349181D-2DBE-425D-9116-4CE8C09A92D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B349181D-2DBE-425D-9116-4CE8C09A92D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC08708D-F610-49C6-9F6C-08CC8F11B365}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC08708D-F610-49C6-9F6C-08CC8F11B365}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System CarePeriod => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9CC06B-1E07-4F91-A456-F41AD39140A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9CC06B-1E07-4F91-A456-F41AD39140A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F98613C3-0C78-4E1B-A8CE-13D8EE0EE034}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F98613C3-0C78-4E1B-A8CE-13D8EE0EE034}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\WINDOWS\Tasks\One System CarePeriod.job => not found.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
"HKU\S-1-5-21-877075864-1442605631-1392213970-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
 
"C:\Program Files (x86)\Lavasoft" folder move:
 
Could not move "C:\Program Files (x86)\Lavasoft" => Scheduled to move on reboot.
 
 
"C:\Program Files\WebBar" folder move:
 
Could not move "C:\Program Files\WebBar" => Scheduled to move on reboot.
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter WiFi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::b89a:c897:402f:5c1%17
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1833:17cd:9269:ab88
   Link-local IPv6 Address . . . . . : fe80::1833:17cd:9269:ab88%9
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter WiFi:
 
   Connection-specific DNS Suffix  . : home
   Link-local IPv6 Address . . . . . : fe80::b89a:c897:402f:5c1%17
   IPv4 Address. . . . . . . . . . . : 192.168.1.96
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:24ee:3d0e:9269:ab88
   Link-local IPv6 Address . . . . . : fe80::24ee:3d0e:9269:ab88%9
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {88315517-1F6A-47A6-8FC3-F44F67273BFF}.
Unable to cancel {B9057A26-836B-45A4-9568-327597946926}.
Unable to cancel {50C190BE-A548-4C23-A0B2-FA983E673E02}.
Unable to cancel {50217B54-B687-439B-8DA2-E0DC989BC767}.
{8C84F936-82C0-4CA2-976C-5ACA08FED3EE} canceled.
1 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-30 16:46:03)
 
==> ATTENTION: System is not rebooted.
"C:\Program Files (x86)\Lavasoft" => Could not move
"C:\Program Files\WebBar" => Could not move
 
==== End of Fixlog 16:46:07 ====

  • 0

#6
Bezzy
Posted 30 December 2015 - 11:02 AM

Bezzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by Kate (2015-12-30 16:25:29) Run:1
Running from C:\Users\Kate\Downloads
Loaded Profiles: Kate (Available Profiles: Kate & edieb & dougb)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-09] (Lavasoft)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-11-26] (Lavasoft Limited)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-09] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-09] ()
S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2015-09-28] (Web Bar Media)
2015-12-02 18:51 - 2015-12-02 20:50 - 00000000 ____D C:\Users\dougb\AppData\Local\WebBar
2015-12-30 12:12 - 2015-11-26 14:31 - 00000306 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-12-18 14:50 - 2015-11-26 14:31 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
Task: {20CBA964-F581-49C6-945A-342076A9CA40} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-10-26] () <==== ATTENTION
Task: {5157A9CB-C1A8-4093-970B-14E704EA1D79} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7C6A6C8B-088C-4A73-A7D4-48C30548F19C} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {808362C2-4DDD-404B-84CD-20A9770B7EE2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9FE2E217-267E-4749-B9C5-1C0972E88C16} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-09-28] (Web Bar Media) <==== ATTENTION
Task: {B349181D-2DBE-425D-9116-4CE8C09A92D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EC08708D-F610-49C6-9F6C-08CC8F11B365} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-10-26] () <==== ATTENTION
Task: {EC9CC06B-1E07-4F91-A456-F41AD39140A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F98613C3-0C78-4E1B-A8CE-13D8EE0EE034} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-877075864-1442605631-1392213970-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
C:\Program Files\WebBar
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000017" => key removed successfully
LavasoftTcpService => Unable to stop service.
LavasoftTcpService => service removed successfully
SearchProtectionService => Unable to stop service.
SearchProtectionService => service removed successfully
wbsvc => service removed successfully
C:\Users\dougb\AppData\Local\WebBar => moved successfully
C:\WINDOWS\Tasks\One System CarePeriod.job => moved successfully
C:\Program Files (x86)\OneSystemCare => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20CBA964-F581-49C6-945A-342076A9CA40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20CBA964-F581-49C6-945A-342076A9CA40}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Monitor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5157A9CB-C1A8-4093-970B-14E704EA1D79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5157A9CB-C1A8-4093-970B-14E704EA1D79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C6A6C8B-088C-4A73-A7D4-48C30548F19C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C6A6C8B-088C-4A73-A7D4-48C30548F19C}" => key removed successfully
C:\WINDOWS\System32\Tasks\WebBarUpdateTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarUpdateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{808362C2-4DDD-404B-84CD-20A9770B7EE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{808362C2-4DDD-404B-84CD-20A9770B7EE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FE2E217-267E-4749-B9C5-1C0972E88C16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FE2E217-267E-4749-B9C5-1C0972E88C16}" => key removed successfully
C:\WINDOWS\System32\Tasks\WebBarLaunchTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarLaunchTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B349181D-2DBE-425D-9116-4CE8C09A92D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B349181D-2DBE-425D-9116-4CE8C09A92D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC08708D-F610-49C6-9F6C-08CC8F11B365}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC08708D-F610-49C6-9F6C-08CC8F11B365}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System CarePeriod => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9CC06B-1E07-4F91-A456-F41AD39140A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9CC06B-1E07-4F91-A456-F41AD39140A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F98613C3-0C78-4E1B-A8CE-13D8EE0EE034}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F98613C3-0C78-4E1B-A8CE-13D8EE0EE034}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\WINDOWS\Tasks\One System CarePeriod.job => not found.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
"HKU\S-1-5-21-877075864-1442605631-1392213970-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
 
"C:\Program Files (x86)\Lavasoft" folder move:
 
Could not move "C:\Program Files (x86)\Lavasoft" => Scheduled to move on reboot.
 
 
"C:\Program Files\WebBar" folder move:
 
Could not move "C:\Program Files\WebBar" => Scheduled to move on reboot.
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-877075864-1442605631-1392213970-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter WiFi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::b89a:c897:402f:5c1%17
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1833:17cd:9269:ab88
   Link-local IPv6 Address . . . . . : fe80::1833:17cd:9269:ab88%9
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter WiFi:
 
   Connection-specific DNS Suffix  . : home
   Link-local IPv6 Address . . . . . : fe80::b89a:c897:402f:5c1%17
   IPv4 Address. . . . . . . . . . . : 192.168.1.96
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:24ee:3d0e:9269:ab88
   Link-local IPv6 Address . . . . . : fe80::24ee:3d0e:9269:ab88%9
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {88315517-1F6A-47A6-8FC3-F44F67273BFF}.
Unable to cancel {B9057A26-836B-45A4-9568-327597946926}.
Unable to cancel {50C190BE-A548-4C23-A0B2-FA983E673E02}.
Unable to cancel {50217B54-B687-439B-8DA2-E0DC989BC767}.
{8C84F936-82C0-4CA2-976C-5ACA08FED3EE} canceled.
1 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-30 16:46:03)
 
==> ATTENTION: System is not rebooted.
"C:\Program Files (x86)\Lavasoft" => Could not move
"C:\Program Files\WebBar" => Could not move
 
==== End of Fixlog 16:46:07 ====
 
and then
 
 
# AdwCleaner v5.026 - Logfile created 30/12/2015 at 16:51:59
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Kate - HOMEWORKMACHINE
# Running from : C:\Users\Kate\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : wbsvc
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\WebBar
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder Deleted : C:\Users\edieb\AppData\Local\WebBar
[-] Folder Deleted : C:\Users\Kate\AppData\Local\WebBar
[-] Folder Deleted : C:\Users\Kate\AppData\Roaming\One System Care
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\Launch One System Care.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\One System Care
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\edieb\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\dougb\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2127 bytes] ##########

  • 0

#7
Bezzy
Posted 30 December 2015 - 11:05 AM

Bezzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

It seems to have gone. Thank you so much for your help. I wouldn't have known where to start.


  • 0

#8
Essexboy
Posted 30 December 2015 - 12:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems ?
  • 0

#9
Essexboy
Posted 01 January 2016 - 05:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#10
Essexboy
Posted 02 January 2016 - 08:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0

#11
Essexboy
Posted 06 January 2016 - 09:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned... Disable Norton to allow delfix to download.. It is safe
  • 0

#12
Bezzy
Posted 07 January 2016 - 10:41 AM

Bezzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi Essexboy

 

I can't find how to disable Norton completely. I tried turning off some of the settings but still can't download delfix.

 

Could I add it as an exclusion?


  • 0

#13
Essexboy
Posted 07 January 2016 - 12:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes try that as the file is quite safe
  • 0

#14
Essexboy
Posted 14 January 2016 - 08:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP