Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A Year's Worth of Corruption [Solved]


  • This topic is locked This topic is locked

#1
Inner Child

Inner Child

    Member

  • Member
  • PipPip
  • 38 posts

Help,

 

My wife's system is completely taken over. This is beyond me to clean on my own.

 

Thank you in advance,

Dave

 

I ran Farbar and here is the resulting log file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Lisa Rychlik (administrator) on LISA-PC (19-02-2016 20:45:37)
Running from C:\Users\Lisa Rychlik\Downloads
Loaded Profiles: Lisa Rychlik (Available Profiles: Lisa Rychlik)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
() C:\Program Files (x86)\iSpeedPC\iSpeedPC.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2013-02-15] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\Run: [Power2GoExpress8] => 0
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\MountPoints2: {0d798642-98a9-11e5-80c0-f4b7e22e6398} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\MountPoints2: {0f24f3cc-dc6b-11e3-8064-38eaa7f1ade4} - "G:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk [2014-11-22]
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchApp.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{025B366A-8D42-496D-94AD-0DF5EE786647}: [DhcpNameServer] 12.127.17.77 216.57.130.1 12.127.16.77 216.57.128.2 12.127.16.68
Tcpip\..\Interfaces\{F5A7A963-5085-4821-85F0-6A9F7F4AA78D}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2016-02-11] (Compete, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2016-02-11] (Compete, Inc.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
DPF: HKLM-x32 {1663ed6a-23eb-11d2-b92f-008048fdd814} hxxps://secure.sportsaffinity.com/Inc/print/smsx.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-12-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-12-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-12-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-12-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-12-10] [not signed]
FF HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi [2016-02-05]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-02-17]
CHR Extension: (ShopAtHome.com) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Safe Money) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-02-17]
CHR Extension: (Virtual Keyboard) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Anti-Banner) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-02-17]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-11-22] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-11-22] (ConsumerInput)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFSrv; C:\Windows\System32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
U4 BthHFSrv; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 iscFlash; C:\swsetup\sp63746\iscflashx64.sys [75016 2014-02-08] (Insyde Software)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-04-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-03-15] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 20:45 - 2016-02-19 20:51 - 00031882 _____ C:\Users\Lisa Rychlik\Downloads\FRST.txt
2016-02-19 20:44 - 2016-02-19 20:45 - 00000000 ____D C:\FRST
2016-02-19 20:44 - 2016-02-19 20:44 - 02371072 _____ (Farbar) C:\Users\Lisa Rychlik\Downloads\FRST64.exe
2016-02-19 20:44 - 2016-02-19 20:44 - 02371072 _____ (Farbar) C:\Users\Lisa Rychlik\Downloads\FRST64 (1).exe
2016-02-19 11:25 - 2016-02-19 11:25 - 00009982 _____ C:\Users\Lisa Rychlik\Documents\Running Budget 2016 - Jan-Feb.xlsx
2016-02-17 22:00 - 2016-02-17 22:00 - 00111176 _____ C:\Users\Lisa Rychlik\Downloads\eBill_02_15_2016.pdf
2016-02-16 22:16 - 2016-02-17 22:57 - 00013246 _____ C:\Users\Lisa Rychlik\Documents\formula practice.xlsx
2016-02-16 22:16 - 2016-02-16 22:16 - 00000165 ____H C:\Users\Lisa Rychlik\Documents\~$January 2016 Budget.xlsx
2016-02-16 22:16 - 2016-02-16 22:16 - 00000165 ____H C:\Users\Lisa Rychlik\Documents\~$formula practice.xlsx
2016-02-15 19:47 - 2016-02-15 19:47 - 00000165 ____H C:\Users\Lisa Rychlik\Documents\~$Life Plan - Lisa Rychlik.xlsx
2016-02-10 21:24 - 2016-02-10 21:24 - 00056479 _____ C:\Users\Lisa Rychlik\Downloads\Textbook Section 2.2b.pdf
2016-02-08 21:20 - 2016-02-08 21:20 - 00326242 _____ C:\Users\Lisa Rychlik\Downloads\Directed Study Assignment (FDREL 122-05).pdf
2016-02-06 19:55 - 2016-02-06 19:55 - 00323045 _____ C:\Users\Lisa Rychlik\Downloads\Directed Study Assignment (FDREL 122-04).pdf
2016-01-23 17:41 - 2016-02-19 11:24 - 00009981 _____ C:\Users\Lisa Rychlik\Documents\January 2016 Budget.xlsx
2016-01-20 21:16 - 2016-02-06 21:35 - 00010341 _____ C:\Users\Lisa Rychlik\Documents\Life Plan - Lisa Rychlik.xlsx
2016-01-20 19:44 - 2015-12-10 20:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-20 19:43 - 2015-12-10 20:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-20 19:43 - 2015-12-10 19:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-20 19:43 - 2015-12-10 19:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-20 19:43 - 2015-12-10 19:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-20 19:43 - 2015-12-10 19:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-20 19:43 - 2015-12-10 19:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-20 19:43 - 2015-12-10 19:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-20 19:43 - 2015-12-10 19:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-20 19:43 - 2015-12-10 19:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-20 19:43 - 2015-12-10 18:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-20 19:43 - 2015-12-10 18:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-20 19:43 - 2015-12-10 18:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-20 19:43 - 2015-12-10 18:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-20 19:43 - 2015-12-10 18:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-20 19:43 - 2015-12-10 18:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-20 19:43 - 2015-12-10 18:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-20 19:43 - 2015-12-10 18:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-20 19:43 - 2015-12-10 18:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-20 19:43 - 2015-12-10 18:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-20 19:43 - 2015-12-10 18:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-20 19:42 - 2015-12-30 11:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-20 19:42 - 2015-12-30 11:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-20 19:42 - 2015-12-30 11:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-20 19:42 - 2015-12-09 16:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-20 19:42 - 2015-12-07 02:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01798480 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-20 19:42 - 2015-12-04 07:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-20 19:42 - 2015-12-03 11:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-20 19:42 - 2015-12-03 11:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-20 19:42 - 2015-12-03 11:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-20 19:42 - 2015-12-03 11:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-20 19:42 - 2015-12-03 11:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-20 19:42 - 2015-12-03 10:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-20 19:42 - 2015-12-03 10:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-20 19:42 - 2015-12-03 10:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-20 19:42 - 2015-12-03 10:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-20 19:42 - 2015-12-03 10:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-20 19:42 - 2015-12-03 10:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-20 19:42 - 2015-12-03 10:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-20 19:42 - 2015-12-03 10:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-20 19:42 - 2015-12-03 10:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-20 19:42 - 2015-12-03 10:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-20 19:42 - 2015-12-03 09:58 - 00378880 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-20 19:42 - 2015-12-03 09:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-20 19:42 - 2015-12-03 09:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-20 19:42 - 2015-12-03 09:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-20 19:42 - 2015-12-03 09:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-20 19:42 - 2015-12-03 09:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-20 19:42 - 2015-12-03 09:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-20 19:42 - 2015-12-03 09:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-20 19:42 - 2015-12-03 09:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-20 19:42 - 2015-12-03 09:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-20 19:42 - 2015-12-03 09:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-20 19:42 - 2015-12-03 09:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-20 19:42 - 2015-12-03 09:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-20 19:42 - 2015-12-03 09:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-20 19:42 - 2015-12-03 08:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-20 19:42 - 2015-12-03 08:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-20 19:42 - 2015-12-03 08:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-20 19:42 - 2015-12-02 07:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-20 19:42 - 2015-12-02 07:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-20 19:41 - 2015-12-08 11:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-20 19:41 - 2015-12-08 11:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-20 18:45 - 2016-01-20 18:45 - 06045622 _____ C:\Users\Lisa Rychlik\Downloads\One for the Money_Guide to Family Finance.pdf
2016-01-20 18:41 - 2016-01-20 18:41 - 00083173 _____ C:\Users\Lisa Rychlik\Downloads\eBill_12_21_2015 (1).pdf
2016-01-20 18:40 - 2016-01-20 18:40 - 00082998 _____ C:\Users\Lisa Rychlik\Downloads\eBill_01_18_2016.pdf
2016-01-20 18:21 - 2016-02-17 20:30 - 00003462 _____ C:\WINDOWS\System32\Tasks\ISpeedPC_LogOn
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 20:53 - 2014-11-22 22:16 - 00000488 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001.job
2016-02-19 20:31 - 2013-02-14 22:55 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1313989068-254061936-1508148793-1001
2016-02-19 20:28 - 2013-02-17 22:30 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 20:26 - 2013-02-17 22:31 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 20:26 - 2013-02-17 22:31 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 20:25 - 2014-12-09 07:20 - 00000518 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job
2016-02-19 20:20 - 2014-11-22 22:15 - 00000998 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-02-19 19:37 - 2013-02-14 22:49 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E805176-3C66-4DDD-A89E-8837F692D947}
2016-02-18 22:20 - 2014-11-22 22:15 - 00000994 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-02-18 14:57 - 2013-02-17 22:30 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 08:39 - 2014-03-15 20:14 - 00003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2016-02-17 22:32 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-17 22:23 - 2012-09-26 08:53 - 00000950 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-02-17 22:20 - 2014-03-15 20:14 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2016-02-17 20:30 - 2014-11-22 22:14 - 00003906 _____ C:\WINDOWS\System32\Tasks\ISpeedPC_Daily
2016-02-17 20:20 - 2014-12-09 07:20 - 00003578 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001
2016-02-17 20:20 - 2014-11-22 22:16 - 00003482 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001
2016-02-17 19:29 - 2013-02-15 17:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-17 19:22 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-16 18:55 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-16 18:55 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-10 19:01 - 2013-02-14 22:47 - 00000000 ____D C:\Users\Lisa Rychlik\AppData\Local\Packages
2016-02-09 21:23 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-04 21:50 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-02 15:03 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-02 14:52 - 2013-02-17 22:30 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 14:52 - 2013-02-17 22:30 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 09:41 - 2014-09-23 23:15 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-01 09:31 - 2013-08-22 05:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-02-01 09:30 - 2014-12-13 15:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-01 09:30 - 2014-09-24 01:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-29 21:30 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-29 21:29 - 2013-02-15 21:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-20 21:48 - 2013-07-17 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-20 21:46 - 2013-07-17 23:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-20 21:46 - 2013-07-17 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-20 21:42 - 2013-08-03 20:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-20 21:31 - 2013-04-09 10:55 - 00000000 ____D C:\Users\Lisa Rychlik\Documents\TurboTax
2016-01-20 21:29 - 2013-02-15 00:55 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-20 18:35 - 2012-09-11 18:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-01-20 18:30 - 2014-12-23 08:37 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-20 18:29 - 2012-09-11 18:15 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-20 18:13 - 2013-08-22 06:44 - 00399048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2013-06-04 18:50 - 2013-06-04 18:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-28 03:11 - 2012-12-28 03:11 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt
2013-04-09 10:22 - 2015-02-24 20:10 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Lisa Rychlik\AppData\Local\Temp\Extract.exe
C:\Users\Lisa Rychlik\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Lisa Rychlik\AppData\Local\Temp\SP58519.exe
C:\Users\Lisa Rychlik\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-18 21:50
 
==================== End of FRST.txt ============================

  • 0

Advertisements


#2
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Here is the addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Lisa Rychlik (2016-02-19 20:56:14)
Running from C:\Users\Lisa Rychlik\Downloads
Windows 8.1 (X64) (2014-12-05 06:49:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1313989068-254061936-1508148793-500 - Administrator - Disabled)
Guest (S-1-5-21-1313989068-254061936-1508148793-501 - Limited - Disabled)
Lisa Rychlik (S-1-5-21-1313989068-254061936-1508148793-1001 - Administrator - Enabled) => C:\Users\Lisa Rychlik
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version:  - Compete Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.1.52.1 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iSpeedPC (HKLM-x32\...\{81F28E77-FECC-4517-8D0E-C77113AC0737}) (Version: 1.1.1 - iSpeedPC, Inc)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
MeadCo ScriptX (v7.0.0.8 (x86)) (HKLM-x32\...\{F2682E66-3DEF-4066-AD9F-70DDB96CDDCC}) (Version: 7.0.8 - Mead & Co Ltd.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
StormWatch (HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\StormWatch) (Version: 1.0.1.10 - StormWatch) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
YNAB 4 version 4.3.729 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.729 - YouNeedABudget.com)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {049C6F5B-144C-425A-83DE-B9F02298CAE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {17140B84-CC32-41D7-86CC-F79138B39D55} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe [2014-09-18] ()
Task: {1F913719-90F6-4F05-8DDC-0D894769C508} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-22] (ConsumerInput) <==== ATTENTION
Task: {2C72FAE7-B671-4EC5-B2D0-1F83C4935075} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3DA549FB-F8A5-402C-AB04-89A6A3101890} - System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2016-02-09] () <==== ATTENTION
Task: {491FF936-AD33-4F89-8044-D290A78B4E1B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {4EA78491-88D2-40AD-81BB-A547B9B67682} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {62D420D7-06C7-4756-850A-DDC1A10FB4AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {75AC60AC-0BA5-4855-B896-D59DFC054C93} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-23] (CyberLink Corp.)
Task: {7C5C62EF-0A86-4885-AF86-D635390673E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {8279DBDA-3453-4582-8F50-2E478843645B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-15] (Synaptics Incorporated)
Task: {8661A2F7-B44E-4184-94A0-4068C71B3AF3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {9795B13F-C17D-4C47-983A-7BF548033B45} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {A5AD8B44-103A-4287-B013-C2A82152B5D8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {A92A2E8F-D5B3-4591-BD90-56F31A29AC46} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {AB336FF0-6F7A-406E-A3D9-EDCB728BD39D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-20] (Microsoft Corporation)
Task: {B83CF237-06F8-4A04-B2C8-F1F3101AFE61} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe [2014-09-18] ()
Task: {BB27DB1C-5B7E-427B-9FAD-147B84488E0F} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-22] (ConsumerInput) <==== ATTENTION
Task: {D0C65801-B820-4C6E-AC32-0FA86529CE91} - System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2016-02-09] () <==== ATTENTION
Task: {E033F608-0B1A-44B0-9095-D8640C0D5D7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {E1D76374-5F6F-4FA0-A019-03F47032B7E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {F342FFFC-7526-47EA-B941-4BC18D7B30D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Lisa Rychlik\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\18488498050.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x7f60be53 -pinnedTimeHigh 0x01ce0c52 -securityFlags 0x00000000 -url 0x00000032 hxxps://www.google.com/calendar/render?hl=en&pli=1
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-20 08:19 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2015-10-27 20:23 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-29 23:02 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-13 10:19 - 2014-08-13 10:19 - 01140760 _____ () C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchApp.exe
2016-02-09 01:28 - 2016-02-09 01:28 - 01182240 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2014-09-18 08:46 - 2014-09-18 08:46 - 02412480 _____ () C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
2015-11-06 11:10 - 2015-11-06 11:10 - 00548536 _____ () C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
2012-08-17 21:39 - 2013-02-15 17:56 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2014-03-29 19:09 - 2012-06-07 19:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-20 10:17 - 2014-11-20 10:17 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 00029960 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 00079624 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 00363784 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-12-28 02:44 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-02-10 18:42 - 2016-02-09 03:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-10 18:42 - 2016-02-09 03:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
2015-05-20 16:23 - 2015-05-20 16:24 - 03350640 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-05-20 16:23 - 2015-05-20 16:24 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-20 16:23 - 2015-05-20 16:24 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-11-04 12:23 - 2015-11-04 12:23 - 45161472 _____ () C:\Users\Lisa Rychlik\AppData\Local\StormWatch\libcef.dll
2015-11-04 10:31 - 2015-11-04 10:31 - 01495040 _____ () C:\Users\Lisa Rychlik\AppData\Local\StormWatch\libglesv2.dll
2015-11-04 10:33 - 2015-11-04 10:33 - 00074752 _____ () C:\Users\Lisa Rychlik\AppData\Local\StormWatch\libegl.dll
2015-10-30 11:13 - 2015-10-30 11:13 - 16493256 _____ () C:\Users\Lisa Rychlik\AppData\Local\StormWatch\plugin\pepflashplayer32_19_0_0_226.dll
2014-11-20 10:17 - 2014-11-20 10:17 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa Rychlik\Pictures\zack123\zack philly.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AD15A7F0-9257-4EA7-9F20-4331A1379083}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{C91AF1BB-6DA8-4059-9E13-734FEDB746A0}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{84338C77-058A-418A-8077-3FD16A1DF002}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{CE8B01EF-1E5A-4ADC-B495-0AD1A90B9641}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{4FC042EF-FD9B-4403-8097-745BA4FE434D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4FE73667-C460-495A-9B67-30C0EC2F9935}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E9810E63-10DA-4F63-BCF6-C94601A03264}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{29118A85-1148-4F5F-80B4-356171529EEB}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{F36F6F4A-D15F-4E3A-955D-B48A4F5CE219}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{2F537DEE-18B3-44D9-9F32-EB4C912765B6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{2B0060B7-3870-4BA5-A35A-089ABF939FFF}] => (Allow) C:\Users\Lisa Rychlik\AppData\Local\Temp\7zS6407\HPDiagnosticCoreUI.exe
FirewallRules: [{3A0B8A2A-EBB0-418C-95FC-04ACC0714D41}] => (Allow) C:\Users\Lisa Rychlik\AppData\Local\Temp\7zS6407\HPDiagnosticCoreUI.exe
FirewallRules: [{AB029F99-F7C2-44B7-935F-F429A1A3A064}] => (Allow) C:\Users\Lisa Rychlik\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BE33E54C-8EC3-4C5E-A355-C4172905ED5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9E680132-F64E-42E8-A152-6C889A7280E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{4E175A7A-9B41-4CF4-B1D7-55ADEF64CC86}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{1AA0F776-976E-46F2-A570-E8CC82490976}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{91633A63-F468-4B84-B3BD-E56EEED59457}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B7C93199-9EBB-4345-B91F-DD42AB4FA063}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{156C76D5-0264-4B6C-A974-1C1372742DF3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41124807-2D21-4FF3-BC0E-61130E226680}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20FDA679-48F1-4E56-B262-876D94C705B3}] => (Allow) LPort=1900
FirewallRules: [{122F757E-FDDC-4126-9C64-22417C9F7E50}] => (Allow) LPort=2869
FirewallRules: [{32907D23-3F54-4BF9-B5B7-AA78FB5893CC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AC706120-0395-4D7F-9591-84D07D6A7A6E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{553B6B86-C1EF-433B-BFC9-C695E9E4F9FF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{85455353-6588-4091-9A19-8DE24C98509B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{618868DD-EC9A-426F-9830-73FBCFF73375}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{55FED830-CC97-4F98-9381-2A7058238D17}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AA587A9C-C0AB-4F9B-97EE-FB5E59CDE7ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{902D2A6E-3D1B-4A3B-A7DF-3EEFA1144AFB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1CA067CA-10CF-4EFB-BAC2-06EAE126E11E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C01F6708-261C-4142-A472-5B79A40359FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-01-2016 21:26:37 Windows Update
04-02-2016 12:49:50 Scheduled Checkpoint
16-02-2016 21:08:55 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2016 08:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StormWatchBrowser.exe, version: 1.0.2.2, time stamp: 0x563cfb2f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0x80000003
Fault offset: 0x000b8f62
Faulting process id: 0xd70
Faulting application start time: 0xStormWatchBrowser.exe0
Faulting application path: StormWatchBrowser.exe1
Faulting module path: StormWatchBrowser.exe2
Report Id: StormWatchBrowser.exe3
Faulting package full name: StormWatchBrowser.exe4
Faulting package-relative application ID: StormWatchBrowser.exe5
 
Error: (02/19/2016 08:50:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StormWatchBrowser.exe, version: 1.0.2.2, time stamp: 0x563cfb2f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0x80000003
Fault offset: 0x000b8f62
Faulting process id: 0x2040
Faulting application start time: 0xStormWatchBrowser.exe0
Faulting application path: StormWatchBrowser.exe1
Faulting module path: StormWatchBrowser.exe2
Report Id: StormWatchBrowser.exe3
Faulting package full name: StormWatchBrowser.exe4
Faulting package-relative application ID: StormWatchBrowser.exe5
 
Error: (02/19/2016 08:48:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StormWatchBrowser.exe, version: 1.0.2.2, time stamp: 0x563cfb2f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0x80000003
Fault offset: 0x000b8f62
Faulting process id: 0x24f8
Faulting application start time: 0xStormWatchBrowser.exe0
Faulting application path: StormWatchBrowser.exe1
Faulting module path: StormWatchBrowser.exe2
Report Id: StormWatchBrowser.exe3
Faulting package full name: StormWatchBrowser.exe4
Faulting package-relative application ID: StormWatchBrowser.exe5
 
Error: (02/19/2016 08:46:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 26c0
 
Start Time: 01d16b98f22df467
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: e5c51cd0-d78c-11e5-80d8-f4b7e22e6398
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (02/19/2016 08:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StormWatchBrowser.exe, version: 1.0.2.2, time stamp: 0x563cfb2f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0x80000003
Fault offset: 0x000b8f62
Faulting process id: 0x2744
Faulting application start time: 0xStormWatchBrowser.exe0
Faulting application path: StormWatchBrowser.exe1
Faulting module path: StormWatchBrowser.exe2
Report Id: StormWatchBrowser.exe3
Faulting package full name: StormWatchBrowser.exe4
Faulting package-relative application ID: StormWatchBrowser.exe5
 
Error: (02/19/2016 08:41:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StormWatchBrowser.exe, version: 1.0.2.2, time stamp: 0x563cfb2f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0x80000003
Fault offset: 0x000b8f62
Faulting process id: 0x205c
Faulting application start time: 0xStormWatchBrowser.exe0
Faulting application path: StormWatchBrowser.exe1
Faulting module path: StormWatchBrowser.exe2
Report Id: StormWatchBrowser.exe3
Faulting package full name: StormWatchBrowser.exe4
Faulting package-relative application ID: StormWatchBrowser.exe5
 
Error: (02/19/2016 08:33:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StormWatchBrowser.exe, version: 1.0.2.2, time stamp: 0x563cfb2f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0x80000003
Fault offset: 0x000b8f62
Faulting process id: 0x285c
Faulting application start time: 0xStormWatchBrowser.exe0
Faulting application path: StormWatchBrowser.exe1
Faulting module path: StormWatchBrowser.exe2
Report Id: StormWatchBrowser.exe3
Faulting package full name: StormWatchBrowser.exe4
Faulting package-relative application ID: StormWatchBrowser.exe5
 
Error: (02/19/2016 08:31:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4bc
 
Start Time: 01d16b96da0feb34
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: cf7e2a24-d78a-11e5-80d8-f4b7e22e6398
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (02/19/2016 08:31:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e14
 
Start Time: 01d16b96d9f35d9c
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: cdeae8da-d78a-11e5-80d8-f4b7e22e6398
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (02/19/2016 08:22:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StormWatchBrowser.exe, version: 1.0.2.2, time stamp: 0x563cfb2f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0x80000003
Fault offset: 0x000b8f62
Faulting process id: 0x1a20
Faulting application start time: 0xStormWatchBrowser.exe0
Faulting application path: StormWatchBrowser.exe1
Faulting module path: StormWatchBrowser.exe2
Report Id: StormWatchBrowser.exe3
Faulting package full name: StormWatchBrowser.exe4
Faulting package-relative application ID: StormWatchBrowser.exe5
 
 
System errors:
=============
Error: (02/19/2016 10:48:25 AM) (Source: DCOM) (EventID: 10010) (User: Lisa-PC)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
 
Error: (02/18/2016 09:51:05 PM) (Source: DCOM) (EventID: 10010) (User: Lisa-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/18/2016 09:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error: 
%%1053
 
Error: (02/18/2016 09:50:35 PM) (Source: DCOM) (EventID: 10010) (User: Lisa-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/18/2016 09:50:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Store Service (WSService) service to connect.
 
Error: (02/18/2016 08:39:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (02/17/2016 07:22:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2016 07:22:00 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (02/17/2016 07:22:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:32:37 AM on ‎2/‎17/‎2016 was unexpected.
 
Error: (02/16/2016 09:17:25 PM) (Source: DCOM) (EventID: 10010) (User: Lisa-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
CodeIntegrity:
===================================
  Date: 2016-02-19 20:59:09.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:59:00.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:57:08.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:56:55.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:56:52.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:56:40.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:56:05.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:55:13.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:55:13.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 20:55:12.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 6034.28 MB
Available physical RAM: 1974.55 MB
Total Virtual: 10842.34 MB
Available Virtual: 4681.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:671.77 GB) (Free:471.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.66 GB) (Free:3.05 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 151C1871)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Startup: C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk [2014-11-22]
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchApp.exe ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2016-02-11] (Compete, Inc.)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2016-02-11] (Compete, Inc.)
FF HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi [2016-02-05]
CHR Extension: (ShopAtHome.com) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-10-28]
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-11-22] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-11-22] (ConsumerInput)
2016-02-19 20:25 - 2014-12-09 07:20 - 00000518 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job
2016-02-18 22:20 - 2014-11-22 22:15 - 00000994 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-02-19 20:20 - 2014-11-22 22:15 - 00000998 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-02-17 20:30 - 2014-11-22 22:14 - 00003906 _____ C:\WINDOWS\System32\Tasks\ISpeedPC_Daily
2016-02-17 20:20 - 2014-12-09 07:20 - 00003578 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001
2016-02-17 20:20 - 2014-11-22 22:16 - 00003482 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001
Task: {17140B84-CC32-41D7-86CC-F79138B39D55} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe [2014-09-18] ()
Task: {1F913719-90F6-4F05-8DDC-0D894769C508} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-22] (ConsumerInput) <==== ATTENTION
Task: {3DA549FB-F8A5-402C-AB04-89A6A3101890} - System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2016-02-09] () <==== ATTENTION
Task: {B83CF237-06F8-4A04-B2C8-F1F3101AFE61} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe [2014-09-18] ()
Task: {BB27DB1C-5B7E-427B-9FAD-147B84488E0F} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-22] (ConsumerInput) <==== ATTENTION
Task: {D0C65801-B820-4C6E-AC32-0FA86529CE91} - System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2016-02-09] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\iSpeedPC
C:\Users\Lisa Rychlik\AppData\Local\StormWatch
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#4
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Here is the fixlog from FRST:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Lisa Rychlik (2016-02-21 10:31:50) Run:1
Running from C:\Users\Lisa Rychlik\Desktop\GeeksToGo
Loaded Profiles: Lisa Rychlik (Available Profiles: Lisa Rychlik)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Startup: C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk [2014-11-22]
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchApp.exe ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2016-02-11] (Compete, Inc.)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2016-02-11] (Compete, Inc.)
FF HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi [2016-02-05]
CHR Extension: (ShopAtHome.com) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-10-28]
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-11-22] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-11-22] (ConsumerInput)
2016-02-19 20:25 - 2014-12-09 07:20 - 00000518 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job
2016-02-18 22:20 - 2014-11-22 22:15 - 00000994 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-02-19 20:20 - 2014-11-22 22:15 - 00000998 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-02-17 20:30 - 2014-11-22 22:14 - 00003906 _____ C:\WINDOWS\System32\Tasks\ISpeedPC_Daily
2016-02-17 20:20 - 2014-12-09 07:20 - 00003578 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001
2016-02-17 20:20 - 2014-11-22 22:16 - 00003482 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001
Task: {17140B84-CC32-41D7-86CC-F79138B39D55} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe [2014-09-18] ()
Task: {1F913719-90F6-4F05-8DDC-0D894769C508} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-22] (ConsumerInput) <==== ATTENTION
Task: {3DA549FB-F8A5-402C-AB04-89A6A3101890} - System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2016-02-09] () <==== ATTENTION
Task: {B83CF237-06F8-4A04-B2C8-F1F3101AFE61} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe [2014-09-18] ()
Task: {BB27DB1C-5B7E-427B-9FAD-147B84488E0F} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-22] (ConsumerInput) <==== ATTENTION
Task: {D0C65801-B820-4C6E-AC32-0FA86529CE91} - System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2016-02-09] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\iSpeedPC
C:\Users\Lisa Rychlik\AppData\Local\StormWatch
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk => moved successfully
C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchApp.exe => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0C0FA3C-E102-47BE-A02E-A0972718D880}" => key removed successfully
HKCR\CLSID\{A0C0FA3C-E102-47BE-A02E-A0972718D880} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A0C0FA3C-E102-47BE-A02E-A0972718D880}" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0C0FA3C-E102-47BE-A02E-A0972718D880} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0C0FA3C-E102-47BE-A02E-A0972718D880}" => key removed successfully
HKCR\CLSID\{A0C0FA3C-E102-47BE-A02E-A0972718D880} => key not found. 
"HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi => moved successfully
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi [2016-02-05] => not found
C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc => moved successfully
consumerinput_update => service removed successfully
consumerinput_updatem => service removed successfully
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job => moved successfully
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\System32\Tasks\ISpeedPC_Daily => moved successfully
C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001 => moved successfully
C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17140B84-CC32-41D7-86CC-F79138B39D55} => key not found. 
C:\WINDOWS\System32\Tasks\ISpeedPC_LogOn => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISpeedPC_LogOn" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F913719-90F6-4F05-8DDC-0D894769C508}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F913719-90F6-4F05-8DDC-0D894769C508}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DA549FB-F8A5-402C-AB04-89A6A3101890}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DA549FB-F8A5-402C-AB04-89A6A3101890}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B83CF237-06F8-4A04-B2C8-F1F3101AFE61} => key not found. 
C:\WINDOWS\System32\Tasks\ISpeedPC_Daily => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISpeedPC_Daily" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB27DB1C-5B7E-427B-9FAD-147B84488E0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB27DB1C-5B7E-427B-9FAD-147B84488E0F}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0C65801-B820-4C6E-AC32-0FA86529CE91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0C65801-B820-4C6E-AC32-0FA86529CE91}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001" => key removed successfully
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job => not found.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001.job => moved successfully
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => not found.
 
"C:\Program Files (x86)\Consumer Input" folder move:
 
Could not move "C:\Program Files (x86)\Consumer Input" => Scheduled to move on reboot.
 
 
"C:\Program Files (x86)\iSpeedPC" folder move:
 
Could not move "C:\Program Files (x86)\iSpeedPC" => Scheduled to move on reboot.
 
 
"C:\Users\Lisa Rychlik\AppData\Local\StormWatch" folder move:
 
Could not move "C:\Users\Lisa Rychlik\AppData\Local\StormWatch" => Scheduled to move on reboot.
 
C:\Program Files (x86)\Itibiti Soft Phone => moved successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{EC376127-86A3-4AB8-9F7C-45AA0E71DA5D} canceled.
{B688E3C4-976F-4B34-A011-B524D035734A} canceled.
{E7E22811-E6F2-45BA-9B18-E870201102E8} canceled.
3 out of 3 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 77.4 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-21 10:52:33)
 
C:\Program Files (x86)\Consumer Input => moved successfully
C:\Program Files (x86)\iSpeedPC => Is moved successfully
C:\Users\Lisa Rychlik\AppData\Local\StormWatch => moved successfully
 
==== End of Fixlog 10:52:37 ====
 
AdwCleaner log to follow.

  • 0

#5
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

AdwCleaner[C1]

 

# AdwCleaner v5.035 - Logfile created 21/02/2016 at 11:01:03
# Updated 18/02/2016 by Xplode
# Database : 2016-02-21.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Lisa Rychlik - LISA-PC
# Running from : C:\Users\Lisa Rychlik\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\WSE_Vosteran
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Lisa Rychlik\AppData\Local\Consumer Input
[-] Folder Deleted : C:\Users\Lisa Rychlik\AppData\Local\iLivid
[-] Folder Deleted : C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc
[-] Folder Deleted : C:\Users\Lisa Rychlik\AppData\Roaming\WSE_Vosteran
[-] Folder Deleted : C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Public\Desktop\iLivid.lnk
[-] File Deleted : C:\Users\Public\Desktop\Knctr.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ConsumerInputUpdate.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82025773-B1B0-497B-B942-0171A2E42C3C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{82025773-B1B0-497B-B942-0171A2E42C3C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
[-] Key Deleted : HKCU\Software\Compete
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\StormWatch
[-] Key Deleted : HKCU\Software\WSE_Vosteran
[-] Key Deleted : HKCU\Software\ConsumerInput
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\ConsumerInput
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConsumerInputUpdate.exe
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : movies.netflix.com
[-] [C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : disneystore.com
[-] [C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dlmebkoiahbppacaicbgncnjhbpdfkcc
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7548 bytes] ##########

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

JHlUMFt.png Scan with Malwarebytes Anti-Malware
  • Please download Malwarebytes Anti-Malware to your desktop
  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

  • 0

#7
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hello,

 

The system is much more responsive and no pop ups to interfere (well with the exception of Kaspersky nag screen)

 

Here is the log file from MalwareBytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/21/2016
Scan Time: 3:00 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.21.04
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Lisa Rychlik
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346806
Time Elapsed: 40 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 102
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [bc9cca99edac231389802a55ec168080], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [bc9cca99edac231389802a55ec168080], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [bc9cca99edac231389802a55ec168080], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\INTERFACE\{C015D269-0F4E-4B52-A91F-721F6DAC9437}, Quarantined, [a4b4e3803861e452547f4f59fb07f50b], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [70e84b188217ae883a99acfc2ed459a7], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C015D269-0F4E-4B52-A91F-721F6DAC9437}, Quarantined, [70e84b188217ae883a99acfc2ed459a7], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C015D269-0F4E-4B52-A91F-721F6DAC9437}, Quarantined, [70e84b188217ae883a99acfc2ed459a7], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [f95fed76aceded49914274340ef4659b], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [a6b2fb684e4bcd693c9715937092b34d], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [4b0d2f34badfef472c7fc0e88082a060], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [72e65e05b3e650e6218a099f867c23dd], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [72e65e05b3e650e6218a099f867c23dd], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [72e65e05b3e650e6218a099f867c23dd], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreMachineClass, Quarantined, [72e65e05b3e650e6218a099f867c23dd], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [72e65e05b3e650e6218a099f867c23dd], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [1b3d91d20198a5915d44029ea9594fb1], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [4c0c7fe41f7ad462376a3c64ca3804fc], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [4c0c7fe41f7ad462376a3c64ca3804fc], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [4c0c7fe41f7ad462376a3c64ca3804fc], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [4c0c7fe41f7ad462376a3c64ca3804fc], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [4c0c7fe41f7ad462376a3c64ca3804fc], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [5dfbd48f207985b1cdde475956accb35], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [b7a1095a099089adc9e2544cdb279b65], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [b7a1095a099089adc9e2544cdb279b65], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [b7a1095a099089adc9e2544cdb279b65], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3COMClassService, Quarantined, [b7a1095a099089adc9e2544cdb279b65], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [b7a1095a099089adc9e2544cdb279b65], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [4f0983e0039641f54b57fda322e008f8], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [95c33b283c5d37ffaef4b2ee28daa858], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [95c33b283c5d37ffaef4b2ee28daa858], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [95c33b283c5d37ffaef4b2ee28daa858], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreClass, Quarantined, [95c33b283c5d37ffaef4b2ee28daa858], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreClass.1, Quarantined, [95c33b283c5d37ffaef4b2ee28daa858], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [c98f540fc8d172c4544f920e6e94c43c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [3a1ef46f1a7f49ed7132712f788ad42c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [3a1ef46f1a7f49ed7132712f788ad42c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [3a1ef46f1a7f49ed7132712f788ad42c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [3a1ef46f1a7f49ed7132712f788ad42c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [3a1ef46f1a7f49ed7132712f788ad42c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [dc7cb9aad7c23afca8fc7b2560a227d9], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [1f3950131c7dc76f6a3a7a26e121bf41], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [1f3950131c7dc76f6a3a7a26e121bf41], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [1f3950131c7dc76f6a3a7a26e121bf41], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebSvc, Quarantined, [1f3950131c7dc76f6a3a7a26e121bf41], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [1f3950131c7dc76f6a3a7a26e121bf41], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [81d771f28910e1558e177c24ab57e41c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [70e85f040693d66002a3bfe120e2bc44], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [70e85f040693d66002a3bfe120e2bc44], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [70e85f040693d66002a3bfe120e2bc44], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.ProcessLauncher, Quarantined, [70e85f040693d66002a3bfe120e2bc44], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [70e85f040693d66002a3bfe120e2bc44], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [61f7560daaef0c2a32744957649e2bd5], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [c296b9aa950475c1c4e2415f847ee719], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [c296b9aa950475c1c4e2415f847ee719], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [c296b9aa950475c1c4e2415f847ee719], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [c296b9aa950475c1c4e2415f847ee719], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [c296b9aa950475c1c4e2415f847ee719], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [bf99a4bf60390630b5f2b8e8c93949b7], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [5efab6ad9108b48235720c943cc615eb], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [5efab6ad9108b48235720c943cc615eb], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [5efab6ad9108b48235720c943cc615eb], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoCreateAsync, Quarantined, [5efab6ad9108b48235720c943cc615eb], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [5efab6ad9108b48235720c943cc615eb], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [1d3b7ee53d5c52e4bbed237d43bff60a], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [fc5c382b4950e0569c0c3967b9491ce4], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [fc5c382b4950e0569c0c3967b9491ce4], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [fc5c382b4950e0569c0c3967b9491ce4], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [fc5c382b4950e0569c0c3967b9491ce4], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [fc5c382b4950e0569c0c3967b9491ce4], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\dcabho.Dca, Quarantined, [17412043e4b5dd59adfc257b3fc3b14f], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\dcabho.Dca.1, Quarantined, [26325310b3e631058920168a6c96748c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dcabho.Dca, Quarantined, [26325310b3e631058920168a6c96748c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dcabho.Dca.1, Quarantined, [26325310b3e631058920168a6c96748c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dcabho.Dca, Quarantined, [26325310b3e631058920168a6c96748c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dcabho.Dca.1, Quarantined, [26325310b3e631058920168a6c96748c], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [1e3a9cc7c9d06dc9b5f51090ed15e51b], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [4810e3807029063068421090d62cb749], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [4810e3807029063068421090d62cb749], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [4810e3807029063068421090d62cb749], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [4810e3807029063068421090d62cb749], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [4810e3807029063068421090d62cb749], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [124694cfa7f25dd9b5f7d2ce1ee4d927], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [e3751e45aced4ee87636128e06fcfd03], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [e3751e45aced4ee87636128e06fcfd03], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [e3751e45aced4ee87636128e06fcfd03], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [e3751e45aced4ee87636128e06fcfd03], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [e3751e45aced4ee87636128e06fcfd03], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost, Quarantined, [87d10f5487121f17d7d6a404748e669a], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost.1, Quarantined, [193f50138415979f1c918e1acb37728e], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost, Quarantined, [193f50138415979f1c918e1acb37728e], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost.1, Quarantined, [193f50138415979f1c918e1acb37728e], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost, Quarantined, [193f50138415979f1c918e1acb37728e], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost.1, Quarantined, [193f50138415979f1c918e1acb37728e], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [4216b9aa9efbea4c7935e0c83dc59769], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [95c39ec53465989e406e6642ac56659b], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [95c39ec53465989e406e6642ac56659b], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [95c39ec53465989e406e6642ac56659b], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachine, Quarantined, [95c39ec53465989e406e6642ac56659b], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [95c39ec53465989e406e6642ac56659b], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\dca-host.exe, Quarantined, [5701481b4257092d6e3639e53bc95ca4], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\dca-host.exe, Quarantined, [87d1273c9efb1b1ba004f925ef15d12f], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\dca-host.exe, Quarantined, [9dbb164daaefba7ca7fd71ad3ec6fb05], 
 
Registry Values: 1
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [e2768bd89801ec4ad322b712a0635fa1]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Optional.InstallCore, C:\Users\Lisa Rychlik\Downloads\FontForge.exe, Quarantined, [db7dfc674554132340ee40d44cb922de], 
PUP.Optional.Ilivid, C:\Users\Lisa Rychlik\Downloads\iLividSetup_B-r514-t-bc.exe, Quarantined, [e96f1350cbceb68033b688557f8154ac], 
PUP.Optional.Ilivid, C:\Users\Lisa Rychlik\Downloads\iLividSetup_D-r514-t-bc.exe, Quarantined, [e87080e3ff9aa39309e04f8e9c6401ff], 
PUP.Optional.BundleInstaller, C:\Users\Lisa Rychlik\Downloads\Installation.exe, Quarantined, [ed6b342f12874ee87d40dc5cd130c63a], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Thank you for your help with this issue,
Dave

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thank you, sir for your support. I do appreciate the time you have spent working on my problem.


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

My pleasure :)


  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP