Help,
My wife's system is completely taken over. This is beyond me to clean on my own.
Thank you in advance,
Dave
I ran Farbar and here is the resulting log file:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Lisa Rychlik (administrator) on LISA-PC (19-02-2016 20:45:37)
Running from C:\Users\Lisa Rychlik\Downloads
Loaded Profiles: Lisa Rychlik (Available Profiles: Lisa Rychlik)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
() C:\Program Files (x86)\iSpeedPC\iSpeedPC.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
() C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchBrowser.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2013-02-15] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\Run: [Power2GoExpress8] => 0
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\MountPoints2: {0d798642-98a9-11e5-80c0-f4b7e22e6398} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\MountPoints2: {0f24f3cc-dc6b-11e3-8064-38eaa7f1ade4} - "G:\VZW_Software_upgrade_assistant.exe"
Startup: C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Lisa Rychlik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk [2014-11-22]
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Lisa Rychlik\AppData\Local\StormWatch\StormWatchApp.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{025B366A-8D42-496D-94AD-0DF5EE786647}: [DhcpNameServer] 12.127.17.77 216.57.130.1 12.127.16.77 216.57.128.2 12.127.16.68
Tcpip\..\Interfaces\{F5A7A963-5085-4821-85F0-6A9F7F4AA78D}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1313989068-254061936-1508148793-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0EyCtAzyyBtDyDyByDtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyByC0D0FyCyCzytGtAyBtDzztGyDzztByBtGtAtDtDyCtGyEtDtDyE0EyDtCyByD0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtBtB0C0BtAyBtGtD0E0B0DtGyEyD0C0BtGzzzy0CtBtGyDtDzzyEyB0CtCyD0Ezz0FyC2Q&cr=1290060606&ir=
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {A0C0FA3C-E102-47BE-A02E-A0972718D880} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1313989068-254061936-1508148793-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2016-02-11] (Compete, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2016-02-11] (Compete, Inc.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
DPF: HKLM-x32 {1663ed6a-23eb-11d2-b92f-008048fdd814} hxxps://secure.sportsaffinity.com/Inc/print/smsx.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-12-10] [not signed]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-12-10] [not signed]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-12-10] [not signed]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-12-10] [not signed]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-12-10] [not signed]
FF HKU\S-1-5-21-1313989068-254061936-1508148793-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12257.xpi [2016-02-05]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-02-17]
CHR Extension: (ShopAtHome.com) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Safe Money) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-02-17]
CHR Extension: (Virtual Keyboard) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Anti-Banner) - C:\Users\Lisa Rychlik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-02-17]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-11-22] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-11-22] (ConsumerInput)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFSrv; C:\Windows\System32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
U4 BthHFSrv; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 iscFlash; C:\swsetup\sp63746\iscflashx64.sys [75016 2014-02-08] (Insyde Software)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-04-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-03-15] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 20:45 - 2016-02-19 20:51 - 00031882 _____ C:\Users\Lisa Rychlik\Downloads\FRST.txt
2016-02-19 20:44 - 2016-02-19 20:45 - 00000000 ____D C:\FRST
2016-02-19 20:44 - 2016-02-19 20:44 - 02371072 _____ (Farbar) C:\Users\Lisa Rychlik\Downloads\FRST64.exe
2016-02-19 20:44 - 2016-02-19 20:44 - 02371072 _____ (Farbar) C:\Users\Lisa Rychlik\Downloads\FRST64 (1).exe
2016-02-19 11:25 - 2016-02-19 11:25 - 00009982 _____ C:\Users\Lisa Rychlik\Documents\Running Budget 2016 - Jan-Feb.xlsx
2016-02-17 22:00 - 2016-02-17 22:00 - 00111176 _____ C:\Users\Lisa Rychlik\Downloads\eBill_02_15_2016.pdf
2016-02-16 22:16 - 2016-02-17 22:57 - 00013246 _____ C:\Users\Lisa Rychlik\Documents\formula practice.xlsx
2016-02-16 22:16 - 2016-02-16 22:16 - 00000165 ____H C:\Users\Lisa Rychlik\Documents\~$January 2016 Budget.xlsx
2016-02-16 22:16 - 2016-02-16 22:16 - 00000165 ____H C:\Users\Lisa Rychlik\Documents\~$formula practice.xlsx
2016-02-15 19:47 - 2016-02-15 19:47 - 00000165 ____H C:\Users\Lisa Rychlik\Documents\~$Life Plan - Lisa Rychlik.xlsx
2016-02-10 21:24 - 2016-02-10 21:24 - 00056479 _____ C:\Users\Lisa Rychlik\Downloads\Textbook Section 2.2b.pdf
2016-02-08 21:20 - 2016-02-08 21:20 - 00326242 _____ C:\Users\Lisa Rychlik\Downloads\Directed Study Assignment (FDREL 122-05).pdf
2016-02-06 19:55 - 2016-02-06 19:55 - 00323045 _____ C:\Users\Lisa Rychlik\Downloads\Directed Study Assignment (FDREL 122-04).pdf
2016-01-23 17:41 - 2016-02-19 11:24 - 00009981 _____ C:\Users\Lisa Rychlik\Documents\January 2016 Budget.xlsx
2016-01-20 21:16 - 2016-02-06 21:35 - 00010341 _____ C:\Users\Lisa Rychlik\Documents\Life Plan - Lisa Rychlik.xlsx
2016-01-20 19:44 - 2015-12-10 20:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-20 19:43 - 2015-12-10 20:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-20 19:43 - 2015-12-10 19:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-20 19:43 - 2015-12-10 19:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-20 19:43 - 2015-12-10 19:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-20 19:43 - 2015-12-10 19:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-20 19:43 - 2015-12-10 19:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-20 19:43 - 2015-12-10 19:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-20 19:43 - 2015-12-10 19:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-20 19:43 - 2015-12-10 19:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-20 19:43 - 2015-12-10 18:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-20 19:43 - 2015-12-10 18:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-20 19:43 - 2015-12-10 18:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-20 19:43 - 2015-12-10 18:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-20 19:43 - 2015-12-10 18:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-20 19:43 - 2015-12-10 18:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-20 19:43 - 2015-12-10 18:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-20 19:43 - 2015-12-10 18:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-20 19:43 - 2015-12-10 18:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-20 19:43 - 2015-12-10 18:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-20 19:43 - 2015-12-10 18:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-20 19:42 - 2015-12-30 11:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-20 19:42 - 2015-12-30 11:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-20 19:42 - 2015-12-30 11:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-20 19:42 - 2015-12-09 16:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-20 19:42 - 2015-12-07 02:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01798480 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-20 19:42 - 2015-12-04 21:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-20 19:42 - 2015-12-04 21:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-20 19:42 - 2015-12-04 07:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-20 19:42 - 2015-12-03 11:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-20 19:42 - 2015-12-03 11:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-20 19:42 - 2015-12-03 11:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-20 19:42 - 2015-12-03 11:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-20 19:42 - 2015-12-03 11:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-20 19:42 - 2015-12-03 10:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-20 19:42 - 2015-12-03 10:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-20 19:42 - 2015-12-03 10:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-20 19:42 - 2015-12-03 10:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-20 19:42 - 2015-12-03 10:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-20 19:42 - 2015-12-03 10:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-20 19:42 - 2015-12-03 10:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-20 19:42 - 2015-12-03 10:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-20 19:42 - 2015-12-03 10:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-20 19:42 - 2015-12-03 10:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-20 19:42 - 2015-12-03 09:58 - 00378880 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-20 19:42 - 2015-12-03 09:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-20 19:42 - 2015-12-03 09:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-20 19:42 - 2015-12-03 09:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-20 19:42 - 2015-12-03 09:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-20 19:42 - 2015-12-03 09:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-20 19:42 - 2015-12-03 09:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-20 19:42 - 2015-12-03 09:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-20 19:42 - 2015-12-03 09:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-20 19:42 - 2015-12-03 09:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-20 19:42 - 2015-12-03 09:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-20 19:42 - 2015-12-03 09:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-20 19:42 - 2015-12-03 09:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-20 19:42 - 2015-12-03 09:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-20 19:42 - 2015-12-03 08:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-20 19:42 - 2015-12-03 08:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-20 19:42 - 2015-12-03 08:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-20 19:42 - 2015-12-02 07:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-20 19:42 - 2015-12-02 07:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-20 19:42 - 2015-11-17 13:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-20 19:41 - 2015-12-08 11:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-20 19:41 - 2015-12-08 11:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-20 18:45 - 2016-01-20 18:45 - 06045622 _____ C:\Users\Lisa Rychlik\Downloads\One for the Money_Guide to Family Finance.pdf
2016-01-20 18:41 - 2016-01-20 18:41 - 00083173 _____ C:\Users\Lisa Rychlik\Downloads\eBill_12_21_2015 (1).pdf
2016-01-20 18:40 - 2016-01-20 18:40 - 00082998 _____ C:\Users\Lisa Rychlik\Downloads\eBill_01_18_2016.pdf
2016-01-20 18:21 - 2016-02-17 20:30 - 00003462 _____ C:\WINDOWS\System32\Tasks\ISpeedPC_LogOn
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 20:53 - 2014-11-22 22:16 - 00000488 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001.job
2016-02-19 20:31 - 2013-02-14 22:55 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1313989068-254061936-1508148793-1001
2016-02-19 20:28 - 2013-02-17 22:30 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 20:26 - 2013-02-17 22:31 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 20:26 - 2013-02-17 22:31 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 20:25 - 2014-12-09 07:20 - 00000518 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001.job
2016-02-19 20:20 - 2014-11-22 22:15 - 00000998 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-02-19 19:37 - 2013-02-14 22:49 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E805176-3C66-4DDD-A89E-8837F692D947}
2016-02-18 22:20 - 2014-11-22 22:15 - 00000994 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-02-18 14:57 - 2013-02-17 22:30 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 08:39 - 2014-03-15 20:14 - 00003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2016-02-17 22:32 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-17 22:23 - 2012-09-26 08:53 - 00000950 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-02-17 22:20 - 2014-03-15 20:14 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2016-02-17 20:30 - 2014-11-22 22:14 - 00003906 _____ C:\WINDOWS\System32\Tasks\ISpeedPC_Daily
2016-02-17 20:20 - 2014-12-09 07:20 - 00003578 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-1313989068-254061936-1508148793-1001
2016-02-17 20:20 - 2014-11-22 22:16 - 00003482 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-1313989068-254061936-1508148793-1001
2016-02-17 19:29 - 2013-02-15 17:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-17 19:22 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-16 18:55 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-16 18:55 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-10 19:01 - 2013-02-14 22:47 - 00000000 ____D C:\Users\Lisa Rychlik\AppData\Local\Packages
2016-02-09 21:23 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-04 21:50 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-02 15:03 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-02 14:52 - 2013-02-17 22:30 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 14:52 - 2013-02-17 22:30 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 09:41 - 2014-09-23 23:15 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-01 09:31 - 2013-08-22 05:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-02-01 09:30 - 2014-12-13 15:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-01 09:30 - 2014-09-24 01:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-29 21:30 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-29 21:29 - 2013-02-15 21:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-20 21:48 - 2013-07-17 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-20 21:46 - 2013-07-17 23:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-20 21:46 - 2013-07-17 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-20 21:42 - 2013-08-03 20:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-20 21:31 - 2013-04-09 10:55 - 00000000 ____D C:\Users\Lisa Rychlik\Documents\TurboTax
2016-01-20 21:29 - 2013-02-15 00:55 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-20 18:35 - 2012-09-11 18:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-01-20 18:30 - 2014-12-23 08:37 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-20 18:29 - 2012-09-11 18:15 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-20 18:13 - 2013-08-22 06:44 - 00399048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2013-06-04 18:50 - 2013-06-04 18:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-28 03:11 - 2012-12-28 03:11 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt
2013-04-09 10:22 - 2015-02-24 20:10 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some files in TEMP:
====================
C:\Users\Lisa Rychlik\AppData\Local\Temp\Extract.exe
C:\Users\Lisa Rychlik\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Lisa Rychlik\AppData\Local\Temp\SP58519.exe
C:\Users\Lisa Rychlik\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-18 21:50
==================== End of FRST.txt ============================