Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot remoe ShowPass Smartbar and other problems [Closed]


  • This topic is locked This topic is locked

#1
Shauna O'Neil

Shauna O'Neil

    New Member

  • Member
  • Pip
  • 1 posts

I cannot uninstall ShowPass Smartbar using Uninstall Programs, Firefox does not open to default homepage (google.com), instead opens to http://usa-aa.s3-web...naws.com/?grp=1

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Shauna (administrator) on THORPETECH (23-03-2016 11:58:58)
Running from C:\Users\Shauna\Downloads
Loaded Profiles: Shauna (Available Profiles: Shauna)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\dsrvprn.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
() C:\ThorpeForms\ThorpeformsDesktop\Tfdt.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
(Corel Corporation) C:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\wpwin17.exe
(Corel Corporation) C:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\ps170.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Corel Corporation) C:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\wpwin17.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(FileMaker, Inc.) C:\Program Files (x86)\FileMaker\FileMaker Pro 14\FileMaker Pro.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Corel Corporation) C:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\wpwin17.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179040 2013-10-15] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE [166240 2015-04-21] (Corel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-597811528-1096036510-3546584382-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-597811528-1096036510-3546584382-1001\...\Run: [Google Update] => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-09] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4233111C-441A-4149-915D-EBD0E4F46F2D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{50222A13-3A75-4F47-9914-981FEE4D078D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-597811528-1096036510-3546584382-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-597811528-1096036510-3546584382-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-597811528-1096036510-3546584382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_coinis_15_12&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyCyEyD0AtDyEtD0AyByCzyyDtCtDtDtCtN0D0Tzu0StCtCyBtAtN1L2XzutAtFzytFyEtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtB0AyByCtC0FzytG0A0FtB0AtG0AyCtAyDtGyCyC0FyEtGtBtCtBzzzyyCyC0FzzyD0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDyC0F0CtDyE0CtG0D0CyC0BtGyEtB0CtCtGzz0B0A0FtG0EtAyE0DyEtDtAyE0BtC0F0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCtDyB%26cr%3D1067185085%26a%3Dwny_coinis_15_12%26os%3DWindows 8.1
HKU\S-1-5-21-597811528-1096036510-3546584382-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {1FA3608F-A996-4F0C-82F9-7AB976FAF87B} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1QzuyCyEyD0AtDyEtD0AyByCzyyDtCtDtDtCtN0D0Tzu0SzyyDzytN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StB0F0B0C0EtD0FtAtG0FyEzy0BtGtDtC0CtDtGyBtB0DzztGtByD0Czy0AtDtDtCzzyBtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CtDzz0BtC0BzytG0FtAyEyCtG0F0AyC0DtGzz0BtDtAtGtA0AyE0AtC0C0AtDzzyCyBtB2Q&cr=671580093&ir=
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vS1RS-pfMud-rXXpemcY3p0BtExL8ouNTT9drs0N4hzFHlZ-wy7u_G6lGYMn-8DppCTxTxUNm_YHOhZkqFrGNdx6_tp1KKRQ9EjajaooJSlTnn12_y39DBrGZGaX2uOz_&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597811528-1096036510-3546584382-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_coinis_15_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyCyEyD0AtDyEtD0AyByCzyyDtCtDtDtCtN0D0Tzu0StCtCyBtAtN1L2XzutAtFzytFyEtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtB0AyByCtC0FzytG0A0FtB0AtG0AyCtAyDtGyCyC0FyEtGtBtCtBzzzyyCyC0FzzyD0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDyC0F0CtDyE0CtG0D0CyC0BtGyEtB0CtCtGzz0B0A0FtG0EtAyE0DyEtDtAyE0BtC0F0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCtDyB%26cr%3D1067185085%26a%3Dwny_coinis_15_12%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-597811528-1096036510-3546584382-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vS1RS-pfMud-rXXpemcY3p0BtExL8ouNTT9drs0N4hzFHlZ-wy7u_G6lGYMn-8DppCTxTxUNm_YHOhZkqFrGNdx6_tp1KKRQ9EjajaooJSlTnn12_y39DBrGZGaX2uOz5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597811528-1096036510-3546584382-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597811528-1096036510-3546584382-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKU\S-1-5-21-597811528-1096036510-3546584382-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_coinis_15_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyCyEyD0AtDyEtD0AyByCzyyDtCtDtDtCtN0D0Tzu0StCtCyBtAtN1L2XzutAtFzytFyEtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtB0AyByCtC0FzytG0A0FtB0AtG0AyCtAyDtGyCyC0FyEtGtBtCtBzzzyyCyC0FzzyD0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDyC0F0CtDyE0CtG0D0CyC0BtGyEtB0CtCtGzz0B0A0FtG0EtAyE0DyEtDtAyE0BtC0F0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCtDyB%26cr%3D1067185085%26a%3Dwny_coinis_15_12%26os%3DWindows 8.1&p={searchTerms}
BHO: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No File
BHO-x32: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Shauna\AppData\Roaming\Mozilla\Firefox\Profiles\qzvwpiyb.default-1457450366967
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-597811528-1096036510-3546584382-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Shauna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-597811528-1096036510-3546584382-1001: @talk.google.com/O1DPlugin -> C:\Users\Shauna\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-597811528-1096036510-3546584382-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-597811528-1096036510-3546584382-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Shauna\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Shauna\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-23] [not signed]
FF HKLM\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox => not found
 
Chrome: 
=======
CHR Profile: C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-09]
CHR Extension: (Google Docs) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
CHR Extension: (Google Drive) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Google Search) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Google Sheets) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-09]
CHR Extension: (Gmail) - C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 dsrvprn; C:\Windows\SysWOW64\dsrvprn.exe [268600 2014-11-02] () [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-11-06] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-21] (WildTangent)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 mwiynzm4ndy1yjz; C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys [69000 2015-03-18] (Windows ® Win 7 DDK provider)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-09-03] (CACE Technologies, Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 b786bdb3c67d; system32\drivers\b786bdb3c67d.sys [X]
S1 itnfd_1_10_0_10; system32\drivers\itnfd_1_10_0_10.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
S1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64; system32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys [X]
S1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}w64; system32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}w64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-23 11:58 - 2016-03-23 11:59 - 00021637 _____ C:\Users\Shauna\Downloads\FRST.txt
2016-03-23 11:58 - 2016-03-23 11:58 - 02374144 _____ (Farbar) C:\Users\Shauna\Downloads\FRST64.exe
2016-03-23 11:58 - 2016-03-23 11:58 - 02374144 _____ (Farbar) C:\Users\Shauna\Downloads\FRST64 (1).exe
2016-03-23 11:58 - 2016-03-23 11:58 - 00000000 ____D C:\FRST
2016-03-22 20:41 - 2016-03-22 20:41 - 01002641 _____ C:\Users\Shauna\Downloads\Attachments_2016322.zip
2016-03-22 20:40 - 2016-03-22 20:49 - 00000000 ____D C:\Users\Shauna\Desktop\djtconf_cd_wp_print
2016-03-22 20:39 - 2016-03-22 20:40 - 00000000 ____D C:\Users\Shauna\Desktop\preSS_wpmacros
2016-03-22 20:30 - 2016-03-22 20:30 - 00265719 _____ C:\Users\Shauna\Downloads\ReferenceGuidePresentingtheSettlementStatement90215.pdf
2016-03-22 06:15 - 2016-03-22 06:15 - 00001496 _____ C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileMaker Pro.lnk
2016-03-20 21:26 - 2016-03-20 21:26 - 00606208 _____ C:\Users\Shauna\Documents\FMP14 Viewing Data.fmp12
2016-03-20 21:26 - 2016-03-20 21:26 - 00212992 _____ C:\Users\Shauna\Documents\FMP14 Layouts.fmp12
2016-03-20 21:22 - 2016-02-10 14:43 - 00000000 ____D C:\Users\Shauna\Downloads\FileMaker Pro 14.0.5 Updater
2016-03-20 21:18 - 2016-03-20 21:20 - 316670192 _____ C:\Users\Shauna\Downloads\fmp_updater_14.0.5.505_x64.exe
2016-03-20 21:18 - 2016-03-20 21:18 - 00000008 ____H C:\Users\Shauna\AppData\Local\L8457789140
2016-03-20 21:10 - 2015-11-02 09:49 - 00000000 ____D C:\Users\Shauna\Downloads\FileMaker Pro 14v4 Trial
2016-03-20 21:06 - 2016-03-20 21:09 - 320248432 _____ C:\Users\Shauna\Downloads\fmp_trial_fm_14.0.4.406_x32.exe
2016-03-18 16:19 - 2014-11-14 10:44 - 00000000 ____D C:\Users\Shauna\Downloads\FileMaker Pro Advanced 13.0v4 Updater
2016-03-18 14:31 - 2016-03-18 14:31 - 06516656 _____ (Tim Kosse) C:\Users\Shauna\Downloads\FileZilla_3.16.1_win64-setup.exe
2016-03-18 14:19 - 2016-03-18 14:33 - 405888168 _____ C:\Users\Shauna\Downloads\fmpa_updater_13.0.4.418.exe
2016-03-16 13:11 - 2016-03-16 13:11 - 00000822 _____ C:\Users\Shauna\Desktop\Tfdt.exe - Shortcut.lnk
2016-03-16 08:06 - 2016-03-16 08:06 - 01243576 _____ C:\Users\Shauna\Downloads\201207_cfpb_closing-disclosure.pdf
2016-03-14 19:44 - 2016-03-14 19:44 - 00410112 _____ C:\Users\Shauna\Downloads\exported_excel.xls
2016-03-11 09:07 - 2016-03-11 09:07 - 02339860 _____ C:\Users\Shauna\Desktop\Baker-Stallings CD.wpd
2016-03-11 09:07 - 2016-03-11 09:07 - 00134696 _____ C:\Users\Shauna\Desktop\selleronly_baker.wpd
2016-03-10 14:07 - 2016-03-10 14:07 - 00148505 _____ C:\Users\Shauna\Desktop\selleronly_blevins.wpd
2016-03-10 14:06 - 2016-03-10 14:07 - 02343375 _____ C:\Users\Shauna\Desktop\blevins.nancy.wpd
2016-03-09 20:52 - 2016-03-09 20:57 - 00001652 _____ C:\Users\Shauna\Desktop\eggs.csv
2016-03-09 13:23 - 2016-03-09 13:23 - 00220973 _____ C:\Users\Shauna\Desktop\olson_demandinv.pdf
2016-03-09 13:08 - 2016-03-09 13:08 - 00220964 _____ C:\Users\Shauna\Desktop\olson_demandforpay.pdf
2016-03-09 11:41 - 2016-03-09 11:41 - 00001950 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk
2016-03-08 08:19 - 2016-03-08 08:19 - 00000000 ____D C:\Users\Shauna\Desktop\Old Firefox Data
2016-03-04 13:40 - 2016-03-04 14:03 - 02846196 _____ C:\Users\Shauna\Desktop\Untitled.xlsx
2016-03-03 22:11 - 2016-03-03 22:12 - 00057941 _____ C:\Users\Shauna\Downloads\Capshead.pdf
2016-03-03 08:58 - 2016-03-03 08:58 - 00089517 _____ C:\Users\Shauna\Desktop\CD printOptions.wcm
2016-03-02 23:18 - 2016-03-23 11:23 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597811528-1096036510-3546584382-1001UA.job
2016-03-02 23:18 - 2016-03-22 22:23 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597811528-1096036510-3546584382-1001Core.job
2016-03-02 23:18 - 2016-03-02 23:18 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-597811528-1096036510-3546584382-1001UA
2016-03-02 23:18 - 2016-03-02 23:18 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-597811528-1096036510-3546584382-1001Core
2016-03-02 23:15 - 2016-03-02 23:16 - 00987728 _____ (Google Inc.) C:\Users\Shauna\Downloads\GoogleVoiceAndVideoSetup.exe
2016-03-02 09:48 - 2016-03-02 09:49 - 32103135 _____ (Acresso Software Inc. ) C:\Users\Shauna\Downloads\ThorpeformsNoJava(4).exe
2016-03-01 14:44 - 2016-03-01 14:44 - 00575695 _____ C:\Users\Shauna\Downloads\Download20160301-094404.txt
2016-03-01 14:43 - 2016-03-01 14:43 - 00387677 _____ C:\Users\Shauna\Downloads\Download20160301-094311.txt
2016-02-26 13:02 - 2016-03-14 19:47 - 00004529 _____ C:\Users\Shauna\Desktop\naturesmeat.csv
2016-02-26 12:42 - 2016-02-26 12:42 - 00000830 _____ C:\Users\Shauna\Downloads\CD printOptions.DBG
2016-02-26 12:36 - 2016-03-03 08:58 - 00089517 _____ C:\Users\Shauna\Downloads\CD printOptions.wcm
2016-02-26 09:21 - 2016-02-26 09:22 - 32103154 _____ (Acresso Software Inc. ) C:\Users\Shauna\Downloads\ThorpeformsNoJava(3).exe
2016-02-26 09:16 - 2016-02-26 09:16 - 00000000 ____D C:\Program Files\Common Files\Corel
2016-02-26 09:14 - 2016-02-26 09:14 - 00000000 ____D C:\Users\Shauna\Documents\Working Files
2016-02-26 08:23 - 2016-03-23 06:06 - 00000000 ____D C:\Users\Shauna\360Works
2016-02-26 08:13 - 2016-02-26 09:14 - 00000000 ____D C:\Users\Shauna\AppData\Roaming\Corel
2016-02-26 08:13 - 2016-02-26 08:12 - 00002927 _____ C:\Users\Public\Desktop\WordPerfect Lightning.lnk
2016-02-26 08:13 - 2016-02-26 08:12 - 00002444 _____ C:\Users\Public\Desktop\WordPerfect X7.lnk
2016-02-26 08:12 - 2016-02-26 08:13 - 00000000 ____D C:\ProgramData\Corel
2016-02-26 08:11 - 2016-02-26 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X7
2016-02-26 08:11 - 2016-02-26 08:11 - 00000000 ____D C:\Users\Public\Documents\WordPerfect Office
2016-02-26 08:11 - 2016-02-26 08:11 - 00000000 ____D C:\ProgramData\Borland
2016-02-26 08:05 - 2016-02-26 08:10 - 00000000 ____D C:\Program Files (x86)\Corel
2016-02-26 07:50 - 2016-02-26 08:05 - 00000000 ____D C:\Users\Shauna\Downloads\WordPerfect Office X7 Home and Student
2016-02-26 07:49 - 2016-02-26 07:49 - 01529568 _____ (arvato digital services llc) C:\Users\Shauna\Downloads\Download_WordPerfect_Office_X7_Home_and_Student.exe
2016-02-26 07:49 - 2016-02-26 07:49 - 00000000 ____D C:\Users\Shauna\AppData\Local\Protexis
2016-02-26 07:49 - 2016-02-26 07:49 - 00000000 ____D C:\ProgramData\Protexis
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-23 11:51 - 2015-12-22 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-23 11:51 - 2014-02-12 22:55 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-23 11:50 - 2015-01-22 20:30 - 00000000 ____D C:\Users\Shauna\AppData\Roaming\FileZilla
2016-03-23 11:04 - 2014-08-03 21:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-23 10:30 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-21 06:46 - 2015-10-26 22:51 - 12226560 _____ C:\Users\Shauna\Documents\FMP14 Getting Started.fmp12
2016-03-20 21:33 - 2014-07-14 19:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-597811528-1096036510-3546584382-1001
2016-03-20 21:13 - 2015-01-22 20:16 - 00001376 _____ C:\Users\Public\Desktop\FileMaker Pro.lnk
2016-03-20 21:12 - 2015-01-22 20:16 - 00002715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMaker Pro.lnk
2016-03-20 21:12 - 2015-01-22 20:16 - 00000000 ____D C:\Program Files (x86)\FileMaker
2016-03-19 04:39 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-19 04:39 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-16 18:39 - 2013-12-03 04:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 18:39 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2016-03-16 09:13 - 2015-01-26 22:44 - 00000000 ____D C:\Users\Shauna\AppData\Roaming\Nitro PDF
2016-03-16 09:13 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-14 19:52 - 2016-02-09 14:46 - 00002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 19:52 - 2016-02-09 14:46 - 00002249 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-11 11:04 - 2014-08-03 21:36 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 18:51 - 2014-02-12 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-09 11:47 - 2014-07-14 19:37 - 00000000 ____D C:\Users\Shauna\AppData\Local\TOSHIBA
2016-03-09 11:41 - 2013-12-03 05:46 - 00000000 ____D C:\Program Files\TOSHIBA
2016-03-09 11:41 - 2013-12-03 05:45 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-03-08 08:18 - 2014-08-15 09:02 - 00000000 ____D C:\Users\Shauna\AppData\Local\CrashDumps
2016-03-07 13:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2016-03-03 08:58 - 2014-08-06 13:10 - 00287744 ___SH C:\Users\Shauna\Downloads\Thumbs.db
2016-03-02 23:59 - 2014-10-20 08:48 - 00000000 ___RD C:\Users\Shauna\OneDrive
2016-03-02 23:58 - 2014-07-14 19:34 - 00000000 ____D C:\Users\Shauna
2016-03-02 23:58 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-02 23:58 - 2013-08-22 07:44 - 00447936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-02 23:18 - 2014-08-03 20:38 - 00000000 ____D C:\Users\Shauna\AppData\Roaming\Mozilla
2016-03-02 23:18 - 2014-07-14 19:41 - 00000000 ____D C:\Users\Shauna\AppData\Local\Google
2016-03-02 11:29 - 2013-12-03 05:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-02 09:50 - 2015-01-03 20:00 - 00001740 _____ C:\Users\Public\Desktop\New ThorpeForms Desktop.lnk
2016-02-29 07:21 - 2015-01-29 09:33 - 00108368 _____ C:\Users\Shauna\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-26 11:52 - 2015-01-26 22:46 - 00691712 ___SH C:\Users\Shauna\Desktop\Thumbs.db
2016-02-26 08:21 - 2015-05-13 14:53 - 05878706 _____ (360Works) C:\Users\Shauna\Desktop\360Works_Plastic.fmx
 
==================== Files in the root of some directories =======
 
2004-04-16 03:34 - 2004-04-16 03:34 - 0010240 _____ () C:\Program Files (x86)\Crack.exe
2004-03-02 21:42 - 2004-03-02 21:42 - 0004361 ____R () C:\Program Files (x86)\e-Lunatic.diz
2004-04-16 03:39 - 2004-04-16 03:39 - 0001077 _____ () C:\Program Files (x86)\file_id.diz
2004-04-16 03:38 - 2004-04-16 03:38 - 0004035 _____ () C:\Program Files (x86)\mp.nfo
2014-08-16 21:33 - 2014-08-16 21:33 - 0000000 _____ () C:\Users\Shauna\AppData\Roaming\BC76.tmp
2014-08-16 21:33 - 2014-08-16 21:33 - 1283072 _____ () C:\Users\Shauna\AppData\Roaming\BC76.tmp.exe
2015-01-22 20:17 - 2015-01-22 20:17 - 0000000 ____H () C:\Users\Shauna\AppData\Roaming\L8457789
2014-09-01 01:18 - 2014-09-01 01:18 - 0002086 _____ () C:\Users\Shauna\AppData\Roaming\UITERH
2014-08-17 21:49 - 2014-08-17 21:49 - 0000043 _____ () C:\Users\Shauna\AppData\Roaming\WB.CFG
2015-04-07 10:28 - 2015-04-07 10:28 - 0170812 _____ () C:\Users\Shauna\AppData\Local\ars.cache
2015-04-07 10:28 - 2015-04-07 10:28 - 0442305 _____ () C:\Users\Shauna\AppData\Local\census.cache
2015-04-07 10:12 - 2015-04-07 10:12 - 0000036 _____ () C:\Users\Shauna\AppData\Local\housecall.guid.cache
2016-02-16 18:11 - 2016-02-16 18:11 - 0000008 ____H () C:\Users\Shauna\AppData\Local\L8457789110
2016-02-17 12:44 - 2016-02-17 12:44 - 0000008 ____H () C:\Users\Shauna\AppData\Local\L8457789130
2016-03-20 21:18 - 2016-03-20 21:18 - 0000008 ____H () C:\Users\Shauna\AppData\Local\L8457789140
2015-04-07 10:19 - 2015-04-07 10:19 - 0000010 _____ () C:\Users\Shauna\AppData\Local\sponge.last.runtime.cache
2014-02-12 22:26 - 2014-02-12 22:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Shauna\AppData\Local\Temp\0AE12BE6-3B21-E835-C04B-C5F870D3B188.dll
C:\Users\Shauna\AppData\Local\Temp\3A12C0AB-FC23-9C20-9FB1-B8D92519E6B6.exe
C:\Users\Shauna\AppData\Local\Temp\Compete_setup.exe
C:\Users\Shauna\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Shauna\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Shauna\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Shauna\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Shauna\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Shauna\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Shauna\AppData\Local\Temp\l9fohtzr.dll
C:\Users\Shauna\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Shauna\AppData\Local\Temp\ose00000.exe
C:\Users\Shauna\AppData\Local\Temp\post2.dll
C:\Users\Shauna\AppData\Local\Temp\post2.exe
C:\Users\Shauna\AppData\Local\Temp\SavePass20141110.exe
C:\Users\Shauna\AppData\Local\Temp\VOPackage.exe
C:\Users\Shauna\AppData\Local\Temp\WiseUpdX.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-19 04:39
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Shauna (2016-03-23 12:00:46)
Running from C:\Users\Shauna\Downloads
Windows 8.1 (X64) (2014-07-15 02:34:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-597811528-1096036510-3546584382-500 - Administrator - Disabled)
Guest (S-1-5-21-597811528-1096036510-3546584382-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-597811528-1096036510-3546584382-1003 - Limited - Enabled)
Shauna (S-1-5-21-597811528-1096036510-3546584382-1001 - Administrator - Enabled) => C:\Users\Shauna
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
100% Hidden Objects 2 (x32 Version: 3.0.2.118 - WildTangent) Hidden
7 Grand Steps (x32 Version: 3.0.2.51 - WildTangent) Hidden
A Magnetic Adventure (x32 Version: 2.2.0.97 - WildTangent) Hidden
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 3.0.2.59 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Big City Adventure: London Story (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{904AC0F0-F69E-467E-A719-B083940F608A}) (Version: 8.5.2.1999 - TechSmith Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clutter V: Welcome to Clutterville (x32 Version: 1.1.2.4 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Criminal Minds (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.)
Dangerous Games: Prisoners of Destiny (x32 Version: 1.1.2.4 - WildTangent) Hidden
Dream Day Wedding - Bella Italia (x32 Version: 2.2.0.95 - WildTangent) Hidden
DTS Sound (HKLM-x32\...\{2C7A5AF4-1793-4B5A-89C0-021FB198EDE8}) (Version: 1.01.3900 - DTS, Inc.)
Fatal Passion: Art Prison (x32 Version: 1.1.2.4 - WildTangent) Hidden
Fierce Tales: Marcus Memory (x32 Version: 1.1.2.4 - WildTangent) Hidden
FileMaker Pro 11 (HKLM-x32\...\{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker) (Version: 11.0.1.0 - FileMaker, Inc.)
FileMaker Pro 11 (x32 Version: 11.0.1.0 - FileMaker, Inc.) Hidden
FileMaker Pro 13 (HKLM-x32\...\{EA92821A-03A5-4B00-85F4-834BBD8ABC24}_FileMaker) (Version: 13.0.2.0 - FileMaker, Inc.)
FileMaker Pro 13 (x32 Version: 13.0.2.0 - FileMaker, Inc.) Hidden
FileMaker Pro 14 (HKLM-x32\...\{A2692EDD-7F2A-4228-83DE-0EF031C35D3C}_FileMaker) (Version: 14.0.4.0 - FileMaker, Inc.)
FileMaker Pro 14 (x32 Version: 14.0.4.0 - FileMaker, Inc.) Hidden
FileMaker Pro 7 (HKLM-x32\...\{65FA5E6D-B3D7-46D9-9571-CBBA1968346B}) (Version: 7.0.1.2 - FileMaker, Inc.)
FileZilla Client 3.10.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
Fishdom 2 (HKLM-x32\...\Fishdom 2) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Haunted Hotel: Lonely Dream (x32 Version: 1.1.2.4 - WildTangent) Hidden
Himalayan Mysteries (x32 Version: 3.0.2.59 - WildTangent) Hidden
I SPY Treasure Hunt (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Legends of the Hidden (HKLM-x32\...\{9A4F47A8-DE0F-40D1-A10A-A5E80AF1D766}) (Version: 1.0.0 - On Hand Software)
Memory Clinic (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
Newspaper Puzzle Challenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Relics of Fate: A Penny Macey Mystery (x32 Version: 3.0.2.59 - WildTangent) Hidden
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Shadow Shelter (x32 Version: 3.0.2.59 - WildTangent) Hidden
ShowPass Smartbar (HKLM-x32\...\{BDAF93B9-566F-4C94-A102-980F2805B306}) (Version: 11.118.76.20514 - ReSoft Ltd.) <==== ATTENTION
Snark Busters - Welcome to the Club (x32 Version: 2.2.0.98 - WildTangent) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
The Lost Cases of Sherlock Holmes 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ThorpeForms (HKLM-x32\...\{0E767929-2F0B-4AF5-A6CB-8B7237E39611}) (Version: 1.00.387 - ThorpeForms)
ThorpeformsDesktop (HKLM-x32\...\{AE0C6C9A-84BD-4D24-894A-E2FE7DFBA974}) (Version: 1.00.0206 - Thorpeforms)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{B6574DE0-C2A1-4432-AD73-854E5DE2CC87}) (Version: 1.1.11.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.1.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.04.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.15 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.0.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Adventures: Park Ranger 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.59 - WildTangent) Hidden
Where Angels Cry: Tears of the Fallen Collector's Edition (x32 Version: 1.1.2.4 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.1.1.2 - WildTangent) Hidden
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X7 - Common Files (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Common Files English (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM Content HSE (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM HSE (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files English (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Oxford (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files English (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files English (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Setup Files (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - System Files (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files English (x32 Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WPD format Props x64 (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WT (x32 Version: 17.0 -  Corel Corporation) Hidden
WordPerfect Office X7 (HKLM-x32\...\_{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.0.0.366 - Corel Corporation)
WordPerfect Office X7 (x32 Version: 17.0 - Corel Corporation) Hidden
World Riddles 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-597811528-1096036510-3546584382-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-597811528-1096036510-3546584382-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Shauna\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {20CC6E08-21D7-4EEE-BB5C-C865FFC02168} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {4A62054F-CF17-4310-9B59-469A28B6118E} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
Task: {5B667E08-FC99-41C8-BBD2-B3F8E771A328} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {5EEF0CAB-0D69-48F4-9EE9-57894FACB8CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {853F59F8-C999-4A43-B203-D96465A8E529} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {8E266E96-4822-4307-AF9D-747121841CEC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-24] (Realtek Semiconductor)
Task: {9CD42DAE-893F-44B7-AA11-62AABEFBFD8E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {A0E085F1-4B5E-46C7-904F-047715684545} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {B5673E90-418C-47D3-8F66-EF13F5590CB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {C05A50D7-0482-4DC4-9195-EDCF8D524846} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-597811528-1096036510-3546584382-1001Core => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {D03BCC25-3598-48B4-BE1E-CF6D13D4DFA3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-597811528-1096036510-3546584382-1001UA => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {E5ACDD26-E20F-40B5-AD3E-E6E19E6EA1E4} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {F7B4BA01-3A23-4F9D-9B06-0D46E3AFF7B0} - System32\Tasks\{4B3F3211-964F-4744-A8B7-56452CDC139E} => pcalua.exe -a "C:\Users\Shauna\AppData\Local\Temp\Temp5_21.04 FileMaker Pro v7.0.zip\Crack.exe"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Shauna\AppData\Local\3097\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597811528-1096036510-3546584382-1001Core.job => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597811528-1096036510-3546584382-1001UA.job => C:\Users\Shauna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UITERH.job => C:\Users\Shauna\AppData\Roaming\UITERH.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=1
ShortcutWithArgument: C:\Users\Shauna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=1
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-18 11:21 - 2014-11-02 16:57 - 00268600 _____ () C:\Windows\SysWOW64\dsrvprn.exe
2013-11-06 15:26 - 2013-11-06 15:26 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-12-08 03:10 - 2014-12-08 03:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-05-29 07:51 - 2011-08-04 13:40 - 00403456 _____ () C:\ThorpeForms\ThorpeformsDesktop\Tfdt.exe
2014-08-13 12:47 - 2014-08-13 12:47 - 00555888 _____ () c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\PsiClient.dll
2016-03-14 19:52 - 2016-03-07 19:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-14 19:52 - 2016-03-07 19:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-10-26 23:20 - 2015-10-26 23:20 - 00049424 _____ () C:\Program Files (x86)\FileMaker\FileMaker Pro 14\XalanMessages_1_11.dll
2014-10-24 09:14 - 2014-10-24 09:14 - 00610088 _____ () C:\Program Files (x86)\FileMaker\FileMaker Pro 14\DL100JP2KLib.dll
2015-10-26 23:20 - 2015-10-26 23:20 - 00251152 _____ () C:\Program Files (x86)\FileMaker\FileMaker Pro 14\zlibwapi.dll
2015-10-26 23:19 - 2015-10-26 23:19 - 00344336 _____ () C:\Program Files (x86)\FileMaker\FileMaker Pro 14\Libetpan.dll
2015-10-26 23:19 - 2015-10-26 23:19 - 00515344 _____ () C:\Program Files (x86)\FileMaker\FileMaker Pro 14\SkiaDLL.dll
2016-03-10 07:03 - 2016-03-08 13:16 - 17541312 _____ () C:\Users\Shauna\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-597811528-1096036510-3546584382-1001\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-597811528-1096036510-3546584382-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\White.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "BlockAndSurf"
HKU\S-1-5-21-597811528-1096036510-3546584382-1001\...\StartupApproved\Run: => "Browser Infrastructure Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4107AA34-9F81-47D5-8DAB-7841E69F0728}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{EE450FD5-AB22-441A-8E4D-2D9901D63790}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{9D350006-2FFD-4DF4-A0D4-02D3CED5D8E4}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
FirewallRules: [{EF2C0507-2BE5-4245-8842-ADF5A1449FD8}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{AE6FE8FD-BFE7-49AB-A730-8CA44C203C60}] => (Allow) C:\Users\Shauna\AppData\Roaming\OAS\oas.exe
FirewallRules: [{56F14506-0BE5-4D70-B274-819B96C59771}] => (Allow) C:\Users\Shauna\AppData\Roaming\OAS\oasupd.exe
FirewallRules: [{12C8D988-5EA0-4F70-8AFC-C8B10FB277EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB1921FF-4694-455F-ADCC-6ED388EAB700}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6B0C0201-AFF4-4F6C-8F56-53AE1E95E843}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{776F8265-3A0A-4DB8-A2FD-86E68C97DB23}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{34BCD8F0-912C-46B1-A82D-47FCC873927B}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{4C167082-5210-491A-8C3F-26C1166EA4A2}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{533F4122-0A84-4BA4-B44C-D078D58C3117}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{F3459923-FCC0-47B3-901B-06700A5F59C1}C:\program files (x86)\filemaker\filemaker pro 7\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 7\filemaker pro.exe
FirewallRules: [UDP Query User{119425C4-DB09-4F11-918F-1662871120F0}C:\program files (x86)\filemaker\filemaker pro 7\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 7\filemaker pro.exe
FirewallRules: [{A583A54C-3DF4-4E09-BCFF-76FBCBF2E775}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F3B5953-35F9-4402-9322-EEBC0FABD702}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FD20C306-3E21-41AF-B657-9FBC2DBAA123}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DC4B3091-BB3F-44F5-8C4B-C64B1C7B0725}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{996FDDC5-1B8C-4226-8680-1AE8A7B46AF5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{665458DD-6D70-46A1-ADB6-1F0ABC9ADE06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C885D9D-45A3-433A-96DC-C29638B5090F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9CBBAE77-6AC0-45ED-91E7-6AE8C0B3AF37}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{A6A9F0FF-83F3-4EDA-BD18-E7B921F9DB43}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{17792AD1-C783-4843-9F3E-7C59CAF63422}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe
FirewallRules: [UDP Query User{C9AFCE1C-2D03-4704-8ABC-65C7C3FA4731}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe
FirewallRules: [TCP Query User{A6808BD8-8692-4DD4-83D8-3E11DB125B7B}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe
FirewallRules: [UDP Query User{E4AC2BC4-8224-4F18-9825-C117C24DC4DD}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe
FirewallRules: [{6CE853FD-AA23-4DE0-A0DC-F44B0DDF29B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{13C870CC-7B39-4460-8B95-E57CAA0B9729}C:\program files (x86)\filemaker\filemaker pro 14\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 14\filemaker pro.exe
FirewallRules: [UDP Query User{91453B16-80DF-44A8-AB3D-36101C50CD8E}C:\program files (x86)\filemaker\filemaker pro 14\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 14\filemaker pro.exe
 
==================== Restore Points =========================
 
02-03-2016 09:49:47 Installed ThorpeForms
16-03-2016 06:33:50 Scheduled Checkpoint
20-03-2016 21:11:13 Installed FileMaker Pro 14.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/22/2016 06:09:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14380953
 
Error: (03/22/2016 06:09:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14380953
 
Error: (03/22/2016 06:09:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/22/2016 02:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3297
 
Error: (03/22/2016 02:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3297
 
Error: (03/22/2016 02:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/22/2016 02:09:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1828
 
Error: (03/22/2016 02:09:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1828
 
Error: (03/22/2016 02:09:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/18/2016 04:19:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: THORPETECH)
Description: Product: FileMaker Pro 13 Advanced -- The updater cannot find a qualifying product on the system.
 
 
System errors:
=============
Error: (03/15/2016 12:49:15 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MANAGERTOSHIBA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{50222A13-3A75-4F47-9914-981FEE4D078D}.
The master browser is stopping or an election is being forced.
 
Error: (03/03/2016 06:04:42 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MANAGERTOSHIBA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{50222A13-3A75-4F47-9914-981FEE4D078D}.
The master browser is stopping or an election is being forced.
 
Error: (03/03/2016 06:04:40 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (03/03/2016 06:04:40 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (03/03/2016 06:04:40 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (03/03/2016 06:04:40 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (03/02/2016 11:58:47 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (03/02/2016 11:58:47 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (03/02/2016 11:58:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:19:25 PM on ‎3/‎2/‎2016 was unexpected.
 
Error: (02/18/2016 12:45:51 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MANAGERTOSHIBA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{50222A13-3A75-4F47-9914-981FEE4D078D}.
The master browser is stopping or an election is being forced.
 
 
CodeIntegrity:
===================================
  Date: 2015-12-31 02:39:12.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:39:11.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:39:04.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:39:03.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:39:03.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:39:02.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:39:01.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:39:01.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:39:00.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 02:38:59.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2820 @ 2.13GHz
Percentage of memory in use: 44%
Total physical RAM: 8075.29 MB
Available physical RAM: 4447.05 MB
Total Virtual: 9355.29 MB
Available Virtual: 5188.13 MB
 
==================== Drives ================================
 
Drive c: (TI10686800A) (Fixed) (Total:456.2 GB) (Free:338.27 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:29.95 GB) (Free:24.93 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, could you let me know how the computer is after this run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM -> {1FA3608F-A996-4F0C-82F9-7AB976FAF87B} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1QzuyCyEyD0AtDyEtD0AyByCzyyDtCtDtDtCtN0D0Tzu0SzyyDzytN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2StB0F0B0C0EtD0FtAtG0FyEzy0BtGtDtC0CtDtGyBtB0DzztGtByD0Czy0AtDtDtCzzyBtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CtDzz0BtC0BzytG0FtAyEyCtG0F0AyC0DtGzz0BtDtAtGtA0AyE0AtC0C0AtDzzyCyBtB2Q&cr=671580093&ir=
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vS1RS-pfMud-rXXpemcY3p0BtExL8ouNTT9drs0N4hzFHlZ-wy7u_G6lGYMn-8DppCTxTxUNm_YHOhZkqFrGNdx6_tp1KKRQ9EjajaooJSlTnn12_y39DBrGZGaX2uOz_&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597811528-1096036510-3546584382-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vS1RS-pfMud-rXXpemcY3p0BtExL8ouNTT9drs0N4hzFHlZ-wy7u_G6lGYMn-8DppCTxTxUNm_YHOhZkqFrGNdx6_tp1KKRQ9EjajaooJSlTnn12_y39DBrGZGaX2uOz5&q={searchTerms}
BHO: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No File
BHO-x32: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
FF HKLM\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox => not found
R2 dsrvprn; C:\Windows\SysWOW64\dsrvprn.exe [268600 2014-11-02] () [File not signed]
R1 mwiynzm4ndy1yjz; C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys [69000 2015-03-18] (Windows ® Win 7 DDK provider)
S1 b786bdb3c67d; system32\drivers\b786bdb3c67d.sys [X]
S1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64; system32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys [X]
S1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}w64; system32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}w64.sys [X]
S1 itnfd_1_10_0_10; system32\drivers\itnfd_1_10_0_10.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
Task: {4A62054F-CF17-4310-9B59-469A28B6118E} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Shauna\AppData\Local\3097\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\UITERH.job => C:\Users\Shauna\AppData\Roaming\UITERH.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Shauna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=1
ShortcutWithArgument: C:\Users\Shauna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=1
C:\Windows\SysWOW64\dsrvprn.exe
C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys
C:\Windows\System32\drivers\b786bdb3c67d.sys
C:\Windows\System32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys
C:\Windows\System32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}w64.sys
C:\Windows\System32\drivers\itnfd_1_10_0_10.sys
C:\Windows\System32\drivers\wpnfd_1_10_0_4.sys
C:\Program Files (x86)\GetPrivate
C:\Users\Shauna\AppData\Local\3097
C:\Users\Shauna\AppData\Roaming\UITERH.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP