Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop acting very sluggish [Solved]


  • This topic is locked This topic is locked

#1
Goodwrench1

Goodwrench1

    Member

  • Member
  • PipPip
  • 57 posts

Hello Mike here, this laptop is acting very slow. Takes an anguishing long time to boot up and to open any microsoft office product or even an internet search. Any help is appreciated. Here are the files aksed for.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2017
Ran by Lisa (administrator) on LISA-HP (07-10-2017 22:28:35)
Running from C:\Users\Lisa\Downloads
Loaded Profiles: Lisa (Available Profiles: Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Temp\815498C1-5410-44FF-8D04-D3D42FF99CBE\DismHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Octoshape ApS) C:\Users\Lisa\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Google Inc.) C:\Users\Lisa\AppData\Local\Temp\61.0.3163.100_61.0.3163.79_chrome_updater.exe4d1ce45a
(Google Inc.) C:\Users\Lisa\AppData\Local\Temp\CR_04FCF.tmp\setup.exe
(Google Inc.) C:\Users\Lisa\AppData\Local\Temp\CR_04FCF.tmp\setup.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-01-07] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2013-11-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Lisa\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Google Update] => C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2014-09-26]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk [2014-11-17]
ShortcutTarget: SolidWorks Task Scheduler Engine.lnk -> C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swboengine.exe (Dassault Systèmes SolidWorks Corp.)
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 66.243.243.101 216.227.100.60
Tcpip\..\Interfaces\{3579BB97-668C-4E2C-919B-79B016BD98C6}: [DhcpNameServer] 66.243.243.101 216.227.100.60
Tcpip\..\Interfaces\{9331FD8C-01C7-45CD-9FF8-E48EFF4EBF49}: [DhcpNameServer] 66.243.243.101 216.227.100.60

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
URLSearchHook: HKLM-x32 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN39868323432732239&UM=2&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV=
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {4D4382CB-2D37-4072-AC16-86DAF5FC36B7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1587&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AA9&apn_dtid=^YYYYYY^CL^US&apn_uid=51ab320e-0b78-4986-ac70-05e1be56f7af&apn_sauid=EDF4286C-494C-41F4-854E-557084580954
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {4EAA0C3F-EA35-4EBA-8CB3-DF42C9551EC7} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {BA305F36-ADA0-4C76-BF41-1B8B49EEA1E2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN39868323432732239&UM=2
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-21] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-09-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
BHO-x32: InternetHelper3.1 Toolbar -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll [2013-07-17] (Conduit Ltd.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-21] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-09-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-09] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll [2013-07-17] (Conduit Ltd.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-21] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> No Name - {07CBF788-1359-421B-A4E3-5A8D041B90A3} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 3y5n98fn.default
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2695595616-2533598671-2337104264-1000\FireFox [not found] <==== ATTENTION
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default [2017-10-07]
FF user.js: detected! => C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\user.js [2017-01-21]
FF NewTab: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN42437071162352182&UM=2&SearchSource=3&q={searchTerms}&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV=
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN42437071162352182&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\3y5n98fn.default -> Ask.com
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3y5n98fn.default -> Ask Web Search
FF Homepage: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://home.tb.ask.com/index.jhtml?ptb=486188BB-1AEE-49A1-9370-5035E448E853&n=780cea98&p2=^YL^xdm303^S11532^us&si=113814
FF Keyword.URL: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=486188BB-1AEE-49A1-9370-5035E448E853&n=780cea98&ind=2014112408&p2=^YL^xdm303^S11532^us&si=113814&searchfor=
FF NetworkProxy: Mozilla\Firefox\Profiles\3y5n98fn.default -> no_proxies_on", "*.local"
FF NetworkProxy: Mozilla\Firefox\Profiles\3y5n98fn.default -> type", 0
FF Extension: (iCloud Bookmarks) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\Extensions\[email protected] [2016-11-28]
FF Extension: (BringMeSports) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\Extensions\[email protected] [2016-03-26]
FF Extension: (Adblock Plus) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\ask-web-search.xml [2014-11-24]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\conduit.xml [2013-08-20]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\trovi-search.xml [2014-11-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\[email protected]
FF Extension: (Kaspersky Password Manager) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\[email protected] [2017-01-21]
FF Plugin: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll [2014-05-24] ()
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll [2013-07-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-09-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2011-12-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @nsroblox.roblox.com/launcher -> C:\Users\Lisa\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Lisa\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Lisa\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lisa\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-11-08] (Octoshape ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN26381187742370432&UM=2&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV="
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2017-06-17]
CHR Extension: (iCloud Bookmarks) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-28]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2017-01-21]
CHR Extension: (InternetHelper3.1) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3289663&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (MixiDJ V8) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3287822&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25]
CHR Extension: (DVDVideoSoftTB) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT2269050&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lisa\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-08-07]
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Lisa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-07-22]
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\Lisa\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-06-29]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lisa\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Lisa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\Lisa\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-06-29]
StartMenuInternet: Google Chrome - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3059440 2017-07-18] (Microsoft Corporation)
R2 DefaultTabUpdate; C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-20] () [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2012-01-21] (Realsil Microelectronics Inc.) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-26] (SolidWorks) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Lisa\AppData\Local\Temp\7zS71FD\hpslpsvc64.dll [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195264 2017-07-27] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [314864 2017-04-13] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1038528 2017-07-27] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2017-01-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-27] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199640 2017-07-27] (AO Kaspersky Lab)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-07 22:28 - 2017-10-07 22:35 - 000035540 _____ C:\Users\Lisa\Downloads\FRST.txt
2017-10-07 22:23 - 2017-10-07 22:28 - 000000000 ____D C:\FRST
2017-10-07 22:15 - 2017-10-07 22:15 - 002400768 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2017-10-07 20:41 - 2017-10-07 20:41 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-24 10:39 - 2014-08-28 19:07 - 003179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-09-24 10:39 - 2014-05-08 02:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-09-24 10:30 - 2017-09-24 10:30 - 000000000 __RHD C:\MSOCache
2017-09-11 00:22 - 2017-09-11 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-09 19:25 - 2017-10-03 02:49 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2017-09-09 19:25 - 2017-09-09 19:25 - 000000000 ____D C:\Users\Lisa\AppData\Local\Skype
2017-09-09 19:24 - 2017-09-09 19:24 - 000002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-09-09 19:24 - 2017-09-09 19:24 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-09 19:24 - 2017-09-09 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-09-09 19:22 - 2017-09-09 19:22 - 000000000 ____D C:\Intel
2017-09-09 19:22 - 2013-10-01 19:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-09-09 19:22 - 2013-10-01 19:11 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-09-09 19:22 - 2013-10-01 19:08 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-09-09 19:22 - 2013-10-01 18:48 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-09-09 19:22 - 2013-10-01 18:48 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-09-09 19:22 - 2013-10-01 18:29 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-09-09 19:22 - 2013-10-01 18:10 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-09-09 19:22 - 2013-10-01 17:15 - 001057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-09-09 19:22 - 2013-10-01 17:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-09-09 19:22 - 2013-10-01 17:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-09-09 19:22 - 2013-10-01 17:08 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-09-09 19:22 - 2013-10-01 17:01 - 000420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-09-09 19:22 - 2013-10-01 16:58 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-09-09 19:22 - 2013-10-01 16:31 - 001147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-09-09 19:22 - 2013-10-01 16:08 - 000855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-09-09 19:22 - 2013-10-01 15:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-09-09 19:22 - 2013-10-01 13:57 - 006578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-09-09 19:22 - 2013-10-01 13:55 - 005698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-09-09 19:09 - 2012-08-23 07:13 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-09-09 19:09 - 2012-08-23 07:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2017-09-09 19:09 - 2012-08-23 07:08 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2017-09-09 19:09 - 2012-08-23 04:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2017-09-09 19:09 - 2012-08-23 03:51 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2017-09-09 18:44 - 2015-08-05 10:56 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-09-09 18:44 - 2015-08-05 10:06 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-09-09 18:42 - 2017-08-01 08:33 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-09 18:42 - 2017-08-01 08:16 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-09 18:42 - 2017-07-07 08:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-09 18:42 - 2017-07-07 08:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-09 18:38 - 2015-12-16 11:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-09-09 18:38 - 2015-12-16 11:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-09-09 18:38 - 2015-12-16 11:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-09-09 18:38 - 2015-12-16 11:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-09-09 18:38 - 2015-12-16 11:48 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-09-09 18:38 - 2015-12-16 11:48 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-09-09 16:01 - 2017-09-09 16:36 - 000002119 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-09-09 16:01 - 2017-09-09 16:36 - 000000000 ___RD C:\Users\Lisa\OneDrive
2017-09-09 16:01 - 2017-09-09 16:01 - 000002104 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-09-09 16:01 - 2017-09-09 16:01 - 000002104 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-09-09 16:01 - 2017-09-09 16:01 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-09-09 16:01 - 2017-09-09 16:01 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-09-09 15:39 - 2017-09-24 10:30 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-09 15:32 - 2017-09-22 04:45 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-09-09 15:30 - 2017-09-09 15:30 - 001130736 _____ (Microsoft Corporation) C:\Users\Lisa\Downloads\Setup.x86.en-US_ProfessionalRetail_GTN24-QPWRQ-X97Y4-9WY8J-PJ9KQ_TX_PR_.exe
2017-09-09 14:24 - 2017-09-09 14:24 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-09-09 14:24 - 2017-09-09 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-09 14:24 - 2017-09-09 14:24 - 000000000 ____D C:\Program Files (x86)\Java
2017-09-09 13:20 - 2017-09-09 13:20 - 000001615 _____ C:\Users\Lisa\Downloads\Meldrum_Rita_10545.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-07 22:14 - 2009-07-13 21:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-07 22:14 - 2009-07-13 21:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-07 22:08 - 2013-08-16 13:59 - 000000000 ____D C:\Windows\system32\MRT
2017-10-07 21:59 - 2015-06-17 21:39 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000UA.job
2017-10-07 21:44 - 2012-01-23 23:00 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-07 20:43 - 2012-01-02 17:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-10-07 20:42 - 2015-06-17 21:39 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000Core.job
2017-10-07 20:42 - 2014-09-29 10:40 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2017-10-07 20:33 - 2011-12-22 07:10 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{971FD70A-39A2-46E4-9EA4-C78CA8206A9D}
2017-10-07 20:29 - 2014-06-18 23:47 - 000000000 ____D C:\Users\Lisa\AppData\Local\Akamai
2017-09-24 10:26 - 2011-12-24 03:14 - 000000000 ___HD C:\Users\Lisa\AppData\Local\CrashDumps
2017-09-24 10:25 - 2015-11-28 15:09 - 000000000 ____D C:\Users\Lisa\AppData\Local\CE0D3DD1-1F55-4FBC-A664-EBB972B4AE46.aplzod
2017-09-24 10:22 - 2015-11-28 15:10 - 000000000 ___RD C:\Users\Lisa\iCloudDrive
2017-09-22 04:36 - 2012-06-15 16:37 - 000779260 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-22 04:36 - 2009-07-13 22:13 - 000779260 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-22 04:36 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-09-18 07:30 - 2012-06-01 13:37 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-18 07:30 - 2012-06-01 13:17 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-18 07:30 - 2012-06-01 13:17 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-18 07:30 - 2012-02-18 18:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-18 07:30 - 2011-06-21 12:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-18 07:23 - 2015-11-14 14:58 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-09-17 20:39 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-11 00:34 - 2009-07-13 21:45 - 000544176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-11 00:16 - 2011-12-23 23:10 - 000000000 ____D C:\ProgramData\PopCap Games
2017-09-11 00:16 - 2009-07-13 22:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-10 22:53 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-09 19:25 - 2013-12-13 18:01 - 000000000 ____D C:\ProgramData\Skype
2017-09-09 17:15 - 2012-01-16 16:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-09 17:15 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-09 17:05 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-09-09 16:55 - 2017-06-04 11:42 - 000137728 _____ C:\Users\Lisa\Documents\Lisa's Rodan and Fields 2017.xls
2017-09-09 16:54 - 2016-01-16 13:02 - 000010060 _____ C:\Users\Lisa\Documents\crockpot shopping list.xlsx
2017-09-09 16:01 - 2011-12-22 07:05 - 000000000 ___HD C:\Users\Lisa
2017-09-09 15:40 - 2012-01-08 12:00 - 000002349 ____H C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-09 12:52 - 2017-04-01 13:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-09 12:52 - 2012-07-10 10:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-11-06 00:55 - 2015-05-13 12:50 - 000000000 _____ () C:\Users\Lisa\AppData\Local\Temptable.xml
2014-06-19 00:27 - 2014-06-19 00:27 - 000000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
2015-11-28 14:58 - 2015-11-28 14:58 - 000071168 _____ () C:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpicpoek.dll
2014-07-14 03:26 - 2014-07-14 03:26 - 000026424 _____ (AVG) C:\Users\Lisa\AppData\Local\Temp\DseShExt-x64.dll
2014-07-14 03:26 - 2014-07-14 03:26 - 000028472 _____ (AVG) C:\Users\Lisa\AppData\Local\Temp\DseShExt-x86.dll
2014-07-14 03:26 - 2014-07-14 03:26 - 000032056 _____ (AVG) C:\Users\Lisa\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-14 03:26 - 2014-07-14 03:26 - 000031544 _____ (AVG) C:\Users\Lisa\AppData\Local\Temp\SDShelEx-x64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-25 18:57

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2017
Ran by Lisa (07-10-2017 22:36:50)
Running from C:\Users\Lisa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-22 14:05:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2695595616-2533598671-2337104264-500 - Administrator - Disabled)
Guest (S-1-5-21-2695595616-2533598671-2337104264-501 - Limited - Disabled)
Lisa (S-1-5-21-2695595616-2533598671-2337104264-1000 - Administrator - Enabled) => C:\Users\Lisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Out of date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D XML Player (HKLM\...\{383D9F1B-A4F6-4C6C-A925-05A2636A0176}) (Version: 16.7.14143 - Dassault Systemes)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0000-0102-0060B0CE6BBA}) (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0409-2102-0060B0CE6BBA}) (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (HKLM\...\{5783F2D7-D001-0409-1102-0060B0CE6BBA}) (Version: 19.1.42.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.42.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Bejeweled 2 Deluxe (HKLM-x32\...\WT089453) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WT089498) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT089454) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defaulttab (HKLM-x32\...\DefaultTab) (Version: 2.5.0.0 - Search Results, LLC) <==== ATTENTION
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FATE - The Traitor Soul (HKLM-x32\...\WT089470) (Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.11.25.627 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.25.627 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
InternetHelper3.1 Toolbar (HKLM-x32\...\InternetHelper3.1 Toolbar) (Version: 6.15.0.27 - InternetHelper3.1)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{2C74A102-DC39-4158-A831-02BDE2EC7D5D}) (Version: 8.0.5.485 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{2C74A102-DC39-4158-A831-02BDE2EC7D5D}) (Version: 8.0.5.485 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Mah Jong Medley (HKLM-x32\...\WT087393) (Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4963.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WT089496) (Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089484) (Version: 2.2.0.95 - WildTangent) Hidden
Octoshape Streaming Services (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089458) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
ROBLOX Player for Lisa (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Slingo Supreme (HKLM-x32\...\WT089457) (Version: 2.2.0.95 - WildTangent) Hidden
SolidWorks 2014 x64 Edition SP02 (HKLM\...\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}) (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks 2014 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20140-40200-1100-100) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks Composer Player 2014 SP02 x64 Edition (HKLM\...\{BE804C73-0FE8-4FB4-87D9-E2B685EE0A7C}) (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP02 (HKLM\...\{1D6EE468-49CC-4BF5-9A7A-4C8175EFA47A}) (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\WT089455) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\ChromeHTML: -> C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-07-21] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2013-07-21] (Autodesk)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-26] (AO Kaspersky Lab)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-11-17] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-07-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-07-02] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-26] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-26] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-04-15] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-26] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-07-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-07-02] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2695595616-2533598671-2337104264-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2695595616-2533598671-2337104264-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2695595616-2533598671-2337104264-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A9E90D5-654D-4514-9D69-D5D21BBED3B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-18] (Adobe Systems Incorporated)
Task: {1B3B6AEC-FBBB-4140-ABAA-58408FFE0D2C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {1DF547F8-7032-40C4-BCD5-3282F98774CD} - System32\Tasks\{A761EFA7-65D5-4531-8EBD-51312C4FC3CB} => C:\Windows\system32\pcalua.exe -a C:\Users\Lisa\Downloads\aleks317.exe -d C:\Users\Lisa\Downloads
Task: {382767BC-F7AC-4030-893A-78825527014B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000Core => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {390B3BFF-8F4F-417C-9F13-F2CDE66AE8FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000UA => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {3FB31C2C-B582-4B73-93B8-EC3AC8845742} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000Core => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {434ADB98-03E1-4DEB-91EB-3CFBE58EFEC1} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {4945146F-FA6E-425A-8020-BAA635AC8233} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-09-09] (Microsoft Corporation)
Task: {4A3091FE-5EAB-4C07-9450-DDFE0BD23518} - System32\Tasks\{3FA135F2-F75F-42A0-A484-2AADB1CEA3D6} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.1.0.104.324/en/go/help.faq.installer?LastError=1618
Task: {596B6A97-9EFD-417B-9F18-612B2CBBE11E} - \DefaultReg -> No File <==== ATTENTION
Task: {617E486F-87CD-46BA-8478-3273B0BC55A9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {730D8581-0BA9-49D5-9AD0-BCE47195B031} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-11-27] (Microsoft)
Task: {7BD80FE1-E92F-4AA4-A324-58F460F77D2B} - \DefaultCheck -> No File <==== ATTENTION
Task: {7D922C55-FC90-41D2-B7FC-007BDF5FBECF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {7F5EF3E2-106C-459B-92FC-2D4BEC81B4D0} - System32\Tasks\{F2B5D350-8502-43B7-B9ED-ECDEE29ECFB3} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.1.0.104.324/en/go/help.faq.installer?LastError=1618
Task: {838ABC31-D085-482F-AC5F-F9C577901D2A} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {9B0D0946-2C15-43DD-BB75-0644D96D8C4C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2695595616-2533598671-2337104264-1000
Task: {A214DDCE-FA1B-4B2E-B02B-C8B7781C32A6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {BEE42482-F234-4071-BB78-AC70B703838A} - System32\Tasks\Google Updater and Installer => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C29CFF23-8E83-4332-9F1E-A5C7A415F02D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C3E6E486-DC7D-4180-8CC8-E34C9B517EA1} - System32\Tasks\{E5230A81-D5C1-48D4-8E1C-66E229B7CD69} => C:\Windows\system32\pcalua.exe -a C:\Users\Lisa\Downloads\SolidWorksSetup.exe -d C:\Users\Lisa\Downloads
Task: {D1EA2DA3-D876-4FBB-A875-F37C677944A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-09-09] (Microsoft Corporation)
Task: {D2D619C6-3DA2-4E53-905F-60A9A3C28C2C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {DEC8B9CF-AC1C-44A2-A0DE-2150C6470BD9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {FA8DA707-092E-4EFF-8E36-38E22452F7CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000UA => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000Core.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000UA.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-20 15:39 - 2013-08-20 15:39 - 000107520 _____ () C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
2017-09-09 15:32 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-09-09 15:42 - 2017-09-09 15:42 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-10-24 12:24 - 2011-01-27 09:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-11 20:06 - 2014-01-11 20:06 - 000276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2010-06-24 02:21 - 2010-06-24 02:21 - 001102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2016-06-28 01:19 - 2016-06-28 01:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2011-10-24 12:24 - 2011-05-20 11:05 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-11-17 02:29 - 2016-11-17 02:29 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-17 02:29 - 2016-11-17 02:29 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-09-09 16:23 - 2017-09-09 16:25 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-09-22 12:46 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-09-09 15:33 - 2017-09-09 15:38 - 000131264 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2017-09-09 15:32 - 2017-09-09 15:32 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
2010-06-24 02:19 - 2010-06-24 02:19 - 000514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [124]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 66.243.243.101 - 216.227.100.60
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F9C300F8-DF28-4FE0-AFFE-718F8E01D2AC}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{9EDA278D-1263-47F1-AC93-0AE70F780010}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{77D7C794-AE1D-4E44-95B4-A6DFBA3D7E63}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{F81DB3FF-48CF-4B03-9E61-EA74B9BCE4E9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{D7776677-CD4C-465A-8017-7F99230EFD62}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3A027150-1368-4FE4-A8B8-9B6AF833E2C2}] => (Allow) LPort=2869
FirewallRules: [{A4434578-0F65-4073-9D0D-96CF7A796ADF}] => (Allow) LPort=1900
FirewallRules: [{54E8B167-0B45-44C1-8DF3-9500776B81A0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E248442D-ACB2-4DE2-B52E-625F57627040}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{31F9355F-20E6-4DEB-8BC9-6408865D2AD9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{48526255-DE7B-4FE6-B973-BE72EC9FBEB0}] => (Allow) LPort=50248
FirewallRules: [{EF1F1C7F-E3F0-4A02-AE71-CF1D807B7A85}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{0D6C36FE-FCDE-45E2-97D5-63CC7712B960}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{274C71EF-6DB4-4530-91CC-13124FD3164C}] => (Allow) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2277C273-5601-4412-80B2-715A2A42A0D4}] => (Allow) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{22065E97-2D2D-4620-B5CC-06DD845C4016}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{630A47F2-274F-4F46-AAE1-5B1A9BA3BF47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F87A6A4-9A79-42AD-A3E2-080D279F44E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{94DF891F-707D-4416-A324-9F94FAB10F6C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{76CC155E-6FF8-4404-BD15-89A436291F86}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4141CF83-B7E2-42AA-89A8-55A08B110A34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A14C6922-46AF-4DA7-98F5-FD10271D1D65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A61AE89C-8E04-42D9-A251-E04E4BE8A70F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9805016-DAFC-44CB-9C3F-64E4B0516EDE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{47B773EF-C40F-40CE-A614-129AB573FB64}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{67936AA3-2591-41C9-AEC9-37EF86CF74DE}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{907A7533-4EBA-4EFC-AC11-11CD93E303E2}C:\users\lisa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lisa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{E318BDFC-44D4-4987-8709-FCBCADCF7254}C:\users\lisa\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lisa\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{0D872947-77FB-47D4-8E08-F02DD3C93CB3}C:\users\lisa\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lisa\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{D5E33E52-C2A7-4BD1-BDD6-E4CD95CB3F71}C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7ADBD9BF-AA66-4E71-9E77-C51E6ED7434C}C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7AF79EA3-52D6-4165-9CC6-115799F41599}] => (Allow) C:\Users\Lisa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{5B4E9D9D-54D7-4BDA-B2AC-327CC05D175B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B9A246D9-3440-4755-BD1C-79B66A0551BF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{595619A5-F745-40E1-9844-D3A12FE7ED8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BB013959-E53E-4FAE-92B4-FF4C56C412FF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{740E8B92-861D-49CF-97B1-1522D1ED9CC4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7525CBE7-404B-42B9-9B44-C3336535F112}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

==================== Restore Points =========================

09-09-2017 13:25:16 Windows Update
09-09-2017 17:01:39 Removed Microsoft Office 2003 Web Components
09-09-2017 17:04:35 Removed Microsoft Office Enterprise 2007
09-09-2017 18:45:18 Windows Update
11-09-2017 00:31:13 Windows Update
24-09-2017 10:38:45 Windows Update
02-10-2017 19:00:40 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2017 08:29:51 PM) (Source: MsiInstaller) (EventID: 11310) (User: Lisa-HP)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Lisa\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (10/07/2017 08:29:11 PM) (Source: MsiInstaller) (EventID: 11310) (User: Lisa-HP)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Lisa\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (10/07/2017 08:28:32 PM) (Source: MsiInstaller) (EventID: 11310) (User: Lisa-HP)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Lisa\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (10/03/2017 02:50:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17331

Error: (10/03/2017 02:50:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17331

Error: (10/03/2017 02:50:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/03/2017 02:50:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16271

Error: (10/03/2017 02:50:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16271

Error: (10/03/2017 02:50:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/03/2017 02:50:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15272


System errors:
=============
Error: (10/07/2017 10:00:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2923545).

Error: (10/07/2017 09:27:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (10/07/2017 09:01:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070308: 2017-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4038777).

Error: (10/02/2017 08:09:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB3020388).

Error: (10/02/2017 08:01:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/02/2017 08:01:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/24/2017 10:36:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200e: 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4041083).

Error: (09/24/2017 10:19:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (09/17/2017 08:42:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
The specified module could not be found.

Error: (09/11/2017 12:39:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
The specified module could not be found.


CodeIntegrity:
===================================
  Date: 2014-10-14 11:04:32.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 10:35:19.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 10:35:19.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 10:35:19.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 10:35:19.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 75%
Total physical RAM: 4043.86 MB
Available physical RAM: 993.63 MB
Total Virtual: 8085.9 MB
Available Virtual: 3831.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.85 GB) (Free:454.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.03 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7ADEB7CE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Special Note: Please know that I am against piracy in any form. This includes, but not limited to, movies, music, and software. This is also a violation of the Terms of Service you agreed to when you created your account here. If programs such as KMS that are used to activate illegal copies of Microsoft software are found, you will be asked to remove them and submit fresh logs.

Failure to do so will result in assistance being withdrawn.

Now, let's get started, shall we? :thumbsup:

Step 1: Program Uninstall

Please uninstall the following program from your machine as it is adware/malware related:

Defaulttab


Step 2: Fix with FRST

Please note: Before running this step, please move FRST64.exe from C:\Users\Lisa\Downloads to your Desktop. All tools must be run from the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
() C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Policies\Explorer: []
GroupPolicy\User: Restriction <==== ATTENTION
URLSearchHook: HKLM-x32 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
C:\Program Files (x86)\InternetHelper3.1
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN39868323432732239&UM=2&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV=
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {4D4382CB-2D37-4072-AC16-86DAF5FC36B7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1587&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AA9&apn_dtid=^YYYYYY^CL^US&apn_uid=51ab320e-0b78-4986-ac70-05e1be56f7af&apn_sauid=EDF4286C-494C-41F4-854E-557084580954
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {4EAA0C3F-EA35-4EBA-8CB3-DF42C9551EC7} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {BA305F36-ADA0-4C76-BF41-1B8B49EEA1E2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN39868323432732239&UM=2
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
BHO-x32: InternetHelper3.1 Toolbar -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll [2013-07-17] (Conduit Ltd.)
Toolbar: HKLM-x32 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll [2013-07-17] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> No Name - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - No File
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2695595616-2533598671-2337104264-1000\FireFox [not found] <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN42437071162352182&UM=2&SearchSource=3&q={searchTerms}&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV=
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN42437071162352182&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\3y5n98fn.default -> Ask.com
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3y5n98fn.default -> Ask Web Search
FF Homepage: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://home.tb.ask.com/index.jhtml?ptb=486188BB-1AEE-49A1-9370-5035E448E853&n=780cea98&p2=^YL^xdm303^S11532^us&si=113814
FF Keyword.URL: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=486188BB-1AEE-49A1-9370-5035E448E853&n=780cea98&ind=2014112408&p2=^YL^xdm303^S11532^us&si=113814&searchfor=
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\ask-web-search.xml [2014-11-24]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\conduit.xml [2013-08-20]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\trovi-search.xml [2014-11-17]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN26381187742370432&UM=2&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV="
CHR Extension: (MixiDJ V8) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3287822&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (DVDVideoSoftTB) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT2269050&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (InternetHelper3.1) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3289663&extensionData=\u003Cextension_data>] <==== ATTENTION
S2 HPSLPSVC; C:\Users\Lisa\AppData\Local\Temp\7zS71FD\hpslpsvc64.dll [X] <==== ATTENTION
Task: {596B6A97-9EFD-417B-9F18-612B2CBBE11E} - \DefaultReg -> No File <==== ATTENTION
Task: {7BD80FE1-E92F-4AA4-A324-58F460F77D2B} - \DefaultCheck -> No File <==== ATTENTION
R2 DefaultTabUpdate; C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-20] () [File not signed]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download AdwCleaner by Xplode to your Desktop from the following link.

Download Link #1
Download Link #2

  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Option and put a check mark on everything;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
  • Copy and Paste the contents of this log in your reply.
Step 5: Fresh FRST Logs
  • Start Farbar's Recovery Scan Tool, check the Addition box and press the Scan button.
  • FRST will scan your system and produce 2 logs, FRST.txt and Addition.txt. Please post both logs in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

An update: How is the machine performing at this time?

  • 0

#3
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017
Ran by Lisa (09-10-2017 23:42:13) Run:1
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Policies\Explorer: []
GroupPolicy\User: Restriction <==== ATTENTION
URLSearchHook: HKLM-x32 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
C:\Program Files (x86)\InternetHelper3.1
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN39868323432732239&UM=2&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV=
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {4D4382CB-2D37-4072-AC16-86DAF5FC36B7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1587&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AA9&apn_dtid=^YYYYYY^CL^US&apn_uid=51ab320e-0b78-4986-ac70-05e1be56f7af&apn_sauid=EDF4286C-494C-41F4-854E-557084580954
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {4EAA0C3F-EA35-4EBA-8CB3-DF42C9551EC7} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {BA305F36-ADA0-4C76-BF41-1B8B49EEA1E2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN39868323432732239&UM=2
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
BHO-x32: InternetHelper3.1 Toolbar -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll [2013-07-17] (Conduit Ltd.)
Toolbar: HKLM-x32 - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll [2013-07-17] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> No Name - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - No File
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2695595616-2533598671-2337104264-1000\FireFox [not found] <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN42437071162352182&UM=2&SearchSource=3&q={searchTerms}&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV=
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN42437071162352182&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\3y5n98fn.default -> Ask.com
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3y5n98fn.default -> Ask Web Search
FF Homepage: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://home.tb.ask.com/index.jhtml?ptb=486188BB-1AEE-49A1-9370-5035E448E853&n=780cea98&p2=^YL^xdm303^S11532^us&si=113814
FF Keyword.URL: Mozilla\Firefox\Profiles\3y5n98fn.default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=486188BB-1AEE-49A1-9370-5035E448E853&n=780cea98&ind=2014112408&p2=^YL^xdm303^S11532^us&si=113814&searchfor=
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\ask-web-search.xml [2014-11-24]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\conduit.xml [2013-08-20]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\trovi-search.xml [2014-11-17]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN26381187742370432&UM=2&UP=SP0B7F8040-E1D6-4F84-AE03-7A0F653CCA07&SSPV="
CHR Extension: (MixiDJ V8) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3287822&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (DVDVideoSoftTB) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT2269050&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (InternetHelper3.1) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3289663&extensionData=\u003Cextension_data>] <==== ATTENTION
S2 HPSLPSVC; C:\Users\Lisa\AppData\Local\Temp\7zS71FD\hpslpsvc64.dll [X] <==== ATTENTION
Task: {596B6A97-9EFD-417B-9F18-612B2CBBE11E} - \DefaultReg -> No File <==== ATTENTION
Task: {7BD80FE1-E92F-4AA4-A324-58F460F77D2B} - \DefaultCheck -> No File <==== ATTENTION
R2 DefaultTabUpdate; C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-20] () [File not signed]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe => No running process found
C:\Users\Lisa\AppData\Roaming\DefaultTab\DefaultTab => moved successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => value removed successfully
C:\Program Files (x86)\InternetHelper3.1 => moved successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key removed successfully
HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => key removed successfully
HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D4382CB-2D37-4072-AC16-86DAF5FC36B7} => key removed successfully
HKLM\Software\Classes\CLSID\{4D4382CB-2D37-4072-AC16-86DAF5FC36B7} => key not found.
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EAA0C3F-EA35-4EBA-8CB3-DF42C9551EC7} => key removed successfully
HKLM\Software\Classes\CLSID\{4EAA0C3F-EA35-4EBA-8CB3-DF42C9551EC7} => key not found.
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BA305F36-ADA0-4C76-BF41-1B8B49EEA1E2} => key removed successfully
HKLM\Software\Classes\CLSID\{BA305F36-ADA0-4C76-BF41-1B8B49EEA1E2} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => key removed successfully
HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => key not found.
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07CBF788-1359-421B-A4E3-5A8D041B90A3} => value removed successfully
HKLM\Software\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3} => key not found.
C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2695595616-2533598671-2337104264-1000\FireFox => path removed successfully
Firefox "newtab" removed successfully
Firefox DefaultSearchUrl removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\ask-web-search.xml => moved successfully
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\conduit.xml => moved successfully
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\searchplugins\trovi-search.xml => moved successfully
Chrome StartupUrls => removed successfully
CHR Extension: (MixiDJ V8) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3287822&extensionData=\u003Cextension_data>] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (DVDVideoSoftTB) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT2269050&extensionData=\u003Cextension_data>] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (InternetHelper3.1) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3289663&extensionData=\u003Cextension_data>] <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\HPSLPSVC => key removed successfully
HPSLPSVC => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{596B6A97-9EFD-417B-9F18-612B2CBBE11E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{596B6A97-9EFD-417B-9F18-612B2CBBE11E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultReg => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BD80FE1-E92F-4AA4-A324-58F460F77D2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BD80FE1-E92F-4AA4-A324-58F460F77D2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultCheck => key removed successfully
HKLM\System\CurrentControlSet\Services\DefaultTabUpdate => key removed successfully
DefaultTabUpdate => service removed successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {9AB1DEFE-7475-4316-B205-9C20198E4783}.
Unable to cancel {ABE3348F-8DBD-45C9-AAC2-FDA7C504C35B}.
0 out of 2 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11164116 B
Java, Flash, Steam htmlcache => 1331 B
Windows/system/drivers => 14753927080 B
Edge => 0 B
Chrome => 623389182 B
Firefox => 480276993 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42360951 B
systemprofile32 => 236031 B
LocalService => 16384 B
NetworkService => 541350 B
Lisa => 1899174931 B

RecycleBin => 2410601 B
EmptyTemp: => 16.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:48:51 ====


  • 0

#4
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Lisa (Administrator) on Tue 10/10/2017 at  0:26:06.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 33

Failed to delete: C:\Users\Lisa\AppData\Local\conduit (Folder)
Successfully deleted: C:\end (File)
Successfully deleted: C:\ProgramData\dtdata (Folder)
Successfully deleted: C:\ProgramData\tarma installer (Folder)
Successfully deleted: C:\SearchProtect (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\{7901B160-C1CF-44E0-8585-27387FE380DC} (Empty Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\{7D767C6C-3357-4E0F-8B36-426B7D40CEEE} (Empty Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\{916ED701-1FFA-4027-9754-27F8BB2D5E97} (Empty Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\{9526DBF5-24D4-430D-81EF-4DC102E35A5D} (Empty Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\{987FEB7B-C92C-451E-A2CA-81A8B1284943} (Empty Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\{C2577B2D-09A6-47CC-A2E5-A0ED175620B7} (Empty Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\{CB7992FE-67D1-4912-9917-42DF4E2A3A08} (Empty Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plmlpkfpkijnlijgalnjaacllnjmoamo (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\nativemessaging (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\tbhostsupport (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\whitelisting (Folder)
Successfully deleted: C:\Users\Lisa\Appdata\LocalLow\conduit (Folder)
Successfully deleted: C:\Users\Lisa\Appdata\LocalLow\internethelper3.1 (Folder)
Successfully deleted: C:\Users\Lisa\Appdata\LocalLow\pricegong (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Roaming\defaulttab (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\user.js (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\conduit (Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DUEN6IX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I60O11J3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBY0NWNW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8KPNORH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DUEN6IX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I60O11J3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBY0NWNW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8KPNORH (Temporary Internet Files Folder)

Deleted the following from C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\prefs.js
user_pref(CT2269050.1000082.isDisplayHidden, true);
user_pref(CT2269050.1000082.isPlayDisplay, true);
user_pref(CT2269050.1000082.state, {\state\:\stopped\,\text\:\Hotmix 108\,\description\:\Hotmix 108\,\url\:\hxxp://67.202.67.18:8082\});
user_pref(CT2269050.1000234.TWC_TMP_city, YELM);
user_pref(CT2269050.1000234.TWC_TMP_country, US);
user_pref(CT2269050.1000234.TWC_locId, USWA0503);
user_pref(CT2269050.1000234.TWC_location, Yelm, WA);
user_pref(CT2269050.1000234.TWC_region, US);
user_pref(CT2269050.1000234.TWC_temp_dis, f);
user_pref(CT2269050.1000234.TWC_wind_dis, mph);
user_pref(CT2269050.1000234.weatherData, {\icon\:\34.png\,\temperature\:\71°F\,\temperatureClear\:\71°F\,\highTemperature\:\78°F\,\lowTemperature\:\55
user_pref(CT2269050.129681780741097243.APP_WIN_FEATURES, openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=yes,saveresizedsize=no);
user_pref(CT2269050.CBOpenMAMSettings.enc, MA==);
user_pref(CT2269050.CT2269050ads1, %7B%22ads%22%3A%5B%7B%22aid%22%3A%2236732%22%2C%22title%22%3A%22✓%20Clean%20Your%20PC%20%28Free%29%20✓%22%2C%22adtext1%22%3A%22
user_pref(CT2269050.CT2269050current_term, dependent+verification);
user_pref(CT2269050.CT2269050sdate, 7);
user_pref(CT2269050.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.FirstTime, true);
user_pref(CT2269050.FirstTimeFF3, true);
user_pref(CT2269050.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3MTQxODY0NA==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc, MTM3OTgwMTMzMg==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MQ==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc, MA==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc, MA==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc, MA==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc, MA==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_USE_POP.enc, MA==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc, MA==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc, MA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MTM3OTg3OTg0Nw==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc, MTM3NjAxNDc0NQ==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc, MTM3ODY2NDUzOA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc, MTM3NDM1NDQzNA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=5th%20grade%20common%20core%20state%20standards&l=www.corestandards.org&t=2&v=0.4&d
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=advertisements%20false%20claims&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYw
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=advertisements%2Bfalse%2Bclaims%2Blesson%2Bplan&l=www.ftc.gov&t=2&v=0.4&d=conduit2.
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=advertisements%2Bfalse%2Bclaims%2Blesson%2Bplan&l=www.pbs.org&t=2&v=0.4&d=conduit2.
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=advertisements%2Bfalse%2Bclaims&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYw
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=advertising%20images&l=advertising-images.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwN
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=aggressiveness%2Bdsm%2Bdefinition&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3ND
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=aggressiveness%2Bsymptoms&l=www.localhealth.com&t=2&v=0.4&d=conduit2.enc, MTM3NDI
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=aggressiveness&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3NDI3NjU4OQ==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=aggressiveness&l=www.thefreedictionary.com&t=2&v=0.4&d=conduit2.enc, MTM3NDI3NjU3
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=amazon&l=www.amazon.com&t=2&v=0.4&d=conduit2.enc, MTM3MzIyODU3MA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=amerock%20hooks&l=www.simplyknobsandpulls.com&t=0&ab=site_distribution%20((0%2C%201
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bankofamerica.com&l=promo.bankofamerica.com&t=2&v=0.4&d=conduit2.enc, MTM3MzE0NTc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=best%20dishwashers%20for%202013&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3Mzc1
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bisquick%20blackberry%20cobbler%20recipe&l=www.allbisquickrecipes.com&t=2&v=0.4&d=c
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bisquick%20blackberry%20cobbler%20recipe&l=www.antioxidant-fruits.com&t=2&v=0.4&d=c
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bisquick%20blackberry%20cobbler%20recipe&l=www.cooks.com&t=2&v=0.4&d=conduit2.enc,
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bisquick%20blackberry%20cobbler%20recipe&l=www.pillsbury.com&t=2&v=0.4&d=conduit2.e
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bisquick%20blueberry%20muffins&l=www.food.com&t=2&v=0.4&d=conduit2.enc, MTM3NjE3N
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bizfilings%2Btoolkit&l=www.bizfilings.com&t=2&v=0.4&d=conduit2.enc, MTM3NDE5ODI5M
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bookcases&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3NTE0NDk1Mg==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=business%20owners%20toolkit&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3NDE5ODI3
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=business%20owners%20toolkit&l=www.bizfilings.com&t=2&v=0.4&d=conduit2.enc, MTM3ND
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=cabinetparts.com&l=www.cabinetparts.com&t=2&v=0.4&d=conduit2.enc, MTM3MzIyODI3NA=
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=cel%20model%20of%205%20dimensions%20of%20learning&l=www.k-12leadership.org&t=2&v=0.
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=cel%20model%20of%20teacher%20evaluation&l=tpep-wa.org&t=2&v=0.4&d=conduit2.enc, M
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=citalopram%20side%20effects&l=www.drugs.com&t=2&v=0.4&d=conduit2.enc, MTM3NDI3NzI
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=claims%20in%20advertising&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwODIwMg
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=clover%20park%20school%20distri&l=www.cloverpark.k12.wa.us&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=clover%20park%20school%20district&l=www.cloverpark.k12.wa.us&t=2&v=0.4&d=conduit2.e
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=common%20core%20state%20standards%20washington&l=www.k12.wa.us&t=2&v=0.4&d=conduit2
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=contract&l=en.wikipedia.org&t=2&v=0.4&d=conduit2.enc, MTM3NjE3MTAwMw==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=cuisenaire%20rods&l=en.wikipedia.org&t=2&v=0.4&d=conduit2.enc, MTM3MzYwMjA5Mg==)
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=danielson%2Bteacher-evaluation%2Bmodel&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, M
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=deceptive%2Badvertising%2Bexamples&l=www.insightempire.com&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=drawer%20pulls&l=www.simplyknobsandpulls.com&t=2&v=0.4&d=conduit2.enc, MTM3MzE0OT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=engaging%205th%20grade%20lesson&l=firesidelearning.ning.com&t=2&v=0.4&d=conduit2.en
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=engaging%205th%20grade%20lesson&l=voices.yahoo.com&t=2&v=0.4&d=conduit2.enc, MTM3
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=engaging%205th%20grade%20lesson&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYw
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=engaging%205th%20grade%20lesson&l=www.donorschoose.org&t=2&v=0.4&d=conduit2.enc,
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=examples%20of%20fake%20websites&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYw
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=examples%20of%20fake%20websites&l=www.philb.com&t=2&v=0.4&d=conduit2.enc, MTM3MzY
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=examples%20of%20false%20advertising&l=smallbusiness.chron.com&t=2&v=0.4&d=conduit2.
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=examples%20of%20false%20advertising&l=www.oddee.com&t=2&v=0.4&d=conduit2.enc, MTM
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=examples%20of%20false%20advertising&l=www.whatisall.com&t=2&v=0.4&d=conduit2.enc,
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=fafsa&l=www.fafsa.ed.gov&t=2&v=0.4&d=conduit2.enc, MTM3NjAwNjE4OA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=fairy%20tales&l=classicfairytales.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNDMxMA==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=fairy%20tales&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNDMxMw==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=fake%2Bclaim%2Bvs%2Breal%2Bclaim%2Blesson%2Bplan&l=www.bing.com&t=2&v=0.4&d=conduit
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=fake%2Bclaim%2Bvs%2Breal%2Bclaim%2Blesson%2Bplan&l=www.routledge.com&t=2&v=0.4&d=co
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=false%20advertising%20examples%20for%20kids&l=www.bing.com&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=false%20advertising&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNzYzMg==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=false%2Badvertising%2Bexamples%2Bfor%2Bkids&l=www.bing.com&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=false%2Badvertising%2Bexamples%2Blesson%2Bplan&l=www.bing.com&t=2&v=0.4&d=conduit2.
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=false%2Badvertising%2Bexamples%2Blesson%2Bplan&l=www.pbs.org&t=2&v=0.4&d=conduit2.e
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=false%2Badvertising&l=www.banner-advertisement.org&t=2&v=0.4&d=conduit2.enc, MTM3
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=false%2Badvertising&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNzcxMQ==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=ftc%20you%20are%20here&l=www.ftc.gov&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNzQ3OA==)
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=ftc.gov%2Fyouarehere&l=www.ftc.gov&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNzk2OA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=ftc.gov&l=ftc.gov&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNjkyMw==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=ham%20quiche%20recipe%20easy&l=www.cooks.com&t=2&v=0.4&d=conduit2.enc, MTM3NDAyMT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=harbor%20wholesale%20grocery&l=www.harborwholesale.com&t=2&v=0.4&d=conduit2.enc,
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=heart%20attack%20fever&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3NjAxNDczNg==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=hotwire.com&l=www.hotwire.com&t=2&v=0.4&d=conduit2.enc, MTM3NDA0ODA2Ng==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=how%20to%20can%20pie%20filling&l=allrecipes.com&t=2&v=0.4&d=conduit2.enc, MTM3NjE
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=how%20to%20can%20pie%20filling&l=tipnut.com&t=2&v=0.4&d=conduit2.enc, MTM3NjE3NDE
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=how%20to%20color%20excel%20spreadsheet&l=spreadsheets.about.com&t=2&v=0.4&d=conduit
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=how%20to%20freeze%20blueberries&l=www.pickyourown.org&t=2&v=0.4&d=conduit2.enc, M
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=how%20to%20freeze%20marionberries&l=www.examiner.com&t=2&v=0.4&d=conduit2.enc, MT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=is%2Bfever%2Ba%2Bsymptom%2Bof%2Bhear%2Battack&l=symptoms.rightdiagnosis.com&t=2&v=0
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=is%2Bfever%2Ba%2Bsymptom%2Bof%2Bhear%2Battack&l=www.ehow.com&t=2&v=0.4&d=conduit2.e
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=is%2Bfever%2Ba%2Bsymptom%2Bof%2Bhear%2Battack&l=www.heart.org&t=2&v=0.4&d=conduit2.
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=is%2Bfever%2Ba%2Bsymptom%2Bof%2Bhear%2Battack&l=www.webmd.com&t=2&v=0.4&d=conduit2.
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=marionberry%20jam%20recipe&l=cookeatshare.com&t=2&v=0.4&d=conduit2.enc, MTM3NjAwO
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=marionberry%20jam%20recipe&l=www.keyingredient.com&t=2&v=0.4&d=conduit2.enc, MTM3
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=marionberry%20jam%20recipe&l=www.marthastewart.com&t=2&v=0.4&d=conduit2.enc, MTM3
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=marionberry%20jam%20recipe&l=www.myownlabels.com&t=2&v=0.4&d=conduit2.enc, MTM3Nj
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=marionberry%20jam%20recipe&l=www.oregon-berries.com&t=2&v=0.4&d=conduit2.enc, MTM
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=marionberry%20jam%20recipe&l=www.pickyourown.org&t=2&v=0.4&d=conduit2.enc, MTM3Nj
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=marionberry%20jam%20recipe&l=www.thatsmyhome.com&t=2&v=0.4&d=conduit2.enc, MTM3Nj
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=mary%20jo%20buza&l=maryjobuza.com&t=2&v=0.4&d=conduit2.enc, MTM3NDUzOTY3Ng==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=math%2098&l=sched.spscc.ctc.edu&t=0&v=0.4&d=conduit2.enc, MTM3NDM1NDQzMg==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=mcp%20pectin&l=www.kraftbrands.com&t=2&v=0.4&d=conduit2.enc, MTM3NjAwNzM4NA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=msnbc%20breaking%20news&l=www.nbcnews.com&t=2&v=0.4&d=conduit2.enc, MTM3NDAyNTcyN
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=msnbc%20chris%20matthews%20fired&l=todaynewsgazette.com&t=2&v=0.4&d=conduit2.enc,
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=msnbc%20news&l=www.nbcnews.com&t=2&v=0.4&d=conduit2.enc, MTM3NDYxMjQ0Mw==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=msnbc&l=www.nbcnews.com&t=2&v=0.4&d=conduit2.enc, MTM3NDg3OTgzNA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=msnbc.com&l=www.nbcnews.com&t=2&v=0.4&d=conduit2.enc, MTM3NjE3MTQyNQ==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=msnbc.msn.com&l=www.nbcnews.com&t=2&v=0.4&d=conduit2.enc, MTM3NjE3NDM1Mg==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=nutritional%20emporium&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNjcyNw==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=nutritional%2Bemporium%2Bftc&l=www.ftc.gov&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNjcz
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=oak%20corner%20moulding&l=www.pronto.com&t=2&v=0.4&d=conduit2.enc, MTM3NTE0NjAxNA
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=olympian%20newspaper&l=www.theolympian.com&t=2&v=0.4&d=conduit2.enc, MTM3NDcwMzAx
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=ospi%20washington&l=www.k12.wa.us&t=2&v=0.4&d=conduit2.enc, MTM3MzU5NzQ2Ng==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=ospi&l=www.k12.wa.us&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNDQ2Ng==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=patriot%20express%20loan&l=www.sba.gov&t=2&v=0.4&d=conduit2.enc, MTM3NDA5MjQ5MQ==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=priceline.com&l=www.priceline.com&t=2&v=0.4&d=conduit2.enc, MTM3NDA0ODI1NQ==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=pruning%20lilac&l=gardening.about.com&t=2&v=0.4&d=conduit2.enc, MTM3NDg4NTQ2OQ==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=rainier%20hardware%20and%20blacksmith&l=www.bbb.org&t=2&v=0.4&d=conduit2.enc, MTM
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=rainier%20hardware%20and%20blacksmith&l=www.superpages.com&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=rainier%20school%20district&l=www.rainier.wednet.edu&t=2&v=0.4&d=conduit2.enc, MT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=raspberry%20cheesecake%20chimis&l=www.ruizfoodservice.com&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=rcw%20chapter%2028&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3NDA4NDYzNg==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=rcw%2Bchapter%2B28%2Bcommon%2Bschools&l=apps.leg.wa.gov&t=2&v=0.4&d=conduit2.enc,
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=rcw%2Bchapter%2B28%2Bcommon%2Bschools&l=www.k12.wa.us&t=2&v=0.4&d=conduit2.enc, M
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=reicherts%20distributing&l=www.reicherts-dist.com&t=2&v=0.4&d=conduit2.enc, MTM3N
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=sample%20business%20plan&l=www.myownbusiness.org&t=2&v=0.4&d=conduit2.enc, MTM3ND
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=school%20house%20model&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwMDUxMA==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=scrapbook.younglife.org&l=scrapbook.younglife.org&t=2&v=0.4&d=conduit2.enc, MTM3N
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=see%20think%20wonder&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNDk5Ng==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=see%2Bthink%2Bwonder&l=visiblethinkingroutines.blogspot.com&t=2&v=0.4&d=conduit2.en
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=see%2Bthink%2Bwonder&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNTUyNw==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=south%20puget%20sound%20community%20college&l=www.spscc.ctc.edu&t=2&v=0.4&d=conduit
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=southwest%20airlines&l=www.southwest.com&t=2&v=0.4&d=conduit2.enc, MTM3NDA0NjMwMQ
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=student%20engage%20activities&l=cte.udel.edu&t=2&v=0.4&d=conduit2.enc, MTM3MzU5OT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=student%20engage%20activities&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzU5OT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=student%20engage%20activities&l=www.edutopia.org&t=2&v=0.4&d=conduit2.enc, MTM3Mz
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=student%2Bengagement%2Blesson&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzU5OT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=student%2Bengagement%2Blesson&l=www.ccac.edu&t=2&v=0.4&d=conduit2.enc, MTM3MzU5OT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=student%2Bengagement%2Blesson&l=www.nea.org&t=2&v=0.4&d=conduit2.enc, MTM3MzU5OTM
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=student%2Bengagement%2Blesson&l=www.schoolimprovement.com&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=student%2Bengagement%2Blesson&l=www2.pvc.maricopa.edu&t=2&v=0.4&d=conduit2.enc, M
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=tansy%20ragwort%20identification&l=www.kingcounty.gov&t=2&v=0.4&d=conduit2.enc, M
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=tanzy&l=en.wikipedia.org&t=2&v=0.4&d=conduit2.enc, MTM3NDE5Mjk5MA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=tanzy&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3NDE5MzM4NA==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=teacher%20evaluation%20models&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3MzU5Nz
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=teacher%20evaluations&l=www.k12.wa.us&t=0&p=ospi%20washington&pt=1&ab=base20&abs=nu
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=teacher%2Bevaluation%2Bmodels%2Bin%2Bwashington&l=resource.tqsource.org&t=2&v=0.4&d
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=teacher%2Bevaluation%2Bmodels%2Bin%2Bwashington&l=tpep-wa.org&t=2&v=0.4&d=conduit2.
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=teacher%2Bevaluation%2Bmodels%2Bin%2Bwashington&l=www.bing.com&t=2&v=0.4&d=conduit2
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=teacher%2Bevaluation%2Bmodels%2Bin%2Bwashington&l=www.k-12leadership.org&t=2&v=0.4&
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=thinking%2Bstrategies&l=imaginationsoup.net&t=2&v=0.4&d=conduit2.enc, MTM3MzYwNTA
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=victorian%20bookshelves&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3NTE0NTIwNw==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=victorian%2Bbookshelves&l=bodnarsauction.com&t=2&v=0.4&d=conduit2.enc, MTM3NTE0NT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=victorian%2Bbookshelves&l=img.carters.com.au&t=2&v=0.4&d=conduit2.enc, MTM3NTE0NT
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=victorian%2Bbookshelves&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3NTE0NDk0MQ==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=victorian%2Bbookshelves&l=www.elisabethjamesantiques.co.uk&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=victorian%2Bbookshelves&l=www.locksleyfurniture.com&t=2&v=0.4&d=conduit2.enc, MTM
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=visible%2Bthinking%2Broutines&l=visiblethinkingroutines.blogspot.com&t=2&v=0.4&d=co
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=washington%20law%20on%20teacher%20contract&l=apps.leg.wa.gov&t=2&v=0.4&d=conduit2.e
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=washington%20law%20on%20teacher%20contract&l=www.atg.wa.gov&t=2&v=0.4&d=conduit2.en
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=washington%20law%20on%20teacher%20contract&l=www.educationsector.org&t=2&v=0.4&d=co
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=washington%20state%20divorce%20laws&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM3
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=washington%2Bstate%2Bdivorce%2Blaws&l=www.washingtondivorceonline.com&t=2&v=0.4&d=c
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=washington%2Bstate%2Bnoxious%2Bweeds&l=www.bing.com&t=2&v=0.4&d=conduit2.enc, MTM
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=washington%2Bstate%2Bnoxious%2Bweeds&l=www.kingcounty.gov&t=2&v=0.4&d=conduit2.enc
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=www.spscc.ctc.edu&l=www.spscc.ctc.edu&t=2&v=0.4&d=conduit2.enc, MTM3NjAwNDY0OA==
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=www.youtube.com&l=www.youtube.com&t=2&v=0.4&d=conduit2.enc, MTM3MzQzODc5MQ==);
user_pref(CT2269050.LoginRevertSettingsEnabled, true);
user_pref(CT2269050.NotificationsToShow_666138, [{\id\:\661999\,\channelId\:\666138\,\title\:\DVDVideoSoftTB Notifications\,\imageurl\:\hxxp://alert.storage.
user_pref(CT2269050.PG_ENABLE, dHJ1ZQ==);
user_pref(CT2269050.PG_ENABLE.enc, ZEhKMVpRPT0=);
user_pref(CT2269050.RevertSettingsEnabled, true);
user_pref(CT2269050.SEARCH_BOX_CNT.enc, MQ==);
user_pref(CT2269050.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT2269050.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT2269050.SF_USER_ID.enc, Y2lkXzg1MjAxMzUzMjEwNTI2OTIwOQ==);
user_pref(CT2269050.SearchAppState.enc, Mw==);
user_pref(CT2269050.SearchAppTracking.enc, MQ==);
user_pref(CT2269050.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=);
user_pref(CT2269050.UserID, UN87394762382437270);
user_pref(CT2269050.acp_personal.appstate.enc, ZW5hYmxl);
user_pref(CT2269050.addressBarTakeOverEnabledInHidden, true);
user_pref(CT2269050.autoDisableScopes, -1);
user_pref(CT2269050.browser.search.defaultthis.engineName, true);
user_pref(CT2269050.cb_experience_000.enc, OTc=);
user_pref(CT2269050.cb_firstuse0100.enc, MQ==);
user_pref(CT2269050.cb_user_id_000.enc, Q0I1MTg0NDM4MjAxOTRfMTM1NjIyNDE5ODM1NF9GaXJlZm94);
user_pref(CT2269050.cbcountry_001.enc, VVM=);
user_pref(CT2269050.cbfirsttime.enc, RnJpIEp1biAyOSAyMDEyIDIzOjQ4OjE5IEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp);
user_pref(CT2269050.countryCode, US);
user_pref(CT2269050.defaultSearch, true);
user_pref(CT2269050.discover-experiments-design.enc, eyJuYW1lIjoidW5wYXJ0aWNpcGF0aW5nIiwidmVyc2lvbiI6MX0=);
user_pref(CT2269050.discover-experiments-photopop.enc, eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=);
user_pref(CT2269050.discover-periodic-reports.enc, eyJwaW5nXzAiOlsxMzc2MTcxNDIzNjk3LDE0NDAwMDAwXX0=);
user_pref(CT2269050.discover-user-id.enc, IjIxY2NjNjY3LWJiZDctNDRhNS1iNjk0LTBiMzFkOWM0MmJhMSI=);
user_pref(CT2269050.embeddedsData, [{\appId\:\128834881989343895\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT2269050.enableAlerts, false);
user_pref(CT2269050.enableFix404ByUser, TRUE);
user_pref(CT2269050.enableSearchFromAddressBar, true);
user_pref(CT2269050.firstTimeDialogOpened, true);
user_pref(CT2269050.fixPageNotFoundError, true);
user_pref(CT2269050.fixPageNotFoundErrorByUser, true);
user_pref(CT2269050.fixPageNotFoundErrorInHidden, true);
user_pref(CT2269050.fixUrls, true);
user_pref(CT2269050.fullUserID, UN87394762382437270.UP.20130704174806);
user_pref(CT2269050.ground-country-code.enc, IlVTIg==);
user_pref(CT2269050.hover_counter.enc, MzM=);
user_pref(CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc, NTlmMTVkN2UtNDRjMi00NDgwLTkxZTEtOGVmMjgyMWY3MTg
user_pref(CT2269050.impression_counter.enc, NTI=);
user_pref(CT2269050.impression_session_counter.enc, Mw==);
user_pref(CT2269050.impression_session_id.enc, IjE1ZjNmMGU2LTBjYjQtNDVlNi04NGJhLWQ5ZDExNDk5MWUxOCI=);
user_pref(CT2269050.impression_session_last_active.enc, MTM3NjA4OTY0NzgwNw==);
user_pref(CT2269050.installId, ConduitNSISIntegration);
user_pref(CT2269050.installType, ConduitNSISIntegration);
user_pref(CT2269050.isCheckedStartAsHidden, true);
user_pref(CT2269050.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.isFirstTimeToolbarLoading, false);
user_pref(CT2269050.isNewTabEnabled, true);
user_pref(CT2269050.isPerformedSmartBarTransition, true);
user_pref(CT2269050.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT2269050.keyword, true);
user_pref(CT2269050.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=UN8739476238243727
user_pref(CT2269050.lastVersion, 10.20.0.130);
user_pref(CT2269050.mam_gk_appStateReportTime.enc, MTM3OTg3Njk2Nzk0MA==);
user_pref(CT2269050.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT2269050.mam_gk_appState_Easytobook.enc, b24=);
user_pref(CT2269050.mam_gk_appState_Easytobook_targeted.enc, b24=);
user_pref(CT2269050.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT2269050.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV
user_pref(CT2269050.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT2269050.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT2269050.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJlN2Y5MjBhNi1jYWVjLTRhYmMtYj
user_pref(CT2269050.mam_gk_currentBadgeValue.enc, MQ==);
user_pref(CT2269050.mam_gk_currentVersion.enc, MS4xMC40LjA=);
user_pref(CT2269050.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT2269050.mam_gk_first_time.enc, MQ==);
user_pref(CT2269050.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT2269050.mam_gk_lastLoginTime.enc, MTM3OTg3Njk2ODYzMw==);
user_pref(CT2269050.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT2269050.mam_gk_mamEnabled.enc, dHJ1ZQ==);
user_pref(CT2269050.mam_gk_newApps.enc, W10=);
user_pref(CT2269050.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT2269050.mam_gk_settings1.10.2.5.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT2269050.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT2269050.mam_gk_settings1.4.4.6.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref(CT2269050.mam_gk_settings1.6.0.1.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzAzXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref(CT2269050.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT2269050.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT2269050.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT2269050.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT2269050.mam_gk_userId.enc, MjIyOTdjMTYtYzE1YS00ZTAwLTk2ZTMtZDFlZTI1MjFkOWQz);
user_pref(CT2269050.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT2269050.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT2269050.migrateAppsAndComponents, true);
user_pref(CT2269050.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\\,\EB_MAIN_FRAME_TITLE\:\\,\EB_TOOLBAR_SUB_DOMAIN\:\hxxp://DVDVideoSoftT
user_pref(CT2269050.openThankYouPage, false);
user_pref(CT2269050.openUninstallPage, true);
user_pref(CT2269050.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN87394762382437270&UM=&q=);
user_pref(CT2269050.price-gong.bornDate, {\dataType\:\string\,\data\:\{\\\Response\\\:\\\11\\\\/12\\\\/2012 12\\\}\});
user_pref(CT2269050.price-gong.isManagedApp, true);
user_pref(CT2269050.search.searchAppId, 128834881989343895);
user_pref(CT2269050.search.searchCount, 2);
user_pref(CT2269050.searchInNewTabEnabledByUser, true);
user_pref(CT2269050.searchInNewTabEnabledInHidden, true);
user_pref(CT2269050.searchSuggestEnabledByUser, true);
user_pref(CT2269050.searchUserMode, false);
user_pref(CT2269050.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2269050.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT2269050.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT2269050\});
user_pref(CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\});
user_pref(CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\DVDVideoSoftTB \});
user_pref(CT2269050.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT2269050.serviceLayer_services_Configuration_lastUpdate, 1379817889990);
user_pref(CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1379817889448);
user_pref(CT2269050.serviceLayer_services_appTracking_lastUpdate, 1357514864257);
user_pref(CT2269050.serviceLayer_services_appsMetadata_lastUpdate, 1379879283489);
user_pref(CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1379879283918);
user_pref(CT2269050.serviceLayer_services_location_lastUpdate, 1372281640335);
user_pref(CT2269050.serviceLayer_services_login_10.10.12.5_lastUpdate, 1342979298457);
user_pref(CT2269050.serviceLayer_services_login_10.10.20.14_lastUpdate, 1345756329395);
user_pref(CT2269050.serviceLayer_services_login_10.10.27.6_lastUpdate, 1352704743272);
user_pref(CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate, 1358388676344);
user_pref(CT2269050.serviceLayer_services_login_10.14.40.128_lastUpdate, 1359339163813);
user_pref(CT2269050.serviceLayer_services_login_10.14.42.7_lastUpdate, 1360981601444);
user_pref(CT2269050.serviceLayer_services_login_10.14.65.43_lastUpdate, 1363912717790);
user_pref(CT2269050.serviceLayer_services_login_10.15.0.562_lastUpdate, 1365963351371);
user_pref(CT2269050.serviceLayer_services_login_10.15.2.523_lastUpdate, 1368107241921);
user_pref(CT2269050.serviceLayer_services_login_10.16.1.521_lastUpdate, 1369021295494);
user_pref(CT2269050.serviceLayer_services_login_10.16.2.509_lastUpdate, 1372281641110);
user_pref(CT2269050.serviceLayer_services_login_10.16.4.519_lastUpdate, 1374441617223);
user_pref(CT2269050.serviceLayer_services_login_10.16.70.505_lastUpdate, 1377400511352);
user_pref(CT2269050.serviceLayer_services_login_10.19.2.505_lastUpdate, 1379386552030);
user_pref(CT2269050.serviceLayer_services_login_10.20.0.130_lastUpdate, 1379879284305);
user_pref(CT2269050.serviceLayer_services_optimizer_lastUpdate, 1352704748691);
user_pref(CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1379879283840);
user_pref(CT2269050.serviceLayer_services_searchAPI_lastUpdate, 1379817889492);
user_pref(CT2269050.serviceLayer_services_serviceMap_lastUpdate, 1379817889386);
user_pref(CT2269050.serviceLayer_services_setupAPI_lastUpdate, 1363912716659);
user_pref(CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate, 1379879283973);
user_pref(CT2269050.serviceLayer_services_toolbarSettings_lastUpdate, 1379879284136);
user_pref(CT2269050.serviceLayer_services_translation_lastUpdate, 1379817889429);
user_pref(CT2269050.serviceLayer_services_userApps_lastUpdate, 1364841989278);
user_pref(CT2269050.settingsINI, true);
user_pref(CT2269050.shouldFirstTimeDialog, false);
user_pref(CT2269050.showToolbarPermission, false);
user_pref(CT2269050.smartbar.CTID, CT2269050);
user_pref(CT2269050.smartbar.Uninstall, 0);
user_pref(CT2269050.smartbar.homepage, true);
user_pref(CT2269050.smartbar.toolbarName, DVDVideoSoftTB );
user_pref(CT2269050.toolbarBornServerTime, 30-6-2012);
user_pref(CT2269050.toolbarCurrentServerTime, 22-9-2013);
user_pref(CT2269050.toolbarLoginClientTime, Thu Mar 21 2013 20:41:48 GMT-0700 (Pacific Daylight Time));
user_pref(CT2269050.upgradeFromClearSBVersion, true);
user_pref(CT2269050.url_history0001.enc, aHR0cDovL215LnNvdS5lZHUvcmVuZGVyLlVzZXJMYXlvdXRSb290Tm9kZS51UD91UF90cGFyYW09dXRmJnV0Zj0lMmZjcCUyZmlwJTJmbG9naW4lM2ZzeXMlM2RzY3Rzc2I
user_pref(CT2269050_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1379879822031,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(CT3287822.FF19Solved, true);
user_pref(CT3287822.UserID, UN12817729922783755);
user_pref(CT3287822.browser.search.defaultthis.engineName, true);
user_pref(CT3287822.fullUserID, UN12817729922783755.IN.20130722155459);
user_pref(CT3287822.installDate, 22/07/2013 15:54:58);
user_pref(CT3287822.installSessionId, {B1D1850A-B3BE-458D-BA52-8CF5A01848DE});
user_pref(CT3287822.installSp, TRUE);
user_pref(CT3287822.installerVersion, 1.5.4.4);
user_pref(CT3287822.keyword, true);
user_pref(CT3287822.originalHomepage, hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13);
user_pref(CT3287822.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN87394762382437270&UM=false&q=);
user_pref(CT3287822.originalSearchEngine, DVDVideoSoftTB Customized Web Search);
user_pref(CT3287822.originalSearchEngineName, DVDVideoSoftTB Customized Web Search);
user_pref(CT3287822.searchRevert, false);
user_pref(CT3287822.searchUserMode, 2);
user_pref(CT3287822.smartbar.homepage, true);
user_pref(CT3287822.versionFromInstaller, 10.16.4.19);
user_pref(CT3287822.xpeMode, 0);
user_pref(CT3289663.1000082.isPlayDisplay, true);
user_pref(CT3289663.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.
user_pref(CT3289663.1000234.TWC_TMP_city, YELM);
user_pref(CT3289663.1000234.TWC_TMP_country, US);
user_pref(CT3289663.1000234.TWC_country, UNITED STATES);
user_pref(CT3289663.1000234.TWC_locId, USWA0503);
user_pref(CT3289663.1000234.TWC_location, Yelm, WA);
user_pref(CT3289663.1000234.TWC_region, US);
user_pref(CT3289663.1000234.TWC_temp_dis, f);
user_pref(CT3289663.1000234.TWC_wind_dis, mph);
user_pref(CT3289663.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289663.FF19Solved, true);
user_pref(CT3289663.FirstTime, true);
user_pref(CT3289663.FirstTimeFF3, true);
user_pref(CT3289663.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN42437071162352182&UM=2&q=);
user_pref(CT3289663.UserID, UN42437071162352182);
user_pref(CT3289663.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3289663.autoDisableScopes, -1);
user_pref(CT3289663.browser.search.defaultthis.engineName, true);
user_pref(CT3289663.countryCode, US);
user_pref(CT3289663.defaultSearch, true);
user_pref(CT3289663.embeddedsData, [{\appId\:\130067724014616498\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3289663.enableAlerts, true);
user_pref(CT3289663.enableSearchFromAddressBar, true);
user_pref(CT3289663.firstTimeDialogOpened, true);
user_pref(CT3289663.fixPageNotFoundError, true);
user_pref(CT3289663.fixPageNotFoundErrorByUser, true);
user_pref(CT3289663.fixPageNotFoundErrorInHidden, true);
user_pref(CT3289663.fixUrls, true);
user_pref(CT3289663.fullUserID, UN42437071162352182.IN.20130820153726);
user_pref(CT3289663.installDate, 20/08/2013 15:37:25);
user_pref(CT3289663.installId, stub.exe);
user_pref(CT3289663.installSessionId, {FAB94A3E-49A2-4845-9626-A5D11766EF8B});
user_pref(CT3289663.installSp, TRUE);
user_pref(CT3289663.installType, conduitnsisintegration);
user_pref(CT3289663.installUsage, 2013-08-21T01:38:17.2698968+03:00);
user_pref(CT3289663.installUsageEarly, 2013-08-21T01:38:11.7164392+03:00);
user_pref(CT3289663.installerVersion, 1.6.0.22);
user_pref(CT3289663.isCheckedStartAsHidden, true);
user_pref(CT3289663.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289663.isFirstTimeToolbarLoading, false);
user_pref(CT3289663.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3289663.keyword, true);
user_pref(CT3289663.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=15&CUI=UN4243707116235218
user_pref(CT3289663.lastVersion, 10.20.0.131);
user_pref(CT3289663.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT3289663.migrateAppsAndComponents, true);
user_pref(CT3289663.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\\,\EB_MAIN_FRAME_TITLE\:\\,\EB_TOOLBAR_SUB_DOMAIN\:\hxxp://InternetHelpe
user_pref(CT3289663.openThankYouPage, false);
user_pref(CT3289663.openUninstallPage, true);
user_pref(CT3289663.originalHomepage, hxxp://search.conduit.com/?ctid=CT3287822&octid=CT3287822&SearchSource=61&CUI=UN12817729922783755&UM=2&UP=SP0B7F8040-E1D6-4F84-AE03-7A
user_pref(CT3289663.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN87394762382437270&UM=false&q=);
user_pref(CT3289663.originalSearchEngine, MixiDJ V8 Customized Web Search);
user_pref(CT3289663.originalSearchEngineName, DVDVideoSoftTB Customized Web Search);
user_pref(CT3289663.revertSettingsEnabled, false);
user_pref(CT3289663.search.searchAppId, 130067724014616498);
user_pref(CT3289663.search.searchCount, 0);
user_pref(CT3289663.searchFromAddressBarEnabledByUser, true);
user_pref(CT3289663.searchInNewTabEnabledByUser, true);
user_pref(CT3289663.searchInNewTabEnabledInHidden, true);
user_pref(CT3289663.searchRevert, false);
user_pref(CT3289663.searchSuggestEnabledByUser, true);
user_pref(CT3289663.searchUserMode, 2);
user_pref(CT3289663.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289663.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3289663.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3289663.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3289663\});
user_pref(CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://InternetHelper31.OurToolbar.com//xpi\});
user_pref(CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\InternetHelper3.1 \});
user_pref(CT3289663.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289663.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT3289663.serviceLayer_services_Configuration_lastUpdate, 1379800574533);
user_pref(CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1379201321130);
user_pref(CT3289663.serviceLayer_services_appsMetadata_lastUpdate, 1379879283484);
user_pref(CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1379879284052);
user_pref(CT3289663.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1377038292683);
user_pref(CT3289663.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1377038298859);
user_pref(CT3289663.serviceLayer_services_login_10.16.9.506_lastUpdate, 1377893266236);
user_pref(CT3289663.serviceLayer_services_login_10.16.9.6_lastUpdate, 1377400511180);
user_pref(CT3289663.serviceLayer_services_login_10.19.2.505_lastUpdate, 1379386551463);
user_pref(CT3289663.serviceLayer_services_login_10.20.0.131_lastUpdate, 1379879284231);
user_pref(CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1379879284014);
user_pref(CT3289663.serviceLayer_services_searchAPI_lastUpdate, 1379800574448);
user_pref(CT3289663.serviceLayer_services_serviceMap_lastUpdate, 1379800573710);
user_pref(CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate, 1379879284091);
user_pref(CT3289663.serviceLayer_services_toolbarSettings_lastUpdate, 1379879284433);
user_pref(CT3289663.serviceLayer_services_translation_lastUpdate, 1379800573776);
user_pref(CT3289663.settingsINI, true);
user_pref(CT3289663.shouldFirstTimeDialog, false);
user_pref(CT3289663.showToolbarPermission, false);
user_pref(CT3289663.smartbar.CTID, CT3289663);
user_pref(CT3289663.smartbar.Uninstall, 0);
user_pref(CT3289663.smartbar.homepage, true);
user_pref(CT3289663.smartbar.toolbarName, InternetHelper3.1 );
user_pref(CT3289663.startPage, true);
user_pref(CT3289663.toolbarBornServerTime, 21-8-2013);
user_pref(CT3289663.toolbarCurrentServerTime, 22-9-2013);
user_pref(CT3289663.toolbarLoginClientTime, Tue Aug 20 2013 15:38:18 GMT-0700 (Pacific Standard Time));
user_pref(CT3289663.versionFromInstaller, 10.16.9.6);
user_pref(CT3289663.xpeMode, 3);
user_pref(CT3289663_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1379879821271,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(Smartbar.ConduitHomepagesList, hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN42437071162352182&UM=2&UP=SP0B7F8040-E1D6-4F84-AE03
user_pref(Smartbar.ConduitSearchEngineList, InternetHelper3.1 Customized Web Search);
user_pref(Smartbar.ConduitSearchUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN42437071162352182&UM=2&q=);
user_pref(Smartbar.SearchFromAddressBarSavedUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN87394762382437270&UM=false&q=);
user_pref(Smartbar.keywordURLSelectedCTID, CT3289663);
user_pref(browser.search.defaultthis.engineName, InternetHelper3.1 Customized Web Search);
user_pref(extensions.mywebsearch.prevKwdEnabled, true);
user_pref(extensions.mywebsearch.prevKwdURL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN42437071162352182&UM=2&q=);
user_pref(extensions.toolbar.mindspark._1cMembers_.BUTTON_STRUCTURE, [{\b\:224545174,\c\:\mindspark.magnify\,\p\:\L.0\},{\b\:224545175,\c\:\mindspark.enterse
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.search.defaultenginename.prev, Amazon.com);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.search.defaultenginename.savedPrev, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.search.defaultenginename.tb, Ask Web Search);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.search.selectedEngine.prev, Trovi search);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.search.selectedEngine.savedPrev, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.search.selectedEngine.tb, Ask Web Search);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.startup.homepage.prev, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN42437071162352182&UM=2&Sear
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.startup.homepage.savedPrev, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.startup.homepage.tb, hxxp://home.tb.ask.com/index.jhtml?ptb=486188BB-1AEE-49A1-9370-5035E448E853&n=780cea98&p2=^Y
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.startup.page.savedPrev, 1);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.startup.page.tb, 1);
user_pref(extensions.toolbar.mindspark._1cMembers_.browser.version.last, 56.0);
user_pref(extensions.toolbar.mindspark._1cMembers_.competitorDNS, {\comment\:\refresh every 1 week (7*24*60*60*1000)\,\refreshPeriod\:604800000,\list\:[{\url\:\h
user_pref(extensions.toolbar.mindspark._1cMembers_.firstKnownVersion, 6.76.5.32679);
user_pref(extensions.toolbar.mindspark._1cMembers_.homepage, hxxp://home.tb.ask.com/index.jhtml?ptb=486188BB-1AEE-49A1-9370-5035E448E853&n=780cea98&p2=^YL^xdm303^S11532^us&
user_pref(extensions.toolbar.mindspark._1cMembers_.hp.enabled, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.hp.guardType, HPR);
user_pref(extensions.toolbar.mindspark._1cMembers_.hp.user.defined, false);
user_pref(extensions.toolbar.mindspark._1cMembers_.initialized, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.installKeysSource, Cookies);
user_pref(extensions.toolbar.mindspark._1cMembers_.installType, XPI);
user_pref(extensions.toolbar.mindspark._1cMembers_.installation.contextKey, );
user_pref(extensions.toolbar.mindspark._1cMembers_.installation.installDate, 2014112408);
user_pref(extensions.toolbar.mindspark._1cMembers_.installation.partnerId, ^YL^xdm303^S11532^us);
user_pref(extensions.toolbar.mindspark._1cMembers_.installation.partnerSubId, 113814);
user_pref(extensions.toolbar.mindspark._1cMembers_.installation.pixelUrl, hxxp://download.bringmesports.com/install_pixels.jhtml?partner=^YL^xdm303^S11532^us&coId=0836ea6af
user_pref(extensions.toolbar.mindspark._1cMembers_.installation.success, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.installation.toolbarId, 486188BB-1AEE-49A1-9370-5035E448E853);
user_pref(extensions.toolbar.mindspark._1cMembers_.isCompliantUninstallImplementation, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.lastActivePing, 1507611411836);
user_pref(extensions.toolbar.mindspark._1cMembers_.lastKnownVersion, 7.38.9.3003);
user_pref(extensions.toolbar.mindspark._1cMembers_.lssState, {\previousLocales\:[\en-US\,\en\],\supportedLocales\:[\de\,\es\,\pt\,\ja\,\en\],\defaultLoca
user_pref(extensions.toolbar.mindspark._1cMembers_.options.defaultSearch, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.options.homePageEnabled, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.options.keywordEnabled, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.options.tabEnabled, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.partnerPixelFired, true);
user_pref(extensions.toolbar.mindspark._1cMembers_.productDeliveryOption.language, en);
user_pref(extensions.toolbar.mindspark._1cMembers_.productDeliveryOption.type, Toolbar);
user_pref(extensions.toolbar.mindspark._1cMembers_.searchHistory, rainier school district||facebook login||SPSCC||how to dimension to intersection points in solidworks||how
user_pref(extensions.toolbar.mindspark._1cMembers_.successUrl, hxxp://download.bringmesports.com/installComplete.jhtml);
user_pref(extensions.toolbar.mindspark._1cMembers_.toolbar.versionChanged, false);
user_pref(extensions.toolbar.mindspark._1cMembers_.toolbarCollapsed, false);
user_pref(extensions.toolbar.mindspark._1cMembers_.uninstallTasks, {\prefBranchesToDelete\:[\extensions.toolbar.mindspark._1cMembers_.\],\filesToDelete\:[\C:\\\\User
user_pref(extensions.toolbar.mindspark._1cMembers_.weather.location, 98597);
user_pref(extensions.toolbar.mindspark.hp.enabled, true);
user_pref(extensions.toolbar.mindspark.hp.enabled.guid, [email protected]);
user_pref(extensions.toolbar.mindspark.lastInstalled, [email protected]);
user_pref(iminent.displayFavLinks, 1);
user_pref(iminent.version, 7.33.3.1);
user_pref(iminent.versioning, {\CurrentVersion\:\7.33.3.1\,\InstallEventCTime\:1377038508584,\InstallEvent\:\True\});
user_pref(smartBar.searchInNewTabOwner, CT2269050);
user_pref(smartbar.addressBarOwnerCTID, CT3289663);
user_pref(smartbar.conduitHomepageList, hxxp://search.conduit.com/?ctid=CT3287822&CUI=UN12817729922783755&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287822&oct
user_pref(smartbar.conduitSearchAddressUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT
user_pref(smartbar.defaultSearchOwnerCTID, CT3289663);
user_pref(smartbar.homePageOwnerCTID, CT3289663);
user_pref(smartbar.machineId, PB2LMJ3G6BL8SPOIW1HRNDARFSZCNAJBBENC41FSBIXHRQINDWA9ILLCSZTRYVODRI+VLAFDUZ5LQFOMD3SS4G);
user_pref(smartbar.originalHomepage, hxxp://search.conduit.com/?ctid=CT3287822&CUI=UN12817729922783755&UM=2&SearchSource=13);
user_pref(smartbar.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=);



Registry: 5

Successfully deleted: HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo (Registry Key)
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/10/2017 at  0:33:57.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#5
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

# AdwCleaner 7.0.3.1 - Logfile created on Tue Oct 10 07:39:52 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-04-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.Elex, C:\Windows\System32\SearchProtect
Adware.Elex, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect
Adware.Elex, C:\Windows\SysWOW64\SearchProtect
Adware.Elex, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
PUP.Optional.Legacy, C:\Users\Lisa\AppData\Roaming\dvdvideosoftiehelpers
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB
PUP.Optional.Conduit, C:\Users\Lisa\AppData\Local\Conduit
PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup
Rogue.ForcedExtension, C:\Users\Lisa\AppData\Local\apn


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.Elex, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER | ENABLESHELLEXECUTEHOOKS
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Tarma Installer
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {58124A0B-DC32-4180-9BFF-E0E21AE34026}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | DisableAddonLoadTimePerformanceNotifications
PUP.Optional.DefaultTab, [Key] - HKLM\SOFTWARE\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKU\.DEFAULT\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-18\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKCU\Software\AppDataLow\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKLM\SOFTWARE\Default Tab
PUP.Optional.DefaultTab, [Key] - HKU\.DEFAULT\Software\Default Tab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Default Tab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-18\Software\Default Tab
PUP.Optional.DefaultTab, [Key] - HKCU\Software\Default Tab
PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\AppDataLow\Software\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Software\ConduitSearchScopes
PUP.Optional.Conduit, [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
PUP.Optional.Iminent, [Key] - HKLM\SOFTWARE\Iminent
PUP.Optional.Iminent, [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Iminent
PUP.Optional.Iminent, [Key] - HKCU\Software\Iminent
PUP.Optional.Iminent, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {977AE9CC-AF83-45E8-9E03-E2798216E2D5}
PUP.Optional.PriceGong, [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Software\PriceGong
PUP.Optional.PriceGong, [Key] - HKCU\Software\AppDataLow\Software\PriceGong
PUP.Optional.WebBar, [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Toolbar
PUP.Optional.WebBar, [Key] - HKCU\Software\AppDataLow\Toolbar
PUP.Optional.DefaultTab.A, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
PUP.Optional.DefaultTab.A, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3289663


***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: BringMeSports - Mindspark
PUP.Optional.Legacy, SearchProvider found: search.tb.ask.com - Ask Web Search
PUP.Optional.Legacy, SearchProvider found: search.conduit.com - InternetHelper3.1 Customized Web Search


***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: InternetHelper3.1 -
PUP.Optional.Legacy, SearchProvider found: search.conduit.com - search.conduit.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.goog.../answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


  • 0

#6
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-10-2017
Ran by Lisa (administrator) on LISA-HP (10-10-2017 00:44:16)
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Malwarebytes) C:\Users\Lisa\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-01-07] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2013-11-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Lisa\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Google Update] => C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\kpm.exe [411912 2016-12-22] ()
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2014-09-26]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-10-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk [2014-11-17]
ShortcutTarget: SolidWorks Task Scheduler Engine.lnk -> C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swboengine.exe (Dassault Systèmes SolidWorks Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 66.243.243.101 216.227.100.60
Tcpip\..\Interfaces\{3579BB97-668C-4E2C-919B-79B016BD98C6}: [DhcpNameServer] 66.243.243.101 216.227.100.60
Tcpip\..\Interfaces\{9331FD8C-01C7-45CD-9FF8-E48EFF4EBF49}: [DhcpNameServer] 66.243.243.101 216.227.100.60

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-21] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-09-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\x64\ie_engine.dll [2016-12-22] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-21] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-09-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-09] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\ie_engine.dll [2016-12-22] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-21] (AO Kaspersky Lab)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 3y5n98fn.default
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default [2017-10-10]
FF NetworkProxy: Mozilla\Firefox\Profiles\3y5n98fn.default -> no_proxies_on", "*.local"
FF NetworkProxy: Mozilla\Firefox\Profiles\3y5n98fn.default -> type", 0
FF Extension: (__MSG_extName__) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\Extensions\[email protected] [2017-10-09]
FF Extension: (Stores your logins, passwords, notes and identities, protecting them with your master password.) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\Extensions\[email protected] [2017-10-09]
FF Extension: (BringMeSports) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\Extensions\[email protected] [2016-03-26]
FF Extension: (Adblock Plus) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3y5n98fn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll [2014-05-24] ()
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @3ds.com/3dxml -> C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll [2013-07-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-09-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2011-12-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @nsroblox.roblox.com/launcher -> C:\Users\Lisa\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Lisa\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Lisa\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2695595616-2533598671-2337104264-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lisa\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-11-08] (Octoshape ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2017-10-10]
CHR Extension: (iCloud Bookmarks) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-28]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2017-01-21]
CHR Extension: (InternetHelper3.1) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3289663&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (MixiDJ V8) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle [2015-08-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3287822&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mkaoblbjfmcalcjjaifickaoccjmhlal] - hxxps://chrome.google.com/webstore/detail/mkaoblbjfmcalcjjaifickaoccjmhlal
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lisa\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Lisa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lisa\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Lisa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3059440 2017-07-18] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2012-01-21] (Realsil Microelectronics Inc.) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-26] (SolidWorks) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195264 2017-07-27] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [314864 2017-04-13] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1038528 2017-07-27] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2017-01-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-27] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199640 2017-07-27] (AO Kaspersky Lab)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 00:37 - 2017-10-10 00:39 - 000000000 ____D C:\AdwCleaner
2017-10-10 00:33 - 2017-10-10 00:33 - 000060886 _____ C:\Users\Lisa\Desktop\JRT.txt
2017-10-09 23:42 - 2017-10-09 23:48 - 000014089 _____ C:\Users\Lisa\Desktop\Fixlog.txt
2017-10-09 23:38 - 2017-10-09 23:38 - 001790024 _____ (Malwarebytes) C:\Users\Lisa\Desktop\JRT.exe
2017-10-09 23:15 - 2017-10-09 23:28 - 000000000 ____D C:\Users\Lisa\Downloads\old downloads
2017-10-09 23:14 - 2017-10-09 23:14 - 008250832 _____ (Malwarebytes) C:\Users\Lisa\Desktop\AdwCleaner.exe
2017-10-09 22:18 - 2017-10-09 22:18 - 000001296 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2017-10-09 22:18 - 2017-10-09 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2017-10-07 22:28 - 2017-10-10 00:46 - 000027764 _____ C:\Users\Lisa\Desktop\FRST.txt
2017-10-07 22:23 - 2017-10-10 00:44 - 000000000 ____D C:\FRST
2017-10-07 22:15 - 2017-10-09 23:20 - 002401792 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2017-10-07 20:41 - 2017-10-07 20:41 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-24 10:39 - 2014-08-28 19:07 - 003179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-09-24 10:39 - 2014-05-08 02:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-09-24 10:30 - 2017-09-24 10:30 - 000000000 __RHD C:\MSOCache
2017-09-11 00:22 - 2017-09-11 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 00:28 - 2012-06-29 23:47 - 000000000 ____D C:\Users\Lisa\AppData\Local\Conduit
2017-10-10 00:27 - 2012-01-02 17:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-10-10 00:17 - 2015-11-28 15:09 - 000000000 ____D C:\Users\Lisa\AppData\Local\CE0D3DD1-1F55-4FBC-A664-EBB972B4AE46.aplzod
2017-10-10 00:10 - 2015-11-14 14:58 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-10-10 00:08 - 2009-07-13 21:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-10 00:08 - 2009-07-13 21:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-10 00:01 - 2011-12-24 03:14 - 000000000 ___HD C:\Users\Lisa\AppData\Local\CrashDumps
2017-10-09 23:59 - 2015-11-28 15:10 - 000000000 ___RD C:\Users\Lisa\iCloudDrive
2017-10-09 23:58 - 2015-06-17 21:39 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000UA.job
2017-10-09 23:57 - 2011-12-22 07:10 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{971FD70A-39A2-46E4-9EA4-C78CA8206A9D}
2017-10-09 23:53 - 2013-08-20 15:39 - 000000008 __RSH C:\Users\Lisa\ntuser.pol
2017-10-09 23:53 - 2011-12-22 07:05 - 000000000 ___HD C:\Users\Lisa
2017-10-09 23:51 - 2017-01-21 17:35 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-10-09 23:51 - 2012-07-10 10:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-09 23:51 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-09 23:47 - 2012-06-29 23:47 - 000000000 ____D C:\Users\Lisa\AppData\LocalLow\Temp
2017-10-09 23:43 - 2009-07-13 20:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-10-09 23:43 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-10-09 23:06 - 2015-06-17 21:39 - 000000000 ____D C:\Users\Lisa\AppData\Local\Dropbox
2017-10-09 22:50 - 2014-09-29 10:42 - 000000000 ___RD C:\Users\Lisa\Dropbox
2017-10-09 22:17 - 2017-01-21 18:07 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-10-09 22:03 - 2016-07-04 01:28 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-09 21:55 - 2017-04-01 13:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-09 21:54 - 2014-06-18 23:47 - 000000000 ____D C:\Users\Lisa\AppData\Local\Akamai
2017-10-07 22:08 - 2013-08-16 13:59 - 000000000 ____D C:\Windows\system32\MRT
2017-10-07 21:44 - 2012-01-23 23:00 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-07 20:42 - 2015-06-17 21:39 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000Core.job
2017-10-07 20:42 - 2014-09-29 10:40 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2017-10-03 02:49 - 2017-09-09 19:25 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2017-09-24 10:30 - 2017-09-09 15:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-22 04:45 - 2017-09-09 15:32 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-09-22 04:36 - 2012-06-15 16:37 - 000779260 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-22 04:36 - 2009-07-13 22:13 - 000779260 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-22 04:36 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-09-18 07:30 - 2012-06-01 13:37 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-18 07:30 - 2012-06-01 13:17 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-18 07:30 - 2012-06-01 13:17 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-18 07:30 - 2012-02-18 18:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-18 07:30 - 2011-06-21 12:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-11 00:34 - 2009-07-13 21:45 - 000544176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-11 00:16 - 2011-12-23 23:10 - 000000000 ____D C:\ProgramData\PopCap Games
2017-09-11 00:16 - 2009-07-13 22:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-10 22:53 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\PolicyDefinitions

==================== Files in the root of some directories =======

2014-11-06 00:55 - 2015-05-13 12:50 - 000000000 _____ () C:\Users\Lisa\AppData\Local\Temptable.xml
2014-06-19 00:27 - 2014-06-19 00:27 - 000000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-25 18:57

==================== End of FRST.txt ============================


  • 0

#7
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017
Ran by Lisa (10-10-2017 00:46:52)
Running from C:\Users\Lisa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-22 14:05:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2695595616-2533598671-2337104264-500 - Administrator - Disabled)
Guest (S-1-5-21-2695595616-2533598671-2337104264-501 - Limited - Disabled)
Lisa (S-1-5-21-2695595616-2533598671-2337104264-1000 - Administrator - Enabled) => C:\Users\Lisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D XML Player (HKLM\...\{383D9F1B-A4F6-4C6C-A925-05A2636A0176}) (Version: 16.7.14143 - Dassault Systemes)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0000-0102-0060B0CE6BBA}) (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0409-2102-0060B0CE6BBA}) (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (HKLM\...\{5783F2D7-D001-0409-1102-0060B0CE6BBA}) (Version: 19.1.42.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.42.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Bejeweled 2 Deluxe (HKLM-x32\...\WT089453) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WT089498) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT089454) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FATE - The Traitor Soul (HKLM-x32\...\WT089470) (Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.11.25.627 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.25.627 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
InternetHelper3.1 Toolbar (HKLM-x32\...\InternetHelper3.1 Toolbar) (Version: 6.15.0.27 - InternetHelper3.1)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Mah Jong Medley (HKLM-x32\...\WT087393) (Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4963.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WT089496) (Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089484) (Version: 2.2.0.95 - WildTangent) Hidden
Octoshape Streaming Services (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089458) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
ROBLOX Player for Lisa (HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Slingo Supreme (HKLM-x32\...\WT089457) (Version: 2.2.0.95 - WildTangent) Hidden
SolidWorks 2014 x64 Edition SP02 (HKLM\...\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}) (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks 2014 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20140-40200-1100-100) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks Composer Player 2014 SP02 x64 Edition (HKLM\...\{BE804C73-0FE8-4FB4-87D9-E2B685EE0A7C}) (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP02 (HKLM\...\{1D6EE468-49CC-4BF5-9A7A-4C8175EFA47A}) (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\WT089455) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\...\ChromeHTML: -> C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-07-21] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2013-07-21] (Autodesk)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-26] (AO Kaspersky Lab)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-11-17] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-07-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-07-02] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-26] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-26] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-04-15] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-26] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-07-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-07-02] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2695595616-2533598671-2337104264-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2695595616-2533598671-2337104264-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2695595616-2533598671-2337104264-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A9E90D5-654D-4514-9D69-D5D21BBED3B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-18] (Adobe Systems Incorporated)
Task: {1B3B6AEC-FBBB-4140-ABAA-58408FFE0D2C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {1DF547F8-7032-40C4-BCD5-3282F98774CD} - System32\Tasks\{A761EFA7-65D5-4531-8EBD-51312C4FC3CB} => C:\Windows\system32\pcalua.exe -a C:\Users\Lisa\Downloads\aleks317.exe -d C:\Users\Lisa\Downloads
Task: {382767BC-F7AC-4030-893A-78825527014B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000Core => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {390B3BFF-8F4F-417C-9F13-F2CDE66AE8FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000UA => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {3FB31C2C-B582-4B73-93B8-EC3AC8845742} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000Core => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4945146F-FA6E-425A-8020-BAA635AC8233} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-09-09] (Microsoft Corporation)
Task: {4A3091FE-5EAB-4C07-9450-DDFE0BD23518} - System32\Tasks\{3FA135F2-F75F-42A0-A484-2AADB1CEA3D6} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.1.0.104.324/en/go/help.faq.installer?LastError=1618
Task: {54A2928D-46D7-4822-90E8-FA9E152414E3} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {617E486F-87CD-46BA-8478-3273B0BC55A9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {730D8581-0BA9-49D5-9AD0-BCE47195B031} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-11-27] (Microsoft)
Task: {7D922C55-FC90-41D2-B7FC-007BDF5FBECF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {7F5EF3E2-106C-459B-92FC-2D4BEC81B4D0} - System32\Tasks\{F2B5D350-8502-43B7-B9ED-ECDEE29ECFB3} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.1.0.104.324/en/go/help.faq.installer?LastError=1618
Task: {838ABC31-D085-482F-AC5F-F9C577901D2A} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {9B0D0946-2C15-43DD-BB75-0644D96D8C4C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2695595616-2533598671-2337104264-1000
Task: {A214DDCE-FA1B-4B2E-B02B-C8B7781C32A6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {BEE42482-F234-4071-BB78-AC70B703838A} - System32\Tasks\Google Updater and Installer => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C29CFF23-8E83-4332-9F1E-A5C7A415F02D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C3E6E486-DC7D-4180-8CC8-E34C9B517EA1} - System32\Tasks\{E5230A81-D5C1-48D4-8E1C-66E229B7CD69} => C:\Windows\system32\pcalua.exe -a C:\Users\Lisa\Downloads\SolidWorksSetup.exe -d C:\Users\Lisa\Downloads
Task: {D1EA2DA3-D876-4FBB-A875-F37C677944A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-09-09] (Microsoft Corporation)
Task: {D2D619C6-3DA2-4E53-905F-60A9A3C28C2C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {DEC8B9CF-AC1C-44A2-A0DE-2150C6470BD9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {FA8DA707-092E-4EFF-8E36-38E22452F7CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000UA => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000Core.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2695595616-2533598671-2337104264-1000UA.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-09 15:42 - 2017-09-09 15:42 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-09-09 15:32 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-28 01:19 - 2016-06-28 01:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2016-11-17 02:29 - 2016-11-17 02:29 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-17 02:29 - 2016-11-17 02:29 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-09-09 16:23 - 2017-09-09 16:25 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-09-22 12:46 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-10-02 20:13 - 2017-10-02 20:13 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6e1c3d90ac78d88bc08feaa6e8165e2c\IsdiInterop.ni.dll
2011-10-24 12:24 - 2011-05-20 11:05 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 02:19 - 2010-06-24 02:19 - 000514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [124]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 66.243.243.101 - 216.227.100.60
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

09-09-2017 18:45:18 Windows Update
11-09-2017 00:31:13 Windows Update
24-09-2017 10:38:45 Windows Update
02-10-2017 19:00:40 Windows Update
09-10-2017 22:00:43 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
09-10-2017 23:42:18 Restore Point Created by FRST
10-10-2017 00:26:12 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2017 12:16:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 152008

Error: (10/10/2017 12:16:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 152008

Error: (10/10/2017 12:16:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/10/2017 12:16:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 150978

Error: (10/10/2017 12:16:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 150978

Error: (10/10/2017 12:16:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/10/2017 12:16:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 149980

Error: (10/10/2017 12:16:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 149980

Error: (10/10/2017 12:16:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/10/2017 12:16:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 148966


System errors:
=============
Error: (10/10/2017 12:39:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/10/2017 12:39:51 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/09/2017 11:53:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/09/2017 11:50:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (10/09/2017 11:50:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (10/09/2017 11:49:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (10/09/2017 11:44:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (10/09/2017 11:44:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/09/2017 11:44:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/09/2017 11:44:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 1.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2014-10-14 11:04:32.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 11:04:32.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 10:35:19.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 10:35:19.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 10:35:19.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-14 10:35:19.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 56%
Total physical RAM: 4043.86 MB
Available physical RAM: 1760.32 MB
Total Virtual: 8085.9 MB
Available Virtual: 5240.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.85 GB) (Free:473.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.03 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7ADEB7CE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts
Hello :)

The logs look good, still some things to clean up, though. You ran AdwCleaner with the Scan option, but didn't clean what it found. Please follow the instructions below to clean what it finds. :thumbsup:

How is the machine running?

Step 1: AdwCleaner
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Option and put a check mark on everything;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
  • Copy and Paste the contents of this log in your reply.
Things I need to see in your next post:

Please post this log as a separate reply in this thread.

AdwCleaner Log

  • 0

#9
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Good morning,

 

 

 

# AdwCleaner 7.0.3.1 - Logfile created on Tue Oct 10 16:08:03 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\SearchProtect
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect
Deleted: C:\Windows\SysWOW64\SearchProtect
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab
Deleted: C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Deleted: C:\Users\Lisa\AppData\Roaming\dvdvideosoftiehelpers
Deleted: C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB
Deleted: C:\Users\Lisa\AppData\Local\Conduit
Deleted: C:\Program Files (x86)\MyPC Backup
Deleted: C:\Users\Lisa\AppData\Local\apn


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS
Deleted: [Key] - HKLM\SOFTWARE\Tarma Installer
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications
Deleted: [Key] - HKLM\SOFTWARE\DefaultTab
Deleted: [Key] - HKU\.DEFAULT\Software\DefaultTab
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
Deleted: [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Software\DefaultTab
Deleted: [Key] - HKU\S-1-5-18\Software\DefaultTab
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\DefaultTab
Deleted: [Key] - HKCU\Software\AppDataLow\Software\DefaultTab
Deleted: [Key] - HKLM\SOFTWARE\Default Tab
Deleted: [Key] - HKU\.DEFAULT\Software\Default Tab
Deleted: [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Default Tab
Deleted: [Key] - HKU\S-1-5-18\Software\Default Tab
Deleted: [Key] - HKCU\Software\Default Tab
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKLM\SOFTWARE\Iminent
Deleted: [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\Iminent
Deleted: [Key] - HKCU\Software\Iminent
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Deleted: [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKCU\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\Software\AppDataLow\Toolbar
Deleted: [Key] - HKCU\Software\AppDataLow\Toolbar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3289663


***** [ Firefox (and derivatives) ] *****

Plugin deleted: BringMeSports - Mindspark
SearchProvider deleted: search.tb.ask.com - Ask Web Search
SearchProvider deleted: search.conduit.com - InternetHelper3.1 Customized Web Search


***** [ Chromium (and derivatives) ] *****

Plugin deleted: InternetHelper3.1 -
SearchProvider deleted: search.conduit.com - search.conduit.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Image File Execution Options%s keys deleted
::Prefetch files deleted
::Proxy settings cleared
::TCP/IP settings cleared
::Firewall rules cleared
::IPSec settings cleared
::BITS queue cleared
::IE policies deleted
::Chrome policies deleted
::Hosts file cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [14123 B] - [2017/10/10 7:39:53]
C:/AdwCleaner/AdwCleaner[S1].txt - [14192 B] - [2017/10/10 16:3:49]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


  • 0

#10
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Performance,

 

After last post I shut the laptop down. From turning on the power button to getting to this internet cite to start typing this took 8mins 17 sec. Then i tried to open Microsoft outlook and it took 3min 37 sec to open. Doesnt seem any better to me.


  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts
Hello :)
 

After last post I shut the laptop down. From turning on the power button to getting to this internet cite to start typing this took 8mins 17 sec. Then i tried to open Microsoft outlook and it took 3min 37 sec to open. Doesnt seem any better to me.


Thank you for the update. There are a few more things we need to remove that I see in the current FRST log. We'll also take a deeper look as well. :thumbsup:


Step 1: Chrome Extension Removal
  • There are a couple extensions in Chrome that need to be removed, please follow the instructions below to remove them.
  • Start Chrome and type this into the address bar: chrome:extensions
  • This will display a page of all the installed extensions. Please remove the extensions listed below by clicking the trash can icon.
  • If one of the extensions I've asked you to remove is not listed, don't worry about it. Just move on to the next one in the list. :)
InternetHelper3.1
(MixiDJ V8



Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lisa\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Lisa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lisa\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Lisa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
C:\Users\Lisa\AppData\Local\Conduit
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [124]
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Scan with MBAR

Please download Malwarebytes Anti-Rootkit to your Desktop.

Please note: When you click the link, it will open a page with this: We're sorry, the preview didn't load. This file type may not be supported.

Please click the black Download button to download the file.

Please do not touch the mouse while MBAR is running.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup".
  • Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Both Mbar Logs

  • 0

#12
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Good morning, I could not find the file extensions mentioned. Only an icloud extension. i did delete it anyway.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Lisa (11-10-2017 12:04:35) Run:2
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lisa\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Lisa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lisa\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Lisa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
C:\Users\Lisa\AppData\Local\Conduit
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [124]
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle => key removed successfully
"C:\Users\Lisa\AppData\Local\Conduit" => not found.
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-2695595616-2533598671-2337104264-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 12:05:27 ====


  • 0

#13
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Malwarebytes Anti-Rootkit BETA 1.10.1.1002
www.malwarebytes.org

Database version:
  main:    v2017.10.11.05
  rootkit: v2017.09.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18816
Lisa :: LISA-HP [administrator]

10/11/2017 12:33:46 PM
mbar-log-2017-10-11 (12-33-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 297531
Time elapsed: 41 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


  • 0

#14
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.1.1002

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18816

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4240293888, free: 1583042560

Downloaded database version: v2017.10.11.05
Downloaded database version: v2017.09.13.01
=======================================
Initializing...
Driver version: 4.2.0.132
------------ Kernel report ------------
     10/11/2017 12:33:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\cm_km.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\klbackupdisk.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\klhk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klbackupflt.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\klpd.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\klwtp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kltap.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\WirelessKeyboardFilter.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\kldisk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\464483F7.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.10.11.05
  rootkit: v2017.09.13.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007382060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004fd18b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007382060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004fd2b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004ec0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7ADEB7CE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 1220225024
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1220634624  Numsec = 29415424
    Partition is bootable
    Partition file system is NTFS

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1250050048  Numsec = 211632
    Partition is not bootable
    Partition file system is FAT32

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1220634624-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-1250050048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


  • 0

#15
Goodwrench1

Goodwrench1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Good afternoon,

       Microsoft products are now opening as quickly as I think they should. Boot up takes a little bit but seems OK as well.

Mike


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP