Page 1 of 6 123 ... LastLast
Results 1 to 10 of 57
  1. #1
    Member
    Join Date
    Feb 2016
    Posts
    31
    Points
    0

    Default FRST.text Addition.TXT

    Hello Donna B.

    Thanks for your help. I had no idea how to reply to your thread so I created this new thread. Here is the info you requested.:


    Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
    Ran by ashley (2016-02-17 09:05:06)
    Running from C:\Users\ashley\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2012-05-02 01:57:17)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3449584003-1648427073-2611241826-500 - Administrator - Enabled) => C:\Users\Administrator.ashley-HP
    ashley (S-1-5-21-3449584003-1648427073-2611241826-1001 - Administrator - Enabled) => C:\Users\ashley
    Guest (S-1-5-21-3449584003-1648427073-2611241826-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3449584003-1648427073-2611241826-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
    Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
    AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
    AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
    Assist by AOL PC Scan (HKLM-x32\...\Assist by AOL PC Scan) (Version: 1.0.0.9 - Sutherland Global Services Inc)
    Assist by AOL PC Scan (x32 Version: 1.0.0.9 - Sutherland Global Services Inc) Hidden
    AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
    Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
    Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Graboid Video (HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Graboid Video 5.1.1.0) (Version: 5.1.1.0 - Graboid Inc.)
    Graboid Video (x32 Version: 5.1.1.0 - Graboid Inc.) Hidden
    herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
    HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
    HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
    HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{00A42832-B21A-4296-B5F4-D296D0BC4A3E}) (Version: 2.6.3 - Hewlett-Packard Company)
    HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
    HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
    HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
    Mozilla Firefox 44.0.2 (x86 en-US) (HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
    Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.1.0 - Reason Software Company Inc.)
    Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Should I Remove It (HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
    Slim Toolbar 1.2 (HKLM-x32\...\Slim Toolbar) (Version: 1.2 - Anvisoft)
    SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
    Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3449584003-1648427073-2611241826-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ashley\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {067B40A1-170D-4DC7-A23C-DFF62B7DCE6F} - System32\Tasks\Norton Security Scan for ashley => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
    Task: {09399129-4D47-48A4-9426-C32B014F8C23} - System32\Tasks\HP AR Program Upload - d2b72624ef784010baa62cac638e5d395aea548b99f2464194341e83d780e177 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {0C2C62B7-F950-485E-8310-51049DD5CCA0} - System32\Tasks\{516377C7-8A97-483E-A3BF-33814FD9B824} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{54A4839E-87F8-4BD1-9682-A349E9943F0A}\setup.exe" -c -runfromtemp -l0x0409
    Task: {13D843D1-E5AE-4972-9F17-2A304C28797B} - System32\Tasks\{7406BC58-9919-4C77-95E0-1A1838430674} => pcalua.exe -a "C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe"
    Task: {15F0195C-FE30-4708-BF0A-AC1ACDD5238E} - System32\Tasks\HP AR Program Upload - ab7aa47953df47d984b611ef58e0a96695ba2c9c008e45f7b86ec6c4ce489471 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {1DC7DD6B-295E-4651-B7DE-B54D2A469EF2} - System32\Tasks\{48624A9D-65D6-4FD1-9277-3DD33F706D65} => pcalua.exe -a "C:\Users\ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1018N18C\mozilla firefox setup[1].exe" -d "C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser"
    Task: {205504B1-533E-472E-A9B1-B9A44BB92688} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {3A9E74E1-0DAD-4FFF-9ED8-6090879C18F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
    Task: {3B15DCD9-89DE-4434-BAC0-11850C84CBBB} - System32\Tasks\HP AR Program Upload - d61ed48614b84901ab5f58225399fa47428cc282ed134b36a6575df29d1dbeea => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {48A34A70-D881-46F1-A5BE-3E0D51645B1E} - System32\Tasks\{5EF97422-F089-4112-93D0-89522879617F} => pcalua.exe -a "C:\Users\ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEIX7812\sp56036.exe" -d C:\Users\ashley\Desktop
    Task: {4E702DDB-9E8C-4D5B-A566-49C3ACF46CA8} - System32\Tasks\HP AR Program Upload - 2add8902c6894c3584cc61c68436ceb34d522e8ad9b440f1b82b5be9d756fca4 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {4F746B11-958C-414F-8B88-C3DC3CD1F1C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: {5E051720-802F-4744-B634-784F3CE2DC8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-15] (Google Inc.)
    Task: {66C9D69D-DA5A-49EC-9205-2E610ABCFBFE} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
    Task: {6EF40E80-850D-4B74-93C6-C23F1B81263C} - System32\Tasks\{F3F18761-C89B-4040-96B7-96D1B927022A} => C:\Users\ashley\Downloads\SkypeSetup(1).exe
    Task: {716E093A-E7F9-4D05-B709-DE9F1A0B3553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
    Task: {7A46B6E0-05F1-44B3-A993-B7DEE43EE601} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {7E9970AD-E7EC-4EF5-9F4B-1F4EBE7EB8C4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
    Task: {8A9017D9-F583-4C77-9249-8C973C972F7E} - System32\Tasks\{D163A590-2CA2-4D2B-9EE4-566BA3170E4A} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3E31400D-274E-4647-916C-2CACC3741799}\ENPSETUP.exe" -c -runfromtemp -l0x0009 -EPSON -removeonly
    Task: {8CC2314C-A153-4130-9946-6C66EF87D60A} - System32\Tasks\HP AR Program Upload - ef75cd324f7d464ab91abd083f731ed43de575df22174ac5843235293aeae7c5 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {8E6BD407-618B-4AF2-B480-9B28AE798D4B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
    Task: {9886519A-6211-4BA9-9E6E-470C230C58A9} - System32\Tasks\{D55CA0DC-C772-4B8D-BFB0-EB93E708F377} => pcalua.exe -a C:\Users\ashley\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {A657B5DA-0C85-4A78-A166-FA35BAFEABDC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {ADD7A701-1E2F-4453-81E8-B2D135898C47} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-12-24] (Reason Software Company Inc.)
    Task: {AF5496BA-3CE1-4782-97B8-1C4D92EABCF4} - System32\Tasks\{5A309C07-BB72-4D38-BD06-02CFE8E63059} => pcalua.exe -a C:\Users\ashley\Downloads\QuickTimeInstaller.exe -d C:\Users\ashley\Downloads
    Task: {B4703298-A299-44CC-B0F3-5742DCEC5D70} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-12-24] (Reason Software Company Inc.)
    Task: {B586E331-AA63-46CE-8740-39D42F6F6870} - System32\Tasks\HPCeeScheduleForashley => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {C9FE6ABF-75D7-44E7-B3F6-8897912A452A} - System32\Tasks\ScanToPCActivationApp.exe_{5FA7BDD4-CAE2-44C9-8F53-D641BD0A02F5} => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {CB6C268F-FD9B-4A98-8D4C-3A4D6D4FC7CD} - System32\Tasks\{0FE20DD7-85C0-41CD-9CF5-B6F9E397A1A8} => C:\Users\ashley\Downloads\SkypeSetup(1).exe
    Task: {D29682EA-C02D-4497-89F7-FA7CA05B8501} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {D95486B4-EB7F-493E-8E34-7FDE09F56764} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {DA1C6520-0F8F-4EAF-8700-B6DEDB36227E} - System32\Tasks\HP AR Program Upload - 7d882eee31d246b6bec8cc4c0753dff1d5d4963344df451785de7d73e9986fc2 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {DD01D139-FF49-4ABA-938F-40881EC6B490} - System32\Tasks\HP AR Program Upload - 601bd7f111c94aa0bd869505c44762310544dbb44ea64d6eadfe2c8c9597d772 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {E64868F2-7B5C-4528-AE02-39156A1892D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-15] (Google Inc.)
    Task: {E7810A84-8CA9-4537-ACE4-74DDF56ED6E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {F5ECC418-108B-4626-8581-D91DAC4FBAE0} - System32\Tasks\{6B781316-F39C-4776-BF8C-52E127C58651} => pcalua.exe -a C:\Users\ashley\Downloads\S-VNX2__-020501WF-NSAEN-64BIT_.exe -d C:\Users\ashley\Downloads

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForashley.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\Norton Security Scan for ashley.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-09 20:30 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
    2011-09-30 10:40 - 2011-09-30 10:40 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    2011-06-09 18:17 - 2011-06-09 18:17 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
    2015-03-18 11:49 - 2015-03-18 11:49 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\zlib.dll
    2015-03-18 11:49 - 2015-03-18 11:49 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libcef.dll
    2015-03-18 11:49 - 2015-03-18 11:49 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libglesv2.dll
    2015-03-18 11:49 - 2015-03-18 11:49 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libegl.dll
    2015-03-18 11:49 - 2015-03-18 11:49 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\Components\Tier2Svc.dll
    2015-03-18 11:49 - 2015-03-18 11:49 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\Components\DataSvcs.dll
    2014-04-20 12:50 - 2014-08-05 09:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
    2014-04-20 12:50 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
    2015-03-18 09:10 - 2015-03-18 09:10 - 39899136 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\libcef.dll
    2015-03-18 09:10 - 2015-03-18 09:10 - 01379328 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\libglesv2.dll
    2015-03-18 09:10 - 2015-03-18 09:10 - 00176128 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\libegl.dll
    2015-03-18 09:10 - 2015-03-18 09:10 - 08927744 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\pdf.dll
    2015-03-18 09:10 - 2015-03-18 09:10 - 00968704 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\ffmpegsumo.dll
    2016-02-10 11:22 - 2016-02-10 11:22 - 17891008 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\ashley\Desktop\Ashley close.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\ashley\Desktop\Ashley Johnson_jpgs_4-20-15:com.dropbox.attributes
    AlternateDataStreams: C:\Users\ashley\Desktop\Ashley_4-20-15_212.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\ashley\Desktop\Ashley_resized.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\ashley\Desktop\blue attitude1.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\ashley\Desktop\blue attitude2.jpg:com.dropbox.attributes

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ashley\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 209.18.47.62 - 209.18.47.61
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{CA5F1410-AA67-4761-8CDD-362E3219030B}C:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicator.exe
    FirewallRules: [UDP Query User{D61C647B-0B0C-4FF6-840F-7DC89BF3E32B}C:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicator.exe
    FirewallRules: [TCP Query User{7AF93BA8-6E7B-4DE1-B8C0-B6770C86D856}C:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicatorcom.exe
    FirewallRules: [UDP Query User{832F4C55-AEF7-4060-9121-AD1E255AA544}C:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicatorcom.exe
    FirewallRules: [{8D692468-6638-4489-8C77-312E673911A3}] => (Allow) C:\Users\ashley\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [{EDE1A8A6-2AED-4A57-A35B-D1A73041D23E}] => (Allow) C:\Users\ashley\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{E45A3D45-2CB8-4A9B-BA24-F552D9E43028}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
    FirewallRules: [UDP Query User{A8ED79A6-3998-4080-9A7C-73F5A8A12EFE}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
    FirewallRules: [{B48BAEC1-E8FB-4DF6-992F-2E0F66BD18DA}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
    FirewallRules: [{8C50506A-A2EE-41AC-942E-5E045984B555}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
    FirewallRules: [{9BF30A42-35F8-42B2-9ABF-248BDE543DF4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    FirewallRules: [{C9976CFF-7096-4E22-A81C-BB7E816916A4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    FirewallRules: [{563EC700-614B-4676-9CB3-7FBD3EA7389A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{0A3A59BA-CF8F-400B-8A59-7E7D79C86DF4}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{15591775-7536-4B9B-8B12-35E977156BE0}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{9468A94D-3666-4D20-A982-E08D0811CB7D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{C4994939-D256-46DE-91C3-65A6F0E72A85}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{FE44765D-F1A4-4201-8DC9-0EAED00CFA80}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{3C813CEA-8891-425E-8E5C-E0892E92023C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{553C42D5-811D-454F-873D-D7B0D25FB32C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{7CA9CAE8-89D1-4F78-9527-558D0F75E69B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    FirewallRules: [{B83D35E9-1317-480B-A02E-445B78CE532D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    FirewallRules: [{3241A8F2-262F-469A-8903-49C965055515}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
    FirewallRules: [{F5564783-322D-4F01-B7BD-2FC963C40A4F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
    FirewallRules: [{B46785A2-F4D9-42AF-8B75-36C6CE1C1596}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
    FirewallRules: [{14A67FA2-06E6-4702-8090-3EBA6C8066AB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
    FirewallRules: [{A51006E5-5722-4785-AB58-B40CF2546702}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7d\waol.exe
    FirewallRules: [{87F794F4-641D-4795-A1C4-E5CCDA0A17EA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7d\waol.exe
    FirewallRules: [{7637B39C-7609-441E-82CB-BE95B8E8DD5B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1423083341\ee\aolsoftware.exe
    FirewallRules: [{C94B29DC-50A1-41C3-9E15-F9DBD07D5334}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1423083341\ee\aolsoftware.exe
    FirewallRules: [{11AA2899-B57F-40E3-8A4A-428E7524AB40}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7e\waol.exe
    FirewallRules: [{4AEEA3EA-3921-433F-9FBE-B090C0001183}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7e\waol.exe
    FirewallRules: [{EB5F82DE-6D4A-4B34-B3BD-6EB7BEEEEA94}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7f\waol.exe
    FirewallRules: [{1D516037-88F1-4082-ADF0-D6BFEB37620A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7f\waol.exe
    FirewallRules: [TCP Query User{E7D33A46-5626-4211-B1A5-6A4E68D3DB61}C:\users\ashley\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ashley\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{7426A77C-617E-4AE9-88F9-F1F57133AC54}C:\users\ashley\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ashley\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{8002B098-E19E-497C-B715-13E0F6A9DECA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7g\waol.exe
    FirewallRules: [{4B22DB57-F02B-4F31-AFD7-B077233552BA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7g\waol.exe
    FirewallRules: [{1445159A-2AFD-4F87-B1E1-659F32E8CE8C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7h\waol.exe
    FirewallRules: [{3E894D2A-C405-4F9F-83B3-AE12F60734E2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7h\waol.exe
    FirewallRules: [TCP Query User{EE72DC9E-C611-4AB3-AA9B-2F7B4CCA1490}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{FA77FC4B-EEF4-4ADF-AA13-71465198900E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{476F2A2E-0066-407F-866D-43614B792807}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7i\waol.exe
    FirewallRules: [{AA24D081-1E49-4768-A243-594FF053F62C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7i\waol.exe
    FirewallRules: [{E2190506-A427-428F-AF87-B6823C16556A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7j\waol.exe
    FirewallRules: [{C63706DB-6BC2-4ADB-A030-E5A3CB058017}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7j\waol.exe
    FirewallRules: [{054CFFC2-09AA-458F-8E35-75B4FDA33331}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7k\waol.exe
    FirewallRules: [{48AAAF1A-68AB-4626-B807-D55AC2C6A44C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7k\waol.exe
    FirewallRules: [{2D1C1F41-646C-43F2-A8C1-15BC8C8AEBA2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7l\waol.exe
    FirewallRules: [{6DA73DBB-09A4-4E53-8075-0063EF1CA6CE}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7l\waol.exe
    FirewallRules: [{95EAFA9E-B4CF-4121-8508-2AF46BB1570B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7m\waol.exe
    FirewallRules: [{EA42CA3F-68F6-4EB5-A614-B562256E4C1F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7m\waol.exe
    FirewallRules: [{8A48FBD9-84D1-455F-BC2A-795A934FDDC3}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7n\waol.exe
    FirewallRules: [{027789FB-F359-46F6-B911-F1B61E35E6E1}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7n\waol.exe
    FirewallRules: [{5A4C7587-BF95-4CCC-A026-9998A1BADE22}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7o\waol.exe
    FirewallRules: [{04B5A457-D1B2-4936-ACA6-815272D28D02}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7o\waol.exe
    FirewallRules: [{37C0A45D-378A-458E-8935-61D2217CA592}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe
    FirewallRules: [{AE88D922-B808-4302-8B0D-7DC58C8FC82E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe
    FirewallRules: [{1A66D63B-D81D-4E0E-910B-6D345E73A113}] => (Allow) C:\Users\ashley\AppData\Local\Temp\7zS4CDB\HPDiagnosticCoreUI.exe
    FirewallRules: [{E4D47CBE-58FA-43CF-8F70-294DD8B57982}] => (Allow) C:\Users\ashley\AppData\Local\Temp\7zS4CDB\HPDiagnosticCoreUI.exe
    FirewallRules: [{4FA8AA01-7C8B-4578-B4CB-ED20235E452F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{07B9D707-D925-4778-A22E-B412FD177617}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A34AFE04-5956-466F-BA90-B09598370D8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{35F36D88-C67E-4F84-8482-369D9E49851A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E7B16734-B8A3-43EF-AC4A-5A32FCC8F7ED}] => (Allow) C:\Users\ashley\AppData\Local\Temp\7zS5503\HPDiagnosticCoreUI.exe
    FirewallRules: [{F7594829-6331-4EF6-8497-DBB960C5E913}] => (Allow) C:\Users\ashley\AppData\Local\Temp\7zS5503\HPDiagnosticCoreUI.exe
    FirewallRules: [{ADE7FD32-1609-4EAC-A54B-BABE435797C6}] => (Allow) C:\Users\ashley\AppData\Local\Temp\7zS3DC1\HPDiagnosticCoreUI.exe
    FirewallRules: [{9EADC5EE-0A00-4A2A-9C9E-12BDD0B306D3}] => (Allow) C:\Users\ashley\AppData\Local\Temp\7zS3DC1\HPDiagnosticCoreUI.exe
    FirewallRules: [{03588668-3DE4-425E-8510-940E260A6081}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{6F8527B8-7C60-4917-A887-1912492D292A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{5E15A003-AFBB-44A2-8695-A1232ED956E5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    FirewallRules: [{BC1EB920-D66A-4332-9CF3-3FF540E929CC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    FirewallRules: [{517DAEC6-EFB6-4D76-B9B3-EF31C48BF05D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
    FirewallRules: [{C243A00C-D84F-4701-9CDD-5276399C6EA8}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
    FirewallRules: [{66B6A07F-7F83-4F6D-9B2C-4BD181D95C32}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
    FirewallRules: [{0E73C6DD-DA9B-4B0C-B1F0-EFE0E0211D5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
    FirewallRules: [{1B0E1F16-4D35-47DD-9003-49E34483CEF7}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7d\waol.exe
    FirewallRules: [{313AC113-6E84-4D99-941A-6F2D7A120A35}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7d\waol.exe
    FirewallRules: [{3878C1C6-C43C-4CD7-B46E-6F8E8DB9CF48}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7e\waol.exe
    FirewallRules: [{625DD578-FA48-4865-B19A-98327EC1476F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7e\waol.exe
    FirewallRules: [{A85DD908-6652-4C66-8CD2-F509309B4B1B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7f\waol.exe
    FirewallRules: [{A60DA55B-6617-4355-99EE-816157599812}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7f\waol.exe
    FirewallRules: [{0BA09844-3154-4769-B063-CA4058B4C2E9}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7g\waol.exe
    FirewallRules: [{24614204-A37D-408A-8DCA-AE120C0ADC7A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7g\waol.exe
    FirewallRules: [{84CEEAA7-5993-4A17-9773-07F26B0A4699}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7h\waol.exe
    FirewallRules: [{60B26495-F94D-4CEF-8C55-73A2C4776126}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7h\waol.exe
    FirewallRules: [{C2DCA23A-4DAF-4A12-9794-F0E69FA900F6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{D889E9D2-AD7E-4A9E-88E4-30724EF690C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    13-02-2016 11:42:13 Windows Update
    13-02-2016 19:31:01 Windows Update
    14-02-2016 11:31:55 Windows Backup
    17-02-2016 08:11:23 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Validity Sensors (WBF) (PID=0018)
    Description: Validity Sensors (WBF) (PID=0018)
    Class Guid: {24619924-aa9e-486f-99f9-847a5986b6be}
    Manufacturer: Validity Sensors, Inc.
    Service: WUDFRd
    Problem: : Reinstall the drivers for this device. (Code 18)
    Resolution: The drivers for this device must be reinstalled.
    Click "Update Driver", which starts the Hardware Update wizard.
    Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: User Mode Driver Frameworks Platform Driver
    Description: User Mode Driver Frameworks Platform Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: WudfPf
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/17/2016 08:11:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddCoreCsiFiles : BeginFileEnumeration() failed.

    System Error:
    The parameter is incorrect.
    .

    Error: (02/17/2016 08:11:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddCoreCsiFiles : BeginFileEnumeration() failed.

    System Error:
    The parameter is incorrect.
    .

    Error: (02/17/2016 07:56:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/16/2016 08:15:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/15/2016 06:41:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/15/2016 07:39:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/14/2016 01:49:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/14/2016 11:44:33 AM) (Source: Windows Backup) (EventID: 4104) (User: )
    Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

    Error: (02/14/2016 11:44:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddCoreCsiFiles : BeginFileEnumeration() failed.

    System Error:
    The parameter is incorrect.
    .

    Error: (02/14/2016 11:40:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program rsUI.exe version 1.1.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: ab0

    Start Time: 01d1675e4c909506

    Termination Time: 286

    Application Path: C:\Program Files\Reason\Security\rsUI.exe

    Report Id: a85ee5b9-d352-11e5-a09b-00038a000015


    System errors:
    =============
    Error: (02/17/2016 07:59:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The HP Network Devices Support service terminated with the following error:
    %%126

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Biometric Service service depends on the Windows Driver Foundation - User-mode Driver Framework service which failed to start because of the following error:
    %%1068

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Driver Foundation - User-mode Driver Framework service depends on the WudfPf service which failed to start because of the following error:
    %%193

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WudfPf service failed to start due to the following error:
    %%193

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Biometric Service service depends on the Windows Driver Foundation - User-mode Driver Framework service which failed to start because of the following error:
    %%1068

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Driver Foundation - User-mode Driver Framework service depends on the WudfPf service which failed to start because of the following error:
    %%193

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WudfPf service failed to start due to the following error:
    %%193

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Biometric Service service depends on the Windows Driver Foundation - User-mode Driver Framework service which failed to start because of the following error:
    %%1068

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Driver Foundation - User-mode Driver Framework service depends on the WudfPf service which failed to start because of the following error:
    %%193

    Error: (02/17/2016 07:57:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WudfPf service failed to start due to the following error:
    %%193


    CodeIntegrity:
    ===================================
    Date: 2016-02-17 09:03:07.350
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slhlim64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:03:07.289
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:02:54.982
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slhlim64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:02:54.923
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:02:23.672
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slhlim64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:02:23.608
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:00:27.611
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slhlim64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:00:27.551
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 08:53:10.433
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slhlim64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 08:53:10.372
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 38%
    Total physical RAM: 5609.91 MB
    Available physical RAM: 3468.36 MB
    Total Virtual: 11218 MB
    Available Virtual: 8438.79 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:672.88 GB) (Free:414.91 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (Recovery) (Fixed) (Total:21.6 GB) (Free:2.15 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.01 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2EE1C775)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=672.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

    ==================== End of Addition.txt ============================

  2. #2
    Member
    Join Date
    Feb 2016
    Posts
    31
    Points
    0

    Default FRST.text Addition.TXT

    Donna B

    Here is the FRST notepad text. I already sent the additional text.

    Thanks!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
    Ran by ashley (administrator) on ASHLEY-HP (17-02-2016 09:03:33)
    Running from C:\Users\ashley\Desktop
    Loaded Profiles: ashley (Available Profiles: ashley & Administrator)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1423083341\ee\aolsoftware.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    (AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\AolBrowserTab.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\AolBrowserTab.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\AolBrowserTab.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\AolBrowserTab.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP54E4C2AF0\KESLYN.EXE [1574528 2010-12-15] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1423083341\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
    HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE [73584 2015-03-18] (AOL Inc.)
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION
    HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2013-11-17]
    ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (No File)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{AA3D9A1F-7062-4550-9523-4F3745A6CEE2}: [DhcpNameServer] 209.18.47.62 209.18.47.61

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
    HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    SearchScopes: HKLM -> {C1D5A9C8-2759-4CB2-BC5C-7D6DC3E828CF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (HP)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-06-14] (Webroot)
    BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-09-30] (Webroot)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (HP)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-06-14] (Webroot)
    BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-09-30] (Webroot)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - No Name - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - No File
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-06-14] (Webroot)
    Toolbar: HKLM-x32 - No Name - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - No File
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-06-14] (Webroot)
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
    DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    Handler: WSAMVCUchrome - No CLSID Value
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

    FireFox:
    ========
    FF ProfilePath: C:\Users\ashley\AppData\Roaming\Mozilla\Firefox\Profiles\6emgzdrz.default-1413146464034
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-13] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Extension: Webroot Password Manager - C:\Users\ashley\AppData\Roaming\Mozilla\Firefox\Profiles\6emgzdrz.default-1413146464034\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}.xpi [2015-08-20]
    FF Extension: Video DownloadHelper - C:\Users\ashley\AppData\Roaming\Mozilla\Firefox\Profiles\6emgzdrz.default-1413146464034\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-01-16]
    FF Extension: Adblock Plus - C:\Users\ashley\AppData\Roaming\Mozilla\Firefox\Profiles\6emgzdrz.default-1413146464034\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-02-12] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-12-31] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
    FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-09-30]
    FF HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Firefox\Extensions: [{5312AEAC-FCAC-11E1-8270-B8AC6F996F26}] - C:\Users\ashley\AppData\Local\{5312AEAC-FCAC-11E1-8270-B8AC6F996F26} => not found

    Chrome:
    =======
    CHR Profile: C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]
    CHR Extension: (Google Docs) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]
    CHR Extension: (Google Drive) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
    CHR Extension: (YouTube) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]
    CHR Extension: (Google Search) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]
    CHR Extension: (Google Sheets) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]
    CHR Extension: (Google Docs Offline) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-10]
    CHR Extension: (Webroot Filtering Extension) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-01-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
    CHR Extension: (Webroot Password Manager) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-06-25]
    CHR Extension: (Gmail) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]
    CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-06-14]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [0 ] (Amazon.com) <==== ATTENTION (zero byte File/Folder)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-30] (Symantec Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [82680 2015-12-24] (Reason Software Company Inc.)
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2015-12-14] (Enigma Software Group USA, LLC.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)
    S2 HPSLPSVC; C:\Users\ashley\AppData\Local\Temp\7zS03E8\hpslpsvc64.dll [X]
    S2 TeamViewer; "c:\users\ashley\appdata\local\temp\teamviewer\TeamViewer_Service.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-06-20] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-20] ()
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-24] (GFI Software)
    R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-05-24] (McAfee, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
    S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] () [File not signed]
    S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] () [File not signed]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    U0 SR; no ImagePath
    U2 srservice; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-17 09:03 - 2016-02-17 09:04 - 00034180 _____ C:\Users\ashley\Desktop\FRST.txt
    2016-02-17 09:03 - 2016-02-17 09:03 - 00000000 ____D C:\FRST
    2016-02-17 09:01 - 2016-02-17 09:02 - 02371072 _____ (Farbar) C:\Users\ashley\Desktop\FRST64.exe
    2016-02-17 07:58 - 2016-02-17 07:58 - 00000000 ____D C:\Users\ashley\AppData\Local\{9A6C2CC9-19E2-4BD6-9554-E961C3FE70F8}
    2016-02-16 17:04 - 2016-02-16 17:04 - 00455679 _____ C:\Users\ashley\Desktop\GB-711IDL.pdf
    2016-02-16 08:18 - 2016-02-16 08:18 - 00000000 ____D C:\Users\ashley\AppData\Local\{4C2ED0B8-2A9E-46B6-B076-AAE92636B210}
    2016-02-15 19:47 - 2016-02-15 19:47 - 00000000 ____D C:\Users\ashley\AppData\Local\{676578E6-25C1-4609-9280-AA7555A44EAF}
    2016-02-15 15:09 - 2016-02-15 15:09 - 00051138 _____ C:\Users\ashley\Desktop\Winnie form.pdf
    2016-02-15 07:46 - 2016-02-15 07:46 - 00000000 ____D C:\Users\ashley\AppData\Local\{00D56180-CE7B-4254-9035-909AD4119F79}
    2016-02-14 15:29 - 2016-02-14 15:29 - 00000000 ____D C:\Users\ashley\Desktop\water heater photos feb14,2016
    2016-02-14 15:28 - 2016-02-14 15:29 - 02895215 _____ C:\Users\ashley\Desktop\20160214_151803_resized.zip
    2016-02-14 11:31 - 2016-02-14 11:31 - 00000000 ____D C:\Users\ashley\AppData\Local\{0E93E05A-3FDB-421A-8BB3-81AFC14F6DEC}
    2016-02-13 11:55 - 2016-02-13 11:55 - 01508352 _____ C:\Users\ashley\Desktop\AdwCleaner.exe
    2016-02-13 11:28 - 2016-02-13 11:28 - 00000000 ____D C:\Users\ashley\AppData\Local\{F0E81D6F-1742-4E86-B020-8D345D9F6292}
    2016-02-12 09:30 - 2016-02-12 09:30 - 00568583 _____ C:\Users\ashley\Desktop\form 912COT-ST912.pdf
    2016-02-12 09:18 - 2016-02-12 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-12 07:45 - 2016-02-12 07:46 - 00000000 ____D C:\Users\ashley\AppData\Local\{7DDE321C-3EA8-40EB-A0D5-EBD38BF11712}
    2016-02-11 14:43 - 2016-02-11 14:43 - 43804877 _____ C:\Users\ashley\Downloads\Sugarhill Gang Apache (Jump On It).wmv
    2016-02-11 07:55 - 2016-02-11 07:56 - 00000000 ____D C:\Users\ashley\AppData\Local\{CFE4E64E-DB51-4543-9C39-092482BC2AC9}
    2016-02-10 19:56 - 2016-02-11 18:23 - 00001282 _____ C:\Users\Public\Desktop\herdProtect.lnk
    2016-02-10 19:56 - 2016-02-11 18:23 - 00001282 _____ C:\ProgramData\Desktop\herdProtect.lnk
    2016-02-10 19:56 - 2016-02-10 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
    2016-02-10 19:55 - 2016-02-10 19:55 - 00000000 ____D C:\Users\ashley\AppData\Local\{061889B4-9276-49AE-9AF0-66ED5DD59D9C}
    2016-02-10 19:38 - 2016-02-10 19:38 - 00000000 ____D C:\Program Files (x86)\GUMD7C8.tmp
    2016-02-10 19:35 - 2016-02-10 19:35 - 00003538 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
    2016-02-10 19:35 - 2016-02-10 19:35 - 00003408 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
    2016-02-10 19:33 - 2016-02-11 18:23 - 00001072 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
    2016-02-10 19:33 - 2016-02-11 18:23 - 00001072 _____ C:\ProgramData\Desktop\Reason Core Security.lnk
    2016-02-10 19:33 - 2016-02-10 19:56 - 00000000 ____D C:\Program Files\Reason
    2016-02-10 19:33 - 2016-02-10 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
    2016-02-10 19:28 - 2016-02-10 19:28 - 00000000 ____D C:\Users\ashley\AppData\Local\PackageAware
    2016-02-10 13:37 - 2016-02-10 13:37 - 00000000 ____D C:\Program Files (x86)\GUM7D11.tmp
    2016-02-10 13:11 - 2016-02-10 13:13 - 00000000 ____D C:\Users\ashley\Desktop\The People v OJ Simpson
    2016-02-10 12:00 - 2016-02-10 12:30 - 00000000 ____D C:\Users\ashley\Desktop\The grinder season 2
    2016-02-10 11:54 - 2016-02-10 11:54 - 00145740 _____ C:\Users\ashley\Desktop\NY claim form.pdf
    2016-02-10 08:37 - 2016-02-10 08:37 - 00000000 ____D C:\Program Files (x86)\GUMDA67.tmp
    2016-02-10 07:53 - 2016-02-10 07:54 - 00000000 ____D C:\Users\ashley\AppData\Local\{67855600-513D-40F8-86D5-61116324CEDB}
    2016-02-09 17:37 - 2016-02-09 17:37 - 00000000 ____D C:\Program Files (x86)\GUM98C.tmp
    2016-02-09 12:37 - 2016-02-09 12:37 - 00000000 ____D C:\Program Files (x86)\GUM5F73.tmp
    2016-02-09 07:39 - 2016-02-09 07:39 - 00000000 ____D C:\Program Files (x86)\GUM2960.tmp
    2016-02-09 07:25 - 2016-02-09 07:25 - 00000000 ____D C:\Users\ashley\AppData\Local\{858C67F0-3F51-4402-BE92-390A32F5A1FA}
    2016-02-08 13:37 - 2016-02-08 13:37 - 00000000 ____D C:\Program Files (x86)\GUM1E6E.tmp
    2016-02-08 12:45 - 2016-02-08 12:47 - 00216846 _____ C:\TDSSKiller.3.0.0.44_08.02.2016_12.45.30_log.txt
    2016-02-08 08:38 - 2016-02-08 08:38 - 00000000 ____D C:\Program Files (x86)\GUMB396.tmp
    2016-02-08 07:47 - 2016-02-08 07:47 - 00000000 ____D C:\Users\ashley\AppData\Local\{44716535-268C-4487-B9DE-8DC11638850C}
    2016-02-07 13:38 - 2016-02-07 13:38 - 00000000 ____D C:\Program Files (x86)\GUM32E2.tmp
    2016-02-07 13:15 - 2016-02-07 13:16 - 00000000 ____D C:\Users\ashley\AppData\Local\{D6F3BAC7-D782-4713-9920-AFA2AB907BEE}
    2016-02-06 23:31 - 2016-02-06 23:32 - 00000000 ____D C:\Users\ashley\AppData\Local\{DD641F35-7B95-4237-A0BE-444407635514}
    2016-02-06 21:38 - 2016-02-06 21:38 - 00000000 ____D C:\Program Files (x86)\GUM2EFE.tmp
    2016-02-06 16:38 - 2016-02-06 16:38 - 00000000 ____D C:\Program Files (x86)\GUMF404.tmp
    2016-02-06 11:38 - 2016-02-06 11:38 - 00000000 ____D C:\Program Files (x86)\GUM57DF.tmp
    2016-02-06 11:31 - 2016-02-06 11:31 - 00000000 ____D C:\Users\ashley\AppData\Local\{CB97F3FD-B612-4AF5-A9AD-7EE278C0D33C}
    2016-02-05 17:37 - 2016-02-05 17:37 - 00000000 ____D C:\Program Files (x86)\GUMBF88.tmp
    2016-02-05 10:37 - 2016-02-05 10:37 - 00000000 ____D C:\Program Files (x86)\GUMA8CC.tmp
    2016-02-05 10:19 - 2016-02-05 10:19 - 00000000 ____D C:\Users\ashley\AppData\Local\{5EF3A46D-6E5F-46A2-9B94-15CFEA98686B}
    2016-02-04 16:49 - 2016-02-04 17:00 - 00000000 ____D C:\Users\ashley\Desktop\Jimmy Kimmel
    2016-02-04 14:37 - 2016-02-04 14:37 - 00000000 ____D C:\Program Files (x86)\GUM1BEE.tmp
    2016-02-04 09:38 - 2016-02-04 09:38 - 00000000 ____D C:\Program Files (x86)\GUM870A.tmp
    2016-02-04 09:30 - 2016-02-04 09:30 - 00000000 ____D C:\Users\ashley\AppData\Local\{072D6D1C-758B-4658-A73A-2BF30E05FD9F}
    2016-02-03 16:15 - 2016-02-03 16:15 - 00486928 _____ C:\Users\ashley\Desktop\Shopping List Feb 5 page 2.pdf
    2016-02-03 16:14 - 2016-02-03 16:14 - 00647788 _____ C:\Users\ashley\Desktop\Shopping List Feb 5 page 1.pdf
    2016-02-03 16:13 - 2016-02-03 16:13 - 00516764 _____ C:\Users\ashley\Desktop\Menu Feb 5 thru March 4.pdf
    2016-02-03 14:37 - 2016-02-03 14:37 - 00000000 ____D C:\Program Files (x86)\GUMDB85.tmp
    2016-02-03 11:51 - 2016-02-03 11:51 - 00987728 _____ (Google Inc.) C:\Users\ashley\Desktop\ChromeSetup.exe
    2016-02-03 09:38 - 2016-02-03 09:38 - 00000000 ____D C:\Program Files (x86)\GUM37E1.tmp
    2016-02-03 09:18 - 2016-02-03 09:18 - 00000000 ____D C:\Users\ashley\AppData\Local\{D9E1E5B1-57E0-49E7-9CC4-0C2601E3874E}
    2016-02-02 17:02 - 2016-02-02 17:02 - 00110815 _____ C:\Users\ashley\Desktop\1099-2015-AshleyDJohnson.pdf
    2016-02-02 16:38 - 2016-02-02 16:38 - 00000000 ____D C:\Program Files (x86)\GUM41B6.tmp
    2016-02-02 15:03 - 2016-02-02 15:03 - 00599491 _____ C:\Users\ashley\Desktop\3_CarcoBackgroundCheckForm.pdf
    2016-02-02 13:45 - 2016-02-02 13:45 - 00125097 _____ C:\Users\ashley\Desktop\2_MYSIDEDOCUMENT.zip
    2016-02-02 11:30 - 2016-02-02 11:30 - 03855576 _____ (Reason Software Company Inc.) C:\Users\ashley\Desktop\reason-core-security-setup_1.1.1.0.exe
    2016-02-02 11:28 - 2016-02-02 11:28 - 02873112 _____ (Reason Company Software Inc.) C:\Users\ashley\Desktop\herdProtectScan_Setup.exe
    2016-02-02 11:22 - 2016-02-02 11:23 - 00000000 ____D C:\Users\ashley\AppData\Local\{7DBF30D5-6BE0-4D70-AA14-1FEB92D05478}
    2016-02-01 17:37 - 2016-02-01 17:37 - 00000000 ____D C:\Program Files (x86)\GUMB5A8.tmp
    2016-02-01 11:57 - 2016-02-01 11:57 - 00000000 ____D C:\Users\ashley\AppData\Local\{A07A86F5-6B71-4939-8F19-158690360D9E}
    2016-01-31 09:39 - 2016-01-31 09:40 - 00000000 ____D C:\Users\ashley\AppData\Local\{B1DDBB26-185D-4B4D-A8DF-BD6BC27E1AC6}
    2016-01-30 15:06 - 2016-01-30 15:06 - 00000000 ____D C:\Users\ashley\AppData\Local\{4FEE8573-FB05-47B6-A359-E6FF1805A635}
    2016-01-29 14:33 - 2016-01-29 15:54 - 00000000 ____D C:\Users\ashley\Desktop\Lost in Space Season 2
    2016-01-29 14:32 - 2016-01-29 14:33 - 00000000 ____D C:\Users\ashley\Desktop\Lost in Space
    2016-01-29 11:34 - 2016-01-29 11:34 - 00000000 ____D C:\Users\ashley\AppData\Local\{F5B853B4-18BA-473C-8350-AB6111B6D417}
    2016-01-28 14:06 - 2016-01-28 14:06 - 00013312 ___SH C:\Users\ashley\Downloads\Thumbs.db
    2016-01-28 13:58 - 2016-01-28 13:58 - 00599302 _____ C:\Users\ashley\Desktop\Ashley Johnson I-9 FOX pg2.pdf
    2016-01-28 13:57 - 2016-01-28 13:57 - 00580893 _____ C:\Users\ashley\Desktop\Ashley Johnson I-9 FOX pg1.pdf
    2016-01-28 13:55 - 2016-01-28 13:55 - 00221268 _____ C:\Users\ashley\Desktop\Ashley Johnson Drivers license and ss card.pdf
    2016-01-28 13:46 - 2016-01-28 13:46 - 00000000 ____D C:\Users\ashley\Desktop\I-9FORM
    2016-01-28 12:57 - 2016-01-28 12:57 - 00117103 _____ C:\Users\ashley\Desktop\PasswordAssistance.pdf
    2016-01-28 10:54 - 2016-01-28 10:54 - 00000000 ____D C:\Users\ashley\AppData\Local\{0C123726-A8A8-4621-8AC8-6805A31A4D0A}
    2016-01-27 22:53 - 2016-01-27 22:53 - 00000000 ____D C:\Users\ashley\AppData\Local\{1EDA7A9B-4B17-49C9-AB69-745F4279D24E}
    2016-01-27 10:51 - 2016-01-27 10:51 - 00000000 ____D C:\Users\ashley\AppData\Local\{754DBACF-4934-4AF2-8FEE-316DE0C7368C}
    2016-01-26 16:05 - 2016-01-26 16:05 - 00318445 _____ C:\Users\ashley\Desktop\Johnson,Ashley-CrewDealMemo01.26.16.pdf
    2016-01-26 15:29 - 2016-01-26 15:30 - 51736999 _____ C:\Users\ashley\Desktop\N.W.A. - Straight Outta Compton.wmv
    2016-01-26 10:38 - 2016-01-26 10:39 - 00000000 ____D C:\Users\ashley\AppData\Local\{8C3D21B0-1A2A-49EE-98D3-49406BFEA331}
    2016-01-25 18:53 - 2016-01-25 20:41 - 00000000 ____D C:\Users\ashley\Desktop\Toni Braxton
    2016-01-25 11:08 - 2016-01-25 11:08 - 00000000 ____D C:\Users\ashley\AppData\Local\{D958BA0E-F99A-4A4B-8826-570D12E83B97}
    2016-01-24 13:02 - 2016-01-24 13:13 - 00217118 _____ C:\TDSSKiller.3.1.0.9_24.01.2016_13.02.45_log.txt
    2016-01-24 13:01 - 2016-01-24 13:02 - 04633146 _____ C:\Users\ashley\Desktop\tdsskiller.zip
    2016-01-24 12:59 - 2016-01-24 12:59 - 00000366 _____ C:\TDSSKiller.3.0.0.44_24.01.2016_12.59.26_log.txt
    2016-01-24 12:33 - 2016-01-24 12:33 - 00000000 ____D C:\Users\ashley\AppData\Local\{429E3BCC-E0D6-4046-83EE-2D1FE63FBFBA}
    2016-01-23 11:39 - 2016-01-23 11:39 - 00000000 ____D C:\Users\ashley\AppData\Local\{2A4E4AEA-85A0-40AE-8C94-0D9AC309EA63}
    2016-01-22 11:35 - 2016-02-15 17:54 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForashley
    2016-01-22 11:35 - 2016-02-15 17:54 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForashley.job
    2016-01-22 09:54 - 2016-01-22 09:54 - 00000000 ____D C:\Users\ashley\AppData\Local\{FB5F4856-082B-4971-8E0E-D29B2753E446}
    2016-01-21 12:23 - 2016-01-21 12:32 - 00000000 ____D C:\Users\ashley\Desktop\edd paystubs
    2016-01-21 10:38 - 2016-02-04 17:03 - 00000000 ____D C:\Users\ashley\Desktop\Justman rubenstein
    2016-01-21 10:27 - 2016-01-21 10:27 - 00000000 ____D C:\Users\ashley\AppData\Local\{A54EA2EC-8768-4B89-A7CF-FE649745BEEE}
    2016-01-20 17:02 - 2016-01-20 17:02 - 00424724 _____ C:\Users\ashley\Desktop\Ebt notice of action letter.pdf
    2016-01-20 10:02 - 2016-01-20 10:02 - 00000000 ____D C:\Users\ashley\AppData\Local\{60708E0F-AAA5-4A64-96C6-BBFE53BA1819}
    2016-01-19 18:28 - 2016-01-19 18:29 - 07647546 _____ C:\Users\ashley\Desktop\Dealcompleted with company signaturesJohnson-Ashley_Actor.pdf
    2016-01-19 11:38 - 2016-01-19 11:38 - 00000000 ____D C:\Users\ashley\AppData\Local\{26A30752-3FDC-4A28-9CE1-C67A8022AFF7}
    2016-01-18 23:37 - 2016-01-18 23:37 - 00000000 ____D C:\Users\ashley\AppData\Local\{37834BF8-FACD-4272-A424-CE8828758C62}
    2016-01-18 13:07 - 2016-01-18 13:07 - 00487427 _____ C:\Users\ashley\Downloads\system-map.pdf
    2016-01-18 10:21 - 2016-01-18 10:21 - 00000000 ____D C:\Users\ashley\AppData\Local\{158DDAC5-4520-4A0C-B254-B8353C89741D}

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-17 09:03 - 2015-06-14 18:13 - 00000000 ____D C:\ProgramData\WRData
    2016-02-17 08:46 - 2015-05-15 12:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-17 08:22 - 2012-09-01 12:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-02-17 08:04 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-02-17 08:04 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-02-17 07:59 - 2015-03-13 19:51 - 09213202 _____ C:\Windows\ntbtlog.txt
    2016-02-17 07:58 - 2012-07-01 21:32 - 00000000 ____D C:\Users\ashley\Tracing
    2016-02-17 07:57 - 2015-05-15 12:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-17 07:57 - 2013-12-07 17:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-02-17 07:57 - 2012-05-01 17:57 - 00000000 ____D C:\Users\ashley\AppData\LocalLow\AuthenTec
    2016-02-17 07:56 - 2015-12-19 23:11 - 00000747 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
    2016-02-17 07:56 - 2015-12-19 23:11 - 00000747 _____ C:\ProgramData\Desktop\Webroot SecureAnywhere.lnk
    2016-02-17 07:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-02-16 15:37 - 2012-05-01 18:03 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5582C10E-D0BA-48B8-9D6D-8B245C66BADC}
    2016-02-16 12:05 - 2015-06-10 16:43 - 09472512 ___SH C:\Users\ashley\Desktop\Thumbs.db
    2016-02-16 11:51 - 2013-07-21 14:12 - 00000454 ____H C:\Windows\Tasks\Norton Security Scan for ashley.job
    2016-02-15 14:39 - 2015-05-15 14:08 - 00000000 ____D C:\Users\ashley\Desktop\lyp sync battle
    2016-02-15 14:39 - 2012-06-29 15:48 - 00000000 ____D C:\Users\ashley\dwhelper
    2016-02-15 14:21 - 2015-08-17 12:50 - 00000000 ____D C:\Users\ashley\Desktop\new set videos from 2000s
    2016-02-15 11:07 - 2013-12-22 12:49 - 00000000 ____D C:\Users\ashley\Desktop\Movies
    2016-02-14 13:49 - 2009-07-13 21:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-02-14 11:20 - 2012-05-10 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-02-14 11:20 - 2012-05-10 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-02-13 20:03 - 2013-09-08 11:56 - 00000000 ____D C:\Windows\system32\MRT
    2016-02-13 19:48 - 2012-05-13 16:07 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-02-13 19:47 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
    2016-02-13 19:46 - 2012-05-10 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-02-13 19:41 - 2015-02-25 15:50 - 00000134 _____ C:\Users\ashley\Desktop\Internet Explorer Troubleshooting.url
    2016-02-13 18:35 - 2014-03-15 18:22 - 00000000 ____D C:\Users\ashley\AppData\Roaming\vlc
    2016-02-13 11:56 - 2013-12-15 01:05 - 00000000 ____D C:\AdwCleaner
    2016-02-12 14:05 - 2015-05-19 12:47 - 00000000 ____D C:\Users\ashley\Desktop\tools
    2016-02-10 21:43 - 2015-05-15 12:46 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-10 21:43 - 2015-05-15 12:46 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-10 21:43 - 2015-05-15 12:46 - 00002219 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2016-02-10 21:41 - 2015-05-15 12:42 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-10 21:41 - 2015-05-15 12:42 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-10 20:28 - 2015-08-30 13:45 - 00000000 ____D C:\ProgramData\iolo
    2016-02-10 20:21 - 2013-06-19 22:10 - 00000000 ____D C:\Program Files (x86)\WildGames
    2016-02-10 20:20 - 2011-11-09 09:35 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2016-02-10 20:20 - 2011-11-09 09:35 - 00000000 ____D C:\Program Files (x86)\HP Games
    2016-02-10 20:20 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-02-10 20:16 - 2013-06-19 22:05 - 00000000 ____D C:\Users\ashley\AppData\Roaming\WildTangent
    2016-02-10 20:16 - 2011-11-09 09:35 - 00000000 ____D C:\ProgramData\WildTangent
    2016-02-10 11:22 - 2012-09-01 12:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-02-10 11:22 - 2012-05-15 00:55 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-02-10 11:22 - 2011-11-09 09:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-08 12:47 - 2013-11-25 15:22 - 00000000 ____D C:\TDSSKiller_Quarantine
    2016-02-07 13:40 - 2014-02-16 19:46 - 00000000 ____D C:\Users\ashley\Desktop\Oldies
    2016-02-04 17:04 - 2015-01-12 23:09 - 00000000 ____D C:\Users\ashley\Desktop\Elit management
    2016-02-04 17:01 - 2015-02-15 15:24 - 00000000 ____D C:\Users\ashley\Desktop\Ashley Miscellaenous
    2016-02-03 17:26 - 2012-05-03 20:21 - 00000000 ____D C:\Users\ashley\Documents\Ashley
    2016-02-02 13:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-01-31 00:24 - 2015-10-04 14:28 - 00000000 ____D C:\Users\ashley\Desktop\ActivityLog-20150925
    2016-01-31 00:20 - 2016-01-10 18:40 - 00000000 ____D C:\Users\ashley\Desktop\Dallas cowboys cheerleraders season 10
    2016-01-31 00:20 - 2015-11-06 16:00 - 00000000 ____D C:\Users\ashley\Desktop\Burned movies
    2016-01-27 15:52 - 2015-04-29 16:15 - 00000000 ____D C:\Users\ashley\Desktop\finalized acting pictures
    2016-01-27 15:52 - 2013-10-22 19:26 - 00000000 ____D C:\Users\ashley\Documents\AJohnson003
    2016-01-26 18:27 - 2014-04-12 14:39 - 00000000 ____D C:\Users\ashley\Documents\Aimersoft DVD Creator
    2016-01-25 18:13 - 2012-07-16 23:41 - 00000000 ____D C:\Users\ashley\AppData\Local\ElevatedDiagnostics
    2016-01-24 12:57 - 2012-05-21 19:02 - 00000000 ____D C:\Users\ashley\AppData\Local\CrashDumps
    2016-01-22 11:35 - 2012-05-01 17:57 - 00000000 ____D C:\Users\ashley

    ==================== Files in the root of some directories =======

    2015-06-14 18:28 - 2015-06-14 18:28 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2015-12-23 12:52 - 2016-01-16 12:25 - 0000600 _____ () C:\Users\ashley\AppData\Local\PUTTY.RND
    2012-09-06 20:19 - 2012-09-06 20:19 - 0000001 _____ () C:\ProgramData\6rGWnSXN.exe.b
    2012-09-06 20:19 - 2012-09-06 20:19 - 0000001 _____ () C:\ProgramData\6rGWnSXN.exe_.b
    2013-09-17 14:01 - 2013-09-17 14:01 - 0000057 _____ () C:\ProgramData\Ament.ini
    2013-02-07 14:24 - 2014-04-10 19:21 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
    2013-02-07 14:25 - 2014-04-10 19:21 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
    2013-02-07 14:24 - 2014-04-10 18:54 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
    2013-02-07 14:24 - 2014-04-10 18:54 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

    Some files in TEMP:
    ====================
    C:\Users\ashley\AppData\Local\Temp\AcsInstall.dll
    C:\Users\ashley\AppData\Local\Temp\Quarantine.exe
    C:\Users\ashley\AppData\Local\Temp\VSUSetup.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-08 08:52

    ==================== End of FRST.txt ============================

  3. #3
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi teapotslvr,

    Thank you for the logs. I have merged the two posts together as one to make it easier to review. Let's keep it all in one topic. Please do not start another topic when you reply. When you do reply, post your reply in the Quick Reply box at the bottom of the thread, then click on the Post Quick Reply button to submit your reply.

    Give me a moment to review the logs. I'll get back with a solution as soon as possible.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi teapotslvr,

    You have several security programs\scanners installed\running on your computer.

    I see the following running in the log:

    AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

    Both are enabled and up to date, but the real-time protection of two or more antivirus programs may conflict with each other and cause the following:
    • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
    • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
    • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.


    I don't see where Webroot is located in the installed programs list, which I find very strange, but I see there is a link to Webroot SecureAnywhere located on the desktop. Was that free or did you purchase the program? We need to uninstall one of those programs and out of the two, I would suggest keeping Microsoft Security Essentials which is much more reliable. Let me know and I can uninstall Webroot using a script in FRST..

    You have other programs installed that are questionable, and are usually found when you go looking for a solution and they are advertised as the answer to all of your problems when in reality there are other programs that are much more reliable. Personally I would uninstall them. I can recommend other programs that are much safer and relied upon by some of the best malware removal experts world round.

    The one I would like to ask you to uninstall is as follows:

    The following programs, in order to get the support they offer, you have to allow the support team to access your computer remotely. Personally, I would never allow a total stranger access my computer remotely with all the identity theft around.

    AOL Uninstaller
    Assist by AOL PC Scan


    These programs are outdated and need to be uninstalled. Older versions have vulnerabilities that malware can use to infect your system.

    Java 7 Update 7
    JavaFX


    We can reinstall Java when we're through cleaning you up if you like. It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over. You can read more about that here.

    Last I heard, the following program was still in beta form. It's always best to wait till a stable version is released to make sure all the bugs are worked out.

    herdProtect Anti-Malware Scanner

    Reason Core Security is similar to herd protect and Assist by AOL. I would uninstall it as well. If you want a reliable anti malware program that is trustworthy, I can recommend one that I guarantee is much safer.

    Should I Remove It > That's another one of those programs that are the answer to your problems that are found on sites and is advertised to the answer to all your problems. There are better ones of this type I could recommend as well.

    Slim Toolbar 1.2 and SpyHunter need to be uninstalled as well. You can read the low down about SpyHunter here

    Please uninstall the programs above that I have in bold and let me know which ones you chose to keep. We'll proceed once you point out the ones you removed so I can include the residual files in a fix script.

    The complete list that needs to be uninstalled is as follows:

    AOL Uninstaller
    Assist by AOL PC Scan
    Java 7 Update 7
    JavaFX
    herdProtect Anti-Malware Scanner
    Reason Core Security
    Should I Remove It
    Slim Toolbar 1.2
    SpyHunter


    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member
    Join Date
    Feb 2016
    Posts
    31
    Points
    0

    Default

    Hello Donna!

    I apologize for taking awhile to respond to your post, and creating a second thread. However, for some reason the reply options did not appear at the bottom of the page when I tried to respond so i didn't know any other way to contact you other that starting the new thread!!!

    Thank you so much for the wonderful suggestions. I uninstalled everything on the list you sent except for the AOL uninstaller. My question with that is if I uninstall the AOL uninstaller, will I also be uninstalling the program? Now about Webroot. I got the cd free from Best Buy when I purchased my notepad and installed it on my notepad and laptop. The subscription ran out and I did not want to renew it and I tried uninstalling it and it would not uninstall. even after I have used the control panel unistall feature. I should say whatit did was remove the lgo from the control panel, but it did not remove the program from my system. I even tried using the Revo Uninstaller but that keeps telling me that Webroot is not on the computer, but it is!!! I contacted Webroot and they told me what to do and it still would not uninstall. I contacted them again and they sent back instructions and a phone number but the instructions seemed just too technical tome so I left it along. PLEASE uninstall it using the script in FRST or send me instructions (step by step) on how to do this.

    I would also like you to send the list of malware programs that you recommend that are free and don't piggyback third party sites. I do have another issue. I keep getting pop up notifications from Webroot and other programs when I have specifically turned them off the notifications in the notification section in Windows and they keep popping up. What can I do to stop this? I also forgot to mention that something in my Windows defender will not allow me to upgrade from IE explorer 9 to IE explorer 10.

    Thanks so much again.
    Gena
    Last edited by teapotslvr; 02-21-2016 at 05:16 PM.

  6. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi teapotslvr,

    I apologize for taking awhile to respond to your post, and creating a second thread. However, for some reason the reply options did not appear at the bottom of the page when I tried to respond so i didn't know any other way to contact you other that starting the new thread!!!
    No biggie! Let me know if you encounter any more problems posting.

    I uninstalled everything on the list you sent except for the AOL uninstaller. My question with that is if I uninstall the AOL uninstaller, will I also be uninstalling the program?
    Yes it will. AOL Uninstaller is for the purpose of uninstalling software by AOL that is difficult to uninstall. Only other AOL program that was installed was the Assist by AOL PC Scan program I had you uninstall in my last post. There really is no need for it. I see many had a difficult time getting rid of the program by trying to uninstall from Programs and Features. One example is found >>here<<.

    If you have a difficult time uninstalling it, I can include it in my FRST fix script, but I want to make sure you try to uninstall it from the Control Panel first. I'm not too keen on uninstalling software from other peoples computers without their permission, unless of course I know for sure it is malware. This is not malware but it is unnecessary and a waste of space and resources since it is running.

    As for Webroot, not a problem. I can remove that completely as well. I am sure that once we trim down the multi antiviruses and unnecessary programs running you will see a noticeable difference in performance.

    Let me know if you uninstall AOL uninstaller and I will include the orphaned registry keys in my fix.

    Once we get the little things taken care of I would be more than happy to share a list of malware programs that I recommend and are free that will play well with the other security programs you have installed.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  7. #7
    Member
    Join Date
    Feb 2016
    Posts
    31
    Points
    0

    Default

    Hi Donna,

    Just took a quick look at your reply and will respond in more depth later,but please DO NOT remove the AOL Uninstaller. I am not going to uninstall it. WE have too much information in this version.

    Thanks,
    Gena

  8. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Gena, (may I call you Gena? )

    In post #5 you mentioned the following:

    My question with that is if I uninstall the AOL uninstaller, will I also be uninstalling the program?
    Which program are you referring to? The AOL Uninstaller software is for the sole purpose to remove residual files after uninstalling an AOL application just like revo uninstaller is used to uninstall a difficult application that may leave behind orphaned keys in the registry.

    I'll look into this a bit more, but I am quite sure the AOL Uninstaller does not save information such as data. It just removes the files associated with any AOL software that is being uninstalled.

    Back soon.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  9. The Following User Says Thank You to DonnaB For This Useful Post:


  10. #9
    Member
    Join Date
    Feb 2016
    Posts
    31
    Points
    0

    Default

    Hi Donna,

    Of course you can call me Gena! The program I was referring to was AOL, in other words if the uninstaller was removed, would the AOL program be removed as well. You had said it would be in a previous thread (unless I misunderstood you and if i did, I apologize!). Regardless, of whether it removes AOL or it doesn't, I do not want to remove the uninstaller, so please don't worry about it anymore and thank you for researching it for me! Right now my concern is removing Webroot and trying to figure out why Windows defender blocks me from upgrading IE 9 to a newer version.

    Thanks,
    Gena

  11. #10
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Of course you can call me Gena!
    Thank you.

    I did find out that AOL Uninstaller is as I stated above. It's purpose is to remove residual files left behind after any AOL software uninstall. We can leave it. Let's get rid of WebRoot and see if we can get IE updated to the latest version which is IE11 for Windows 7.

    Please do the following:

    • Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
    • Please copy the entire contents of the code box below from start to end.
      (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    • Save it to the desktop as fixlist.txt.

      Code:
      start
      CloseProcesses:
      CreateRestorePoint:
      AlternateDataStreams: C:\Windows:nlsPreferences
      AlternateDataStreams: C:\Users\ashley\Desktop\Ashley close.jpg:com.dropbox.attributes
      AlternateDataStreams: C:\Users\ashley\Desktop\Ashley Johnson_jpgs_4-20-15:com.dropbox.attributes
      AlternateDataStreams: C:\Users\ashley\Desktop\Ashley_4-20-15_212.jpg:com.dropbox.attributes
      AlternateDataStreams: C:\Users\ashley\Desktop\Ashley_resized.jpg:com.dropbox.attributes
      AlternateDataStreams: C:\Users\ashley\Desktop\blue attitude1.jpg:com.dropbox.attributes
      AlternateDataStreams: C:\Users\ashley\Desktop\blue attitude2.jpg:com.dropbox.attributes
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
      HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
      HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
      HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
      HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
      HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
      HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
      HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
      HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
      (Webroot) C:\Program Files\Webroot\WRSA.exe
      HKLM-x32\...\Run: [] => [X]
      HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
      SearchScopes: HKLM -> {C1D5A9C8-2759-4CB2-BC5C-7D6DC3E828CF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
      SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-06-14] (Webroot)
      C:\ProgramData\WRData
      Toolbar: HKLM - No Name - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - No File
      Toolbar: HKLM-x32 - No Name - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - No File
      DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
      Handler: WSAMVCUchrome - No CLSID Value
      FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
      FF HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...\Firefox\Extensions: [{5312AEAC-FCAC-11E1-8270-B8AC6F996F26}] - C:\Users\ashley\AppData\Local\{5312AEAC-FCAC-11E1-8270-B8AC6F996F26} => not found
      S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2015-12-14] (Enigma Software Group USA, LLC.)
      R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)
      S2 HPSLPSVC; C:\Users\ashley\AppData\Local\Temp\7zS03E8\hpslpsvc64.dll [X]
      S2 TeamViewer; "c:\users\ashley\appdata\local\temp\teamviewer\TeamViewer_Service.exe" [X]
      S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
      U0 SR; no ImagePath
      U2 srservice; no ImagePath
      2016-02-17 07:56 - 2015-12-19 23:11 - 00000747 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
      2016-02-17 07:56 - 2015-12-19 23:11 - 00000747 _____ C:\ProgramData\Desktop\Webroot SecureAnywhere.lnk
      2016-02-10 20:28 - 2015-08-30 13:45 - 00000000 ____D C:\ProgramData\iolo
      HKU\S-1-5-21-3449584003-1648427073-2611241826-1001\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION
      ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (No File)
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      Task: {067B40A1-170D-4DC7-A23C-DFF62B7DCE6F} - System32\Tasks\Norton Security Scan for ashley => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
      C:\PROGRA~2\NORTON~2
      Task: {66C9D69D-DA5A-49EC-9205-2E610ABCFBFE} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
      C:\Program Files (x86)\Norton Identity Safe
      Task: {8E6BD407-618B-4AF2-B480-9B28AE798D4B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
      Task: C:\Windows\Tasks\Norton Security Scan for ashley.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
      CMD: bitsadmin /reset /allusers
      CMD: ipconfig /flushdns
      Emptytemp:
      end
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Right click on the frst64.exe icon found on your desktop and press the Fix button just once and wait.
    • Your computer should reboot on it's own, if it does not, please reboot your computer.
    • The tool will make a log (Fixlog.txt) which you will find on the desktop. Please post it in your next reply.


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 1 of 6 123 ... LastLast