Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue Page with very unhappy smiley face

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 21st, 2017, 7:23 pm

Hi Chris,

CrisYouSasyMedic1 wrote:Hope I understood correct, for me to post the logs separate. I'm not sure if they are to big so I guess I'll post 3 different reply's.

Yes, that's exactly what I wanted. :thumbleft:

CrisYouSasyMedic1 wrote: And, when I started the Adwcleaner, I had forgotten to turn off my Kaspersky and it told me that adwcleaner is attempting to get access to malware, and it detected, trojan.msil.tpyn.edw and it's location was c:\users\CrisYouSasy...cal\rgmsService\sp.dll I turned off Kaspersky and did not allow it to delete.

Thank you for letting me know. You don't need to worry about this for now and you can re-enable Kapersky. Should we need to disable it again in the future, I will instruct you to do so.


Please answer the following question..
  • Did you set you Internet Explorer start page to about:blank?
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  • Have you used the DuckDuckGo search engine since we started working together? The entries below weren't in your initial logs..
    CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> DuckDuckGo
    CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list

2017-07-19 17:36 - 2017-07-19 17:37 - 65033984 _____ (Malwarebytes ) C:\Users\CrisYouSasyMedic\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe

While we work together please refrain from downloading/installing any software unless I instruct you to do so.


Now let's get to work! :)

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it ....
Code: Select all
CreateRestorePoint:

HKLM-x32\...\Run: [fst_us_143] => [X]
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [.DEFAULT] => 1
AutoConfigURL: [.DEFAULT] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
ProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
2017-07-11 11:10 - 2017-07-11 11:10 - 13059576 _____ (IObit ) C:\Users\CrisYouSasyMedic\Downloads\sd5_setup.exe
2017-07-20 20:33 - 2017-04-02 11:00 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\LocalLow\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Roaming\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\ProgramData\IObit
2017-07-20 20:33 - 2014-12-16 11:25 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
2017-07-18 20:09 - 2017-04-02 10:59 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-18 16:33 - 2017-04-02 11:00 - 00000000 ____D C:\ProgramData\ProductData
2014-11-08 01:33 - 2014-12-20 13:33 - 0601088 _____ () C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
2014-11-08 01:47 - 2014-10-17 04:39 - 0665682 _____ (SQLite Development Team) C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll
ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
Task: {C6ACC884-109C-43C5-86BA-2D209CA88B41} - System32\Tasks\SnoopRun => C:\ProgramData\Snoop\Snoop.exe [2015-05-20] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:11590865 [177]
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6 [330]
AlternateDataStreams: C:\ProgramData\Temp:2AD33723 [326]
AlternateDataStreams: C:\ProgramData\Temp:2AF322BF [312]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:363E775E [182]
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08 [344]
AlternateDataStreams: C:\ProgramData\Temp:491270B8 [314]
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [182]
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7 [346]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [382]
AlternateDataStreams: C:\ProgramData\Temp:98CF1A39 [189]
AlternateDataStreams: C:\ProgramData\Temp:9DBE6481 [130]
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D [165]
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537 [177]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [334]
AlternateDataStreams: C:\ProgramData\Temp:A88BE334 [316]
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A [342]
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA [165]
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B [364]
AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [294]
AlternateDataStreams: C:\ProgramData\Temp:C3899C0B [171]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [178]
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34 [177]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [183]
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [384]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [155]
AlternateDataStreams: C:\ProgramData\Temp:F9F58B80 [180]
AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [146]
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF [171]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [370]

Hosts:
EmptyTemp:
RemoveProxy:
CMD: ipconfig /flushdns

  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST
  • Please post me the log

Next..

I need you to run a search using FRST..
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer;SearchProtect;Smartbar;pepe;8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD;Muvic

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... SearchReg.txt
    • Please post it in your next reply.

Please let me know how your computer is behaving now.

-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following my instructions?
  • Answer to my questions
  • fixlog.txt
  • SearchReg.txt
  • Update on your computer
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 21st, 2017, 8:39 pm

Hi mAl, SO. the computer never seems to save the FRST Scanner so I keep re downloading it, anyway, I downloaded it and then followed your instructions. I think. I hit scan, then hit the ctrl + Y and a note pad did open, and I know I'm supposed to select all from the below to copy and paste it into the notepad. So I got it into the notepad, but the scanner was still scanning, so when the scanner is done scanning do I copy and paste what's on the notepad into the scanner box along with all the other stuff it scanned then hit the ctrl + S to save the notepad into the scanner? then hit the fix button? so that means the notepad will be copied and pasted inside the scanner box with all of the scanner contents. :? and then I post that on the next reply?. I'm just not sure if the scanner box is supposed to be all ready full of newly scanned items. thanks again chris
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 22nd, 2017, 8:47 am

Hi Chris,

CrisYouSasyMedic1 wrote:SO. the computer never seems to save the FRST Scanner so I keep re downloading it

Your last scan showed that you saved it in your downloads folder. From now on it would be best if you saved all tools to your desktop and if this issue persists then we might have to look into it.
Running from C:\Users\CrisYouSasyMedic\Downloads


CrisYouSasyMedic1 wrote:I hit scan, then hit the ctrl + Y

I didn't ask you to select scan. Please try to follow the instructions again, but this time don't select scan.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 22nd, 2017, 8:11 pm

Hi mAl here is the Fixlog, hope you did not want the other one.

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by CrisYouSasyMedic (22-07-2017 16:52:26) Run:1
Running from C:\Users\CrisYouSasyMedic\Downloads
Loaded Profiles: CrisYouSasyMedic (Available Profiles: CrisYouSasyMedic)
Boot Mode: Normal
==============================================

fixlist content:
*****************

*****************


==== End of Fixlog 16:52:26 ====
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 22nd, 2017, 8:39 pm

Hi mAL, and here is the other thing you requested. oops, I already posted the fix log. Sorry. there's so much to do that I get lost. only problem is I get myself confused. and last question, the computer seems to be doing okay, I have not seen the "blue page with the unhappy smiley face" oh and, about the search engine Duck&Go I did not use it but, yahoo kept coming up and I use google so I went in and unchecked browser boxes that I did not want to use, so now Google just comes up. and sometimes when I use internet explorer I'll get a "about blank" page. hope I did not over look any more questions. thanks again.

Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by CrisYouSasyMedic (22-07-2017 17:14:43)
Running from C:\Users\CrisYouSasyMedic\Downloads
Boot Mode: Normal

================== Search Files: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer;SearchProtect;Smartbar;pepe;8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD;Muvic" =============

====== End of Search ======
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 23rd, 2017, 6:08 am

Hi Chris,

CrisYouSasyMedic1 wrote:Sorry. there's so much to do that I get lost. only problem is I get myself confused.

Yes I understand. From now on I will limit to one task per post. Sounds good?

Now what confuses me is that the fixlog you provided is completely empty, which might mean that the fix simply didn't run. Just to be on the safe side I will ask you to run another scan with FRST in this post.
Note: Do not attempt to run the fix again.

================== Search Files:


You have to be very careful when following my instructions and this something I can't stress enough. I asked you to select "Search Registry" and not "Search Files"... We are using powerful tools to clean your computer and if you don't follow my instructions to the letter, then it could cause some serious damage to your PC. In this case no harm was done, but next time might be an entirely different story.


I need to see a fresh FRST log..


  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following my instructions?
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 23rd, 2017, 8:41 pm

Hi mAL, sorry about all the confusion I caused. Okay, so, I'll post the new FRST on this post and then post the Addition in the next reply.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by CrisYouSasyMedic (administrator) on PHOEBE (23-07-2017 17:35:07)
Running from C:\Users\CrisYouSasyMedic\Downloads
Loaded Profiles: CrisYouSasyMedic (Available Profiles: CrisYouSasyMedic)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-07-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [fst_us_143] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-18\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [.DEFAULT] => 1
AutoConfigURL: [.DEFAULT] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
ProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{D0600494-FF46-4F60-9071-FD07C03BE4CF}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{E749224B-6AB3-4438-8228-838FD66382DF}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{FD97FA4C-C7F3-42D7-B1E4-95BC3C83E5B0}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.facebook.com/topic/Philip-S ... 6727169189
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: nq0t1376.default-1499983540924
FF ProfilePath: C:\Users\CrisYouSasyMedic\AppData\Roaming\Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924 [2017-07-23]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924 -> Google
FF Homepage: Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924 -> hxxps://www.facebook.com/
FF Extension: (Firefox Search Test) - C:\Users\CrisYouSasyMedic\AppData\Roaming\Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-07-13]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-19]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-05-20] ()

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> DuckDuckGo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Slides) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-08]
CHR Extension: (Google Docs) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-08]
CHR Extension: (Google Drive) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-08]
CHR Extension: (YouTube) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-08]
CHR Extension: (Kaspersky Protection) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-08]
CHR Extension: (Google Sheets) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-08]
CHR Extension: (Google Docs Offline) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-29]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/deta ... ijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/deta ... ijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-16] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-07-11] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2014-12-07] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-12-07] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197312 2017-07-19] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [520152 2017-07-19] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1021624 2017-07-19] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-01-02] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-07-07] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-07-11] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2015-09-11] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 17:16 - 2017-07-23 17:17 - 00042098 _____ C:\Users\CrisYouSasyMedic\Downloads\Addition.txt
2017-07-23 17:14 - 2017-07-23 17:35 - 00020823 _____ C:\Users\CrisYouSasyMedic\Downloads\FRST.txt
2017-07-23 16:51 - 2017-07-23 16:51 - 02382336 _____ (Farbar) C:\Users\CrisYouSasyMedic\Downloads\FRST64.exe
2017-07-22 16:47 - 2017-07-22 16:47 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-21 09:54 - 2017-07-21 18:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-19 22:20 - 2017-07-19 22:20 - 00301344 _____ C:\Windows\Minidump\071917-32250-01.dmp
2017-07-19 17:36 - 2017-07-19 17:37 - 65033984 _____ (Malwarebytes ) C:\Users\CrisYouSasyMedic\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-19 11:11 - 2017-07-19 11:10 - 01021624 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-07-19 11:11 - 2017-07-19 11:10 - 00199640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2017-07-19 11:11 - 2017-07-19 11:10 - 00197312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-07-19 11:10 - 2017-07-19 11:05 - 00520152 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-07-18 20:45 - 2017-07-20 20:25 - 00000000 ____D C:\AdwCleaner
2017-07-17 20:06 - 2017-07-17 20:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PHOEBE-Windows-8.1-(64-bit).dat
2017-07-17 20:06 - 2017-07-17 20:06 - 00000000 ____D C:\RegBackup
2017-07-17 20:05 - 2017-07-17 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-07-17 20:05 - 2017-07-17 20:05 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-17 20:04 - 2017-07-18 20:41 - 00034332 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-07-16 13:24 - 2017-07-16 13:24 - 00000000 ____D C:\Computer Back Up C Drive
2017-07-16 12:23 - 2017-07-16 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-07-16 12:23 - 2017-07-16 12:23 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-07-15 17:30 - 2017-07-19 22:20 - 544536674 _____ C:\Windows\MEMORY.DMP
2017-07-15 17:30 - 2017-07-15 17:31 - 00313632 _____ C:\Windows\Minidump\071517-31453-01.dmp
2017-07-15 11:33 - 2017-07-23 17:33 - 00003226 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCrisYouSasyMedic
2017-07-15 11:33 - 2017-07-23 17:33 - 00000390 _____ C:\Windows\Tasks\HPCeeScheduleForCrisYouSasyMedic.job
2017-07-14 13:07 - 2017-07-23 17:35 - 00000000 ____D C:\FRST
2017-07-13 15:40 - 2017-07-21 00:37 - 00001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-13 15:40 - 2017-07-21 00:37 - 00001168 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-13 15:38 - 2017-07-13 15:38 - 45060264 _____ C:\Users\CrisYouSasyMedic\Downloads\Firefox Setup 54.0.1.exe
2017-07-13 10:25 - 2017-07-13 10:25 - 00301344 _____ C:\Windows\Minidump\071317-37953-01.dmp
2017-07-12 14:33 - 2017-07-12 14:34 - 00305440 _____ C:\Windows\Minidump\071217-36796-01.dmp
2017-07-12 14:07 - 2017-06-29 17:27 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 14:07 - 2017-06-29 17:27 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 17:00 - 2017-06-28 23:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-11 17:00 - 2017-06-28 23:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-11 17:00 - 2017-06-28 22:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-11 17:00 - 2017-06-28 22:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-11 17:00 - 2017-06-28 22:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-11 17:00 - 2017-06-28 22:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-11 17:00 - 2017-06-28 22:17 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-11 17:00 - 2017-06-28 22:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-11 17:00 - 2017-06-28 22:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-11 17:00 - 2017-06-28 21:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-11 17:00 - 2017-06-28 21:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-11 17:00 - 2017-06-28 21:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-11 17:00 - 2017-06-28 21:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-11 17:00 - 2017-06-28 21:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-11 17:00 - 2017-06-28 21:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-11 17:00 - 2017-06-28 21:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-11 17:00 - 2017-06-28 21:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-11 17:00 - 2017-06-28 21:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-11 17:00 - 2017-06-28 21:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-11 17:00 - 2017-06-28 21:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-11 17:00 - 2017-06-27 07:29 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-11 17:00 - 2017-06-27 07:29 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-11 17:00 - 2017-06-27 07:26 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-11 17:00 - 2017-06-27 07:26 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 17:00 - 2017-06-22 07:22 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-11 17:00 - 2017-06-17 09:45 - 03631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-11 17:00 - 2017-06-17 09:34 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-11 17:00 - 2017-06-17 09:11 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-11 17:00 - 2017-06-17 09:05 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-11 17:00 - 2017-06-15 15:02 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-11 17:00 - 2017-06-15 06:45 - 07440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 01674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-11 17:00 - 2017-06-15 06:45 - 01534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 01499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-11 17:00 - 2017-06-15 06:45 - 01370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 00086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-11 17:00 - 2017-06-11 17:06 - 00376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-11 17:00 - 2017-06-11 15:21 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-11 17:00 - 2017-06-11 14:43 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-11 17:00 - 2017-06-11 14:25 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-11 17:00 - 2017-06-11 14:15 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-11 17:00 - 2017-06-11 14:08 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-11 17:00 - 2017-06-11 14:07 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-11 17:00 - 2017-06-11 14:00 - 00962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-11 17:00 - 2017-06-11 13:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-11 17:00 - 2017-06-11 13:40 - 01323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-11 17:00 - 2017-06-11 13:35 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-11 17:00 - 2017-06-11 13:31 - 00781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-11 17:00 - 2017-06-11 08:15 - 02013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-11 17:00 - 2017-06-06 13:52 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-11 17:00 - 2017-06-06 13:42 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-11 17:00 - 2017-06-06 13:38 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-11 17:00 - 2017-06-06 13:36 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-11 17:00 - 2017-06-06 13:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-11 17:00 - 2017-06-06 13:35 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-11 17:00 - 2017-06-06 12:13 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-11 17:00 - 2017-06-06 12:08 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-11 17:00 - 2017-06-06 12:03 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-11 17:00 - 2017-06-06 11:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-11 17:00 - 2017-06-06 11:57 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-11 17:00 - 2017-06-06 11:56 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-11 17:00 - 2017-06-06 11:03 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-11 17:00 - 2017-06-03 09:27 - 02346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-11 17:00 - 2017-06-03 09:03 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-11 17:00 - 2017-05-31 14:20 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-11 17:00 - 2017-05-15 15:09 - 00057688 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-11 17:00 - 2017-05-15 13:03 - 00379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-11 17:00 - 2017-05-09 07:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-11 17:00 - 2017-05-09 07:35 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-11 17:00 - 2017-05-09 07:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-11 17:00 - 2017-05-09 07:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-11 17:00 - 2017-05-09 07:28 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-11 17:00 - 2017-05-09 07:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-11 17:00 - 2017-05-09 07:12 - 00448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-11 17:00 - 2017-05-06 09:45 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-11 17:00 - 2017-05-06 09:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-11 17:00 - 2017-05-02 13:09 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-11 17:00 - 2017-05-02 13:08 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-11 17:00 - 2017-05-02 13:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-11 17:00 - 2017-05-02 11:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-11 17:00 - 2017-05-02 11:31 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-11 17:00 - 2017-05-02 11:31 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-11 17:00 - 2017-05-02 10:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-11 17:00 - 2017-04-30 09:48 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-07-11 17:00 - 2017-04-27 18:13 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-11 17:00 - 2017-04-27 18:11 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-11 16:49 - 2017-05-03 16:11 - 00103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-11 16:49 - 2017-05-03 06:43 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-11 11:10 - 2017-07-11 11:10 - 13059576 _____ (IObit ) C:\Users\CrisYouSasyMedic\Downloads\sd5_setup.exe
2017-07-08 11:11 - 2017-07-08 11:12 - 00301344 _____ C:\Windows\Minidump\070817-41468-01.dmp
2017-07-08 10:12 - 2017-03-30 06:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-07-08 10:08 - 2017-05-14 12:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-07-08 10:08 - 2017-05-14 12:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-07-08 10:08 - 2017-05-14 11:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-08 10:08 - 2017-05-12 08:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-07-08 10:08 - 2017-05-12 08:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-07-08 10:08 - 2017-05-12 08:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-07-08 10:08 - 2017-05-12 08:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-07-08 10:08 - 2017-05-11 19:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-08 10:08 - 2017-05-11 19:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-08 10:08 - 2017-05-11 19:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-08 10:08 - 2017-05-11 19:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-07-08 10:08 - 2017-05-11 19:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-08 10:08 - 2017-05-11 19:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-08 10:08 - 2017-05-11 19:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-08 10:08 - 2017-05-11 16:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-07-08 10:08 - 2017-05-11 16:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-07-08 10:08 - 2017-05-06 09:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-07-08 10:08 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-08 10:08 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-08 10:08 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-08 10:08 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-08 10:08 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-08 10:08 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-08 10:08 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-08 10:08 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-08 10:08 - 2017-04-16 00:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-08 10:08 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-08 10:08 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-08 10:08 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-08 10:08 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-08 10:08 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-08 10:08 - 2017-04-16 00:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-08 10:08 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-08 10:08 - 2017-04-09 15:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-08 10:08 - 2017-04-09 15:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-08 10:08 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-07-08 10:08 - 2017-02-01 12:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-08 10:07 - 2017-06-02 05:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-08 10:07 - 2017-06-02 05:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-08 10:07 - 2017-06-02 05:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-08 10:07 - 2017-06-02 05:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-07-08 10:07 - 2017-06-02 05:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-08 10:07 - 2017-06-02 04:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-08 10:07 - 2017-06-02 03:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-08 10:07 - 2017-06-02 03:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-08 10:07 - 2017-06-02 03:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-08 10:07 - 2017-06-02 02:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-08 10:07 - 2017-05-15 12:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-07-08 10:07 - 2017-05-14 13:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-07-08 10:07 - 2017-05-14 13:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-07-08 10:07 - 2017-05-14 11:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-07-08 10:07 - 2017-05-14 11:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-07-08 10:07 - 2017-05-12 10:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-07-08 10:07 - 2017-05-12 09:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-07-08 10:07 - 2017-05-12 09:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-07-08 10:07 - 2017-05-11 21:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-07-08 10:07 - 2017-05-11 19:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-07-08 10:07 - 2017-05-11 19:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-07-08 10:07 - 2017-05-10 11:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-07-08 10:07 - 2017-05-06 09:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-07-08 10:07 - 2017-04-16 03:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-08 10:07 - 2017-04-16 03:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-07-08 10:07 - 2017-04-16 02:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-07-08 10:07 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-08 10:07 - 2017-04-16 01:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-07-08 10:07 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-08 10:07 - 2017-04-16 01:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-07-08 10:07 - 2017-04-16 00:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-07-08 10:07 - 2017-04-16 00:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-07-08 10:07 - 2017-04-16 00:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-07-08 10:07 - 2017-04-06 10:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-08 10:07 - 2017-04-06 10:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-07-08 10:07 - 2017-04-06 09:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-08 10:07 - 2017-04-06 09:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-08 10:07 - 2017-04-06 09:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-08 10:07 - 2017-04-06 09:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-07-08 10:07 - 2017-04-06 09:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-08 10:07 - 2017-04-06 08:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-07-08 10:07 - 2017-04-02 07:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-07-08 10:07 - 2017-03-31 16:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-07-08 10:07 - 2017-03-31 14:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-07-08 10:07 - 2017-03-13 09:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-07-08 10:07 - 2017-03-13 09:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-07-08 10:07 - 2017-03-13 09:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-07-08 10:07 - 2017-03-13 09:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-07-08 10:07 - 2017-03-13 09:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-07-08 10:07 - 2017-03-13 09:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-07-08 10:07 - 2017-03-12 08:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-07-08 10:07 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-07-08 10:07 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-07-08 10:07 - 2017-03-10 16:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-07-08 10:07 - 2017-03-09 13:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-07-08 10:07 - 2017-03-09 12:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-07-08 10:07 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-07-08 10:07 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-07-08 10:07 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-07-08 10:07 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-07-08 10:07 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-07-08 10:07 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-07-08 10:07 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-07-08 10:07 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-07-08 10:07 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-07-08 10:07 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-07-08 10:07 - 2017-02-10 12:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-08 10:07 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-07-08 10:07 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-07-08 10:07 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-07-08 10:07 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-07-08 10:07 - 2017-02-01 12:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-08 10:07 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-07-08 10:07 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-07-08 10:07 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-07-08 10:07 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-07-08 10:07 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-07-08 10:07 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-07-08 10:07 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-07-08 10:07 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-07-08 10:07 - 2017-01-11 10:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-07-08 10:07 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-07-08 10:07 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-07-08 10:07 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-07-08 10:07 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-07-08 10:07 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-07-08 10:07 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-07-08 10:07 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-07-08 10:07 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-07-08 10:07 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-07-08 10:07 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-07-08 10:07 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-07-08 10:07 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-07-08 10:07 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-07-08 09:47 - 2017-02-04 10:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-07-08 09:47 - 2017-02-04 10:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-07-08 09:46 - 2017-02-09 07:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-07-08 09:46 - 2017-02-09 07:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-07-08 09:46 - 2017-02-09 07:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-07-08 09:46 - 2017-02-04 12:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-07-08 09:46 - 2017-02-04 12:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-07-08 09:46 - 2017-02-04 10:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-07-08 09:46 - 2017-02-04 10:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-07-08 09:46 - 2017-02-04 10:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-07-08 09:46 - 2017-02-04 10:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-07-08 09:46 - 2017-01-21 14:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-07-08 09:46 - 2017-01-21 12:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-08 09:46 - 2017-01-21 12:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-08 09:46 - 2017-01-21 11:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-08 09:46 - 2017-01-21 11:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-08 09:46 - 2017-01-14 10:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-07-07 19:34 - 2017-07-07 19:33 - 00136416 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2017-07-07 19:08 - 2017-07-07 19:08 - 00002173 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-07-07 19:08 - 2017-07-07 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 17:19 - 2016-11-19 09:02 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\LocalLow\Mozilla
2017-07-23 15:25 - 2014-12-23 23:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-07-23 15:09 - 2017-03-15 16:33 - 00000000 ____D C:\Users\CrisYouSasyMedic\Documents\Youcam
2017-07-23 15:08 - 2014-05-18 20:08 - 00000000 ___DO C:\Users\CrisYouSasyMedic\SkyDrive
2017-07-22 16:36 - 2013-08-25 23:09 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-22 16:36 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2017-07-22 16:33 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2017-07-22 16:31 - 2014-05-15 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-22 16:31 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-22 16:30 - 2014-01-27 09:17 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-22 16:30 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-21 09:24 - 2014-05-15 18:11 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-28108215-2538129268-678420320-1002
2017-07-21 00:32 - 2014-12-16 11:25 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
2017-07-20 20:49 - 2014-01-27 09:27 - 00000000 ____D C:\ProgramData\Temp
2017-07-20 20:47 - 2015-05-19 13:30 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Roaming\vlc
2017-07-20 20:33 - 2017-04-02 11:00 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\LocalLow\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Roaming\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\ProgramData\IObit
2017-07-20 13:23 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-20 13:23 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-19 22:25 - 2014-05-16 02:06 - 00000000 ____D C:\Users\CrisYouSasyMedic
2017-07-19 22:20 - 2015-01-21 17:40 - 00000000 ____D C:\Windows\Minidump
2017-07-19 11:11 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-07-18 20:09 - 2017-04-02 10:59 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-18 16:33 - 2017-04-02 11:00 - 00000000 ____D C:\ProgramData\ProductData
2017-07-14 14:27 - 2017-04-02 10:56 - 00000000 ____D C:\meghantools
2017-07-13 16:14 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2017-07-13 15:47 - 2017-04-02 11:16 - 00000000 ____D C:\Program Files\Recuva
2017-07-13 12:35 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-12 14:46 - 2015-04-16 10:54 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-12 14:46 - 2015-03-13 12:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-07-12 14:44 - 2013-08-22 07:44 - 00429184 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 14:25 - 2014-05-18 21:37 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 14:12 - 2014-05-18 21:37 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 21:00 - 2014-05-15 21:41 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 21:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 21:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\inetsrv
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-08 10:45 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-07-08 10:44 - 2014-01-27 10:35 - 00188674 ____N C:\Windows\Minidump\070817-49218-01.dmp
2017-07-08 10:11 - 2013-08-22 06:25 - 00000322 _____ C:\Windows\win.ini
2017-07-07 19:13 - 2014-05-16 02:06 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Local\Packages
2017-07-07 19:11 - 2016-04-08 21:42 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-07 19:11 - 2016-04-08 21:42 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-07 18:56 - 2015-03-05 15:58 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-07 18:56 - 2015-03-05 15:58 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-04-02 10:29 - 2017-04-02 10:29 - 0004096 ____H () C:\Users\CrisYouSasyMedic\AppData\Local\keyfile3.drm
2014-08-09 14:55 - 2014-08-09 14:55 - 0000017 _____ () C:\Users\CrisYouSasyMedic\AppData\Local\resmon.resmoncfg
2014-07-29 17:18 - 2014-07-29 17:20 - 0000356 _____ () C:\ProgramData\aygdr_save.log

Some files in TEMP:
====================
2014-11-08 01:33 - 2014-12-20 13:33 - 0601088 _____ () C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
2014-11-08 01:47 - 2014-10-17 04:39 - 0665682 _____ (SQLite Development Team) C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-20 22:54

==================== End of FRST.txt ============================
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 23rd, 2017, 8:44 pm

Hi again mAl, now I'll post the Addition. I realized why one of the posts were blank. I hit the reply button instead of the submit button.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by CrisYouSasyMedic (23-07-2017 17:36:19)
Running from C:\Users\CrisYouSasyMedic\Downloads
Windows 8.1 (Update) (X64) (2014-05-16 09:06:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-28108215-2538129268-678420320-500 - Administrator - Disabled)
CrisYouSasyMedic (S-1-5-21-28108215-2538129268-678420320-1002 - Administrator - Enabled) => C:\Users\CrisYouSasyMedic
CrisY_000 (S-1-5-21-28108215-2538129268-678420320-1003 - Limited - Enabled)
Guest (S-1-5-21-28108215-2538129268-678420320-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-545aa1e8-471e-4efc-9132-05ed45152c29) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-1e350cce-7b1c-4aba-800c-48716cc60bcc) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{DEF2600B-C52F-441E-B0C9-88B09DC2F412}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent (HKLM-x32\...\{759FC370-E77F-4FB0-A1E4-C0628A44BA44}) (Version: 1.00.0000 - Valusoft)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-31e4b974-5ded-4ae1-b46b-5ff648b1c47f) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-e7e48931-095a-4f37-8a4f-5cec7d34907d) (Version: 2.2.0.98 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-8c19759a-cabd-43b3-bd5d-b7053214531c) (Version: 2.2.0.97 - WildTangent) Hidden
Britannica World's Best Solitaire (HKLM-x32\...\World's Best Solitaire) (Version: 2.00.07.01.23 - Selectsoft Publishing)
Build-a-lot (HKLM-x32\...\WTA-0c411bb9-99b4-41e0-87f8-cf5a0fdcaeb7) (Version: 2.2.0.98 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-a7a7a624-9c9a-4a09-b37e-5018aac5e0ca) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-5ce6c8ea-49a4-49ae-a2a0-63135c500875) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-1c705dda-d638-41bc-a916-f43c491cb09a) (Version: 3.0.2.32 - WildTangent) Hidden
Cursed Fates - The Headless Horseman (HKLM-x32\...\Cursed Fates - The Headless Horseman) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Dimensions: City of Fog (HKLM-x32\...\BFG-Dark Dimensions - City of Fog) (Version: - )
Dark Mysteries - The Soul Keeper (HKLM-x32\...\Dark Mysteries - The Soul Keeper) (Version: - )
Dark Tales: Edgar Allan Poes The Premature Burial (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poes The Premature Burial) (Version: - )
Dark Tales: ™ Edgar Allan Poe's The Black Cat (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Black Cat) (Version: - )
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-d6fcbbb6-022d-4052-abfb-445d19c7578d) (Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Echoes of Sorrow (HKLM-x32\...\Echoes of Sorrow) (Version: 1.0 - Alawar Entertainment Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
F.A.C.E.S. Collector's Edition (HKLM-x32\...\BFG-F.A.C.E.S. Collector's Edition) (Version: - )
Farm Frenzy (HKLM-x32\...\WTA-c878aac2-8d29-448a-b55c-6ced49637f6d) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-22115ff0-9e95-4430-83e0-8c15907f00ed) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-a6e76048-f70e-40a5-82eb-84d2c73ebbda) (Version: 2.2.0.110 - WildTangent) Hidden
Gravely Silent: House of Deadlock Collector's Edition (HKLM-x32\...\BFG-Gravely Silent - House of Deadlock Collector's Edition) (Version: - )
Grim Tales: The Bride (HKLM-x32\...\BFG-Grim Tales - The Bride) (Version: - )
Grim Tales: The Legacy (HKLM-x32\...\BFG-Grim Tales - The Legacy) (Version: - )
Haunted Halls: Green Hills Sanitarium (HKLM-x32\...\BFG-Haunted Halls - Green Hills Sanitarium) (Version: - )
Haunted Halls: Green Hills Sanitarium Strategy Guide (HKLM-x32\...\BFG-Haunted Halls - Green Hills Sanitarium Strategy Guide) (Version: - )
Haunted Legends: The Bronze Horseman Collectors Edition (HKLM-x32\...\BFG-Haunted Legends - The Bronze Horseman Collectors Edition) (Version: - )
Haunted Legends: The Queen of Spades (HKLM-x32\...\BFG-Haunted Legends - The Queen of Spades) (Version: - )
Haunted Manor: Lord of Mirrors (HKLM-x32\...\BFG-Haunted Manor - Lord of Mirrors) (Version: - )
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-3eb54275-1f3d-47ab-8e8c-6b37c2d659be) (Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.4.19.3 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Utility Center (HKLM\...\{1D7EB7E7-0B5D-4A23-A383-7EF133090026}) (Version: 2.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
Jewel Match 3 (HKLM-x32\...\WTA-53496468-739f-4daf-9999-b9823f027c89) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-a2762c91-c502-413d-b757-56b815bdf8e7) (Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
King Oddball (HKLM-x32\...\WTA-907c9196-a16f-45e5-a836-05147a403026) (Version: 3.0.2.48 - WildTangent) Hidden
Lost Souls - Enchanted Paintings (HKLM-x32\...\Lost Souls - Enchanted Paintings) (Version: - )
Luxor Evolved (HKLM-x32\...\WTA-9eb69b18-6608-4ff1-8350-e995d8ababd0) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-23824612-adb6-4c7f-82f1-9dd8c09a2271) (Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Muvic Smartbar Engine (HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\{08998c2c-b970-4110-8c1f-7a405e284254}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Mystery Case Files: Escape from Ravenhearst (HKLM-x32\...\BFG-Mystery Case Files - Escape from Ravenhearst) (Version: - )
Mystery Case Files: Return to Ravenhearst ™ (HKLM-x32\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version: - )
Mystery Legends: Beauty and the Beast (HKLM-x32\...\BFG-Mystery Legends - Beauty and the Beast) (Version: - )
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-50c81989-bd06-4041-8bdb-eda6e3d4d7c6) (Version: 2.2.0.98 - WildTangent) Hidden
Mystery Stories - Mountains of Madness (HKLM-x32\...\Mystery Stories - Mountains of Madness) (Version: - )
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Peggle Nights (HKLM-x32\...\WTA-0e60c1aa-64c9-4531-9872-3a621c04d3ad) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-d3d51d38-13a3-439b-bae0-0bed6cb0d74c) (Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-d59a1ddd-8827-4478-848e-257c8f7479e0) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-f8868715-8d23-4c71-af13-b5a6c2175bd3) (Version: 2.2.0.97 - WildTangent) Hidden
Punch! Home and Landscape (HKLM-x32\...\{5AB52F3C-23C7-4FB2-9285-C0C0635CABCC}) (Version: 15.0.2 - Punch! Software, LLC)
Puran File Recovery 1.2.1 (HKLM\...\Puran File Recovery_is1) (Version: - Puran Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Redemption Cemetery: Curse of the Raven (HKLM-x32\...\BFG-Redemption Cemetery - Curse of the Raven) (Version: - )
Redemption Cemetery: Grave Testimony (HKLM-x32\...\BFG-Redemption Cemetery - Grave Testimony) (Version: - )
Redemption Cemetery: Salvation of the Lost (HKLM-x32\...\BFG-Redemption Cemetery - Salvation of the Lost) (Version: - )
RGMUpdater Monetization Control (HKLM-x32\...\RGMUpdater Monetization Controlcc56729e-9fc2-4c79-a5a8-77edc7087390) (Version: 2.2.0322.1140 - )
Roads of Rome 3 (HKLM-x32\...\WTA-70ef15d1-43a2-4071-8a27-85587e95d13e) (Version: 2.2.0.98 - WildTangent) Hidden
Save Our Spirit (HKLM-x32\...\Save Our Spirit) (Version: - )
Shadow Wolf Mysteries: Bane of the Family (HKLM-x32\...\BFG-Shadow Wolf Mysteries - Bane of the Family) (Version: - )
Shadow Wolf Mysteries: Curse of the Full Moon (HKLM-x32\...\BFG-Shadow Wolf Mysteries - Curse of the Full Moon) (Version: - )
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Spirits of Mystery: Amber Maiden (HKLM-x32\...\BFG-Spirits of Mystery - Amber Maiden) (Version: - )
Spirits of Mystery: Song of the Phoenix (HKLM-x32\...\BFG-Spirits of Mystery - Song of the Phoenix) (Version: - )
Spirits of Mystery: The Dark Minotaur (HKLM-x32\...\BFG-Spirits of Mystery - The Dark Minotaur) (Version: - )
Stray Souls: Dollhouse Story (HKLM-x32\...\Stray Souls: Dollhouse Story) (Version: 1.0 - Alawar Entertainment Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.20 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-872c36de-ad44-4735-9234-d2cb8c4438f9) (Version: 2.2.0.110 - WildTangent) Hidden
The Stanwick Mystery (HKLM-x32\...\The Stanwick Mystery) (Version: - )
The Treasures of Mystery Island: The Ghost Ship (HKLM-x32\...\The Treasures of Mystery Island: The Ghost Ship) (Version: 1.0 - Alawar Entertainment Inc.)
Theatre of the Absurd (HKLM-x32\...\Theatre of the Absurd) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Twisted Lands: Shadow Town (HKLM-x32\...\Twisted Lands: Shadow Town) (Version: - Alawar Entertainment Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-042253bf-b369-4a76-8a8d-34385b3a27fe) (Version: 3.0.2.32 - WildTangent) Hidden
VIVA MEDIA GAME CENTER (HKLM-x32\...\VIVAGplayer) (Version: 1.2010.6.23 - INTENIUM GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player and Options (HKLM\...\Windows_Media_Player_and_Options) (Version: 1.0 - Windows Media Player)
Youda Jewel Shop (HKLM-x32\...\WTA-6e9486f2-21c3-4e1b-9e8e-05e37eae6809) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-b45c4bdc-7269-49b7-9ac0-6eec63e53b26) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20160726_23_29_18.dll [2016-07-26] (Cyberlink)
ContextMenuHandlers01: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-07-07] (AO Kaspersky Lab)
ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20160726_23_29_18.dll [2016-07-26] (Cyberlink)
ContextMenuHandlers02: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-07-07] (AO Kaspersky Lab)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers04: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-07-07] (AO Kaspersky Lab)
ContextMenuHandlers04: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-06-16] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-07-07] (AO Kaspersky Lab)
ContextMenuHandlers06: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A02AE2E-0E02-44B5-AFE3-9825147E5650} - System32\Tasks\HPCeeScheduleForCrisYouSasyMedic => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1AC2FFDE-EEAA-4CCF-A6D7-F72A5D3F944B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {25940008-B69A-46C8-A4FE-E19A35CAA1B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {49C6ADC9-64BF-4BA0-BBED-3B1D38F030C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {698ABD70-AA44-4AAD-87E0-FEB0F98BFD31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {7F81666A-DFA1-4BD6-8F50-F319CA696E7B} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {84B69169-74D2-4D2F-B612-4FBB73350FB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {8B3E53B9-12C4-4EB2-994F-B00E1CAC9C2E} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {8DBBF1B1-72E2-4AC3-8A32-F2BC7CFC3C54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {A9A19964-88D2-400B-B24C-38354CA2CFA6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-11] (Synaptics Incorporated)
Task: {AC455EC3-D9E1-436B-95D0-A3408D1EE9E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {C6ACC884-109C-43C5-86BA-2D209CA88B41} - System32\Tasks\SnoopRun => C:\ProgramData\Snoop\Snoop.exe [2015-05-20] () <==== ATTENTION
Task: {EC3BE2BC-4F14-454A-9A88-DB88B654BB61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {F31F0122-E83C-4FF7-81C1-05B3CF6A59CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForCrisYouSasyMedic.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\CrisYouSasyMedic\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-06-16 09:18 - 2014-06-16 09:18 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-06-16 09:17 - 2014-06-16 09:17 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-06-28 01:19 - 2016-06-28 01:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:11590865 [177]
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6 [330]
AlternateDataStreams: C:\ProgramData\Temp:2AD33723 [326]
AlternateDataStreams: C:\ProgramData\Temp:2AF322BF [312]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:363E775E [182]
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08 [344]
AlternateDataStreams: C:\ProgramData\Temp:491270B8 [314]
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [182]
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7 [346]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [382]
AlternateDataStreams: C:\ProgramData\Temp:98CF1A39 [189]
AlternateDataStreams: C:\ProgramData\Temp:9DBE6481 [130]
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D [165]
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537 [177]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [334]
AlternateDataStreams: C:\ProgramData\Temp:A88BE334 [316]
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A [342]
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA [165]
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B [364]
AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [294]
AlternateDataStreams: C:\ProgramData\Temp:C3899C0B [171]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [178]
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34 [177]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [183]
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [384]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [155]
AlternateDataStreams: C:\ProgramData\Temp:F9F58B80 [180]
AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [146]
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF [171]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [370]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2016-04-08 21:50 - 00000853 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-28108215-2538129268-678420320-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\CrisYouSasyMedic\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\StartupApproved\Run: => "Power2GoExpress8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{24923E29-0F7A-421E-A76A-767933901AB8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CC0F9C4B-D164-4F83-A55D-D87127AFD8BA}] => (Allow) LPort=2869
FirewallRules: [{363FA916-6FDD-4C77-ABC1-526528DEDAB9}] => (Allow) LPort=1900
FirewallRules: [{D748616C-2F0C-4249-A544-784F5E97AFEA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12978DEF-9119-451A-83B3-B7D82A72B9E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7493C0AD-1994-4336-9041-B01F30BF2E39}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8574F11-9CBB-442E-B9EC-DCD8397DBCEE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F57B076A-6497-45EA-B125-62955C24C2AD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EE6C99D9-22CF-4C29-AB3E-38DECFA38F28}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E12649A7-5D39-4027-84B7-B7F4BEDDA31E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BA62EBB9-D39B-4E33-833F-3494D2094622}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FAFF9AF1-B0FD-4D70-8AEE-1DA6EDFAC89C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A204196-7661-4019-86E4-55A50EB63ED7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E4D15090-59F4-409B-A3EF-BDD0ACB30DC4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{80AB0DE4-E7E6-404B-9A82-83EEF8667756}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A8122D55-EF7B-424B-911B-1E084CC80487}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DAA686F6-88E4-49A6-B734-2BE10C02B610}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B470643-88E6-41FC-9535-0BA4EBD9447E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32E2C987-FF2A-4894-AEC5-0BD4820C0180}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BE72A120-555C-4C9F-A54D-AD2B59379358}] => (Block) LPort=445
FirewallRules: [{064D5996-D9F7-4DDE-B27A-02F58499BAD2}] => (Block) LPort=445
FirewallRules: [TCP Query User{3EE957C0-D930-4936-955A-9E4CB0AFC458}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96DB8D41-7430-4B68-8F22-30CFD5879128}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

08-07-2017 09:45:17 Windows Update
12-07-2017 14:01:08 Windows Update
15-07-2017 18:57:43 Windows Backup
15-07-2017 19:04:55 Windows Backup
15-07-2017 19:09:26 Windows Backup
15-07-2017 19:15:11 Windows Backup
15-07-2017 20:02:23 Windows Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2017 05:55:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHOEBE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/22/2017 04:36:28 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (07/22/2017 04:31:52 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (07/21/2017 12:15:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/21/2017 12:08:50 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (07/20/2017 10:32:35 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (07/20/2017 08:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x16bc
Faulting application start time: 0x01d301d424945642
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 90f9149f-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x16bc
Faulting application start time: 0x01d301d424945642
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 9047acd2-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 67f3fe1b-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 67b13d03-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (07/22/2017 05:55:21 PM) (Source: DCOM) (EventID: 10010) (User: PHOEBE)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (07/22/2017 04:31:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Print Spooler service terminated with the following error:
%%2147944140 = The endpoint is a duplicate.

Error: (07/21/2017 12:08:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Print Spooler service terminated with the following error:
%%2147944140 = The endpoint is a duplicate.

Error: (07/21/2017 12:08:34 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (07/21/2017 12:08:34 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (07/21/2017 12:08:24 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (07/20/2017 08:40:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Print Spooler service terminated with the following error:
%%2147944140 = The endpoint is a duplicate.

Error: (07/20/2017 08:38:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (07/20/2017 08:38:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (07/20/2017 08:38:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll


==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3537.01 MB
Available physical RAM: 1867.48 MB
Total Virtual: 7121.01 MB
Available Virtual: 5146.28 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.77 GB) (Free:359.05 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.22 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 179F6E94)

Partition: GPT.

==================== End of Addition.txt ============================
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 24th, 2017, 2:27 am

Hi Chris,

I need you to run a search using FRST..

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer;SearchProtect;Smartbar;pepe;8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD;Muvic

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... SearchReg.txt
    • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problems while following my instructions?
  • SearchReg.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 24th, 2017, 7:06 pm

Hi mAL, here is the Search from the Registry.


Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by CrisYouSasyMedic (24-07-2017 16:02:09)
Running from C:\Users\CrisYouSasyMedic\Downloads
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer;SearchProtect;Smartbar;pepe;8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD;Muvic" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows_Media_Player_and_Options]
"InstallData"="<Offer>
<Name>Search Protect</Name>
<Path></Path>
<Uninstaller>
<Action>
<Name>run</Name>
<Arg>Conduit</Arg>
</Action>
</Uninstaller>
<Id>1980</Id>
</Offer>
<Offer>
<Name>Web Guard</Name>
<Path></Path>
<Uninstaller>
<Action>
<Name>run</Name>
<Arg></Arg>
</Action>
</Uninstaller>
<Id>5465</Id>
</Offer>
<Offer>
<Name>Boost</Name>
<Path></Path>
<Uninstaller>
<Action>
<Name>run</Name>
<Arg></Arg>
</Action>
</Uninstaller>
<Id>3485</Id>
</Offer>
<Offer>
<Name>Driver Restore</Name>
<Path></Path>
<Uninstaller>
<Action>
<Name>run</Name>
<Arg>{pf32}\Driver Restore\Driver Restore\ ISUninstall.exe</Arg>
</Action>
</Uninstaller>
<Id>2618</Id>
</Offer>
<Software>
<Name>Windows Media Player</Name>
<Uninstaller>
<Action>
<Name>run</Name>
<Arg></Arg>
</Action>
</Uninstaller>
<Id>142</Id>
</Software>
<Installer>
<Session>ce01570c-8705-11e4-9d71-040106530401</Session>
<Click>a3c97c58-8705-11e4-a7dd-067557e3cb21</Click>
<Bundle>ftucuo66</Bundle>
<Reg_Key>Windows_Media_Player_and_Options</Reg_Key>
</Installer>"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"


===================== Search result for "trolltech" ==========

[HKEY_USERS\.DEFAULT\Software\Trolltech]

[HKEY_USERS\.DEFAULT\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QBearerEngineFactoryInterface:]

[HKEY_USERS\.DEFAULT\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Trolltech]

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]


===================== Search result for "Smartbar" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\016A7206F164D5243BE66200904CD4AC]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\016A7206F164D5243BE662E09C4CD4AC]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B51A54BED003754EB928BEF1B2E8A42]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B51AA2BED003754EB928BEF1B2E8A42]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B61AA2BED003754EB929BEF1B2E8A42]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B6A7206F164D5243BE662E09C4CD4AC]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\116A7206F164D5243BE662E09C4CD4AC]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\216A7206F164D5243BE66288984CD4AC]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\216A7206F164D5243BE662E09C4CD4AC]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\2E35213FD461DD045869F4E01B62B2BE]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\32123894481B5D040B0F8C26B6D7A878]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\40623894481B5D040B0F8C26B6D7A878]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\433F92F177200FF478C2D32BB923656E]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\43F238B8E12237E46A4AFF0CB31E2ECC]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\4CD231EF64D076744824027B43D7B1AD]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\55D0E21DCD38B8E40BA0517C0D9CCCE0]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\59F397F664A6B044BA5150D20FA0AD67]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\8B257988D95DB864CAF8EF451C5B3ECE]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\93D6CC2FC9612424E87EB7375E2FC46C]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73868888]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D61A81]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D68A82]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB88D68A82]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A143CF598A8430D4BB0E71700E8C09C5]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A805D820868346044B5BDD92EB6CA6C3]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A9AB3AEAE939E984293B9178134BD540]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB33A9FC4CD]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\C4FE6082BC8553B4B91EC0FE408D71DA]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F71A]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F72A]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F73A]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\D0386F2D6FEAFBC45BFCAFE158BF5064]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\D40B7F324393F624DACA80C397004DA1]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\DF0B7F324F93FE24DBCA80C397004DF2]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E13864C95DCE91247A4435FFDA762754]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E2647758E1ED7134F8C4259CC51A2AA8]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF1]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF2]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF3]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF4]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF5]
"A0108BE1134FF8F478A405B6B2153F2D"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D\InstallProperties]
"InstallSource"="C:\Users\CRISYO~1\AppData\Local\Temp\smartbar\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D\InstallProperties]
"DisplayName"="Muvic Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\sb.host]
""="C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\sb.host.json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}]
"InstallSource"="C:\Users\CRISYO~1\AppData\Local\Temp\smartbar\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}]
"DisplayName"="Muvic Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Smartbar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"Path"="C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\"

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D]
"ProductName"="Muvic Smartbar"

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D\SourceList]
"LastUsedSource"="n;1;C:\Users\CRISYO~1\AppData\Local\Temp\smartbar\"

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D\SourceList\Net]
"1"="C:\Users\CRISYO~1\AppData\Local\Temp\smartbar\"

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}]
"DisplayName"="Muvic Smartbar Engine"

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}]
"DisplayIcon"="C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\SmartbarInstallationIcon.ico"


===================== Search result for "pepe" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager]
"DirMonEventLogThresholdPerScopePerHour"="5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\Gathering Manager]
"DirMonEventLogThresholdPerScopePerHour"="5"


===================== Search result for "8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\Layers\VC32Ldr]
"{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb"="130644596970806621"


===================== Search result for "Muvic" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
"Params"="AgentName=RGMUpdater Barcode=46679989 ChannelId=989 DeviceId=9774d868-e1c8-8b0e-cd14-940d38b837c2 Distributer=MuvicAMBS ProductName=Search PublisherName=Veristaff.com Inc ShowToolbar=false StandAlone=false update=true BarcodeId=46679989 ChannelId=989 DeviceId=9774d868-e1c8-8 InstallerVersion=2.0.0.9 DeviceId=9774"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D\InstallProperties]
"DisplayName"="Muvic Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}]
"DisplayName"="Muvic Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
"Params"="AgentName=RGMUpdater Barcode=46679989 ChannelId=989 DeviceId=9774d868-e1c8-8b0e-cd14-940d38b837c2 Distributer=MuvicAMBS ProductName=Search PublisherName=Veristaff.com Inc ShowToolbar=false StandAlone=false update=true BarcodeId=46679989 ChannelId=989 DeviceId=9774d868-e1c8-8 InstallerVersion=2.0.0.9 DeviceId=9774"

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D]
"ProductName"="Muvic Smartbar"

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Muvic.exe"="9999"

[HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}]
"DisplayName"="Muvic Smartbar Engine"

====== End of Search ======
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 25th, 2017, 4:15 pm

Hi Chris,

Please run the following fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
CreateRestorePoint:

HKLM-x32\...\Run: [fst_us_143] => [X]
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [.DEFAULT] => 1
AutoConfigURL: [.DEFAULT] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
ProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> DuckDuckGo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
2017-07-11 11:10 - 2017-07-11 11:10 - 13059576 _____ (IObit ) C:\Users\CrisYouSasyMedic\Downloads\sd5_setup.exe
2017-07-20 20:33 - 2017-04-02 11:00 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\LocalLow\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Roaming\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\ProgramData\IObit
2017-07-20 20:33 - 2014-12-16 11:25 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
2017-07-18 20:09 - 2017-04-02 10:59 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-18 16:33 - 2017-04-02 11:00 - 00000000 ____D C:\ProgramData\ProductData
2014-11-08 01:33 - 2014-12-20 13:33 - 0601088 _____ () C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
2014-11-08 01:47 - 2014-10-17 04:39 - 0665682 _____ (SQLite Development Team) C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll
ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
Task: {C6ACC884-109C-43C5-86BA-2D209CA88B41} - System32\Tasks\SnoopRun => C:\ProgramData\Snoop\Snoop.exe [2015-05-20] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:11590865 [177]
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6 [330]
AlternateDataStreams: C:\ProgramData\Temp:2AD33723 [326]
AlternateDataStreams: C:\ProgramData\Temp:2AF322BF [312]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:363E775E [182]
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08 [344]
AlternateDataStreams: C:\ProgramData\Temp:491270B8 [314]
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [182]
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7 [346]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [382]
AlternateDataStreams: C:\ProgramData\Temp:98CF1A39 [189]
AlternateDataStreams: C:\ProgramData\Temp:9DBE6481 [130]
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D [165]
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537 [177]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [334]
AlternateDataStreams: C:\ProgramData\Temp:A88BE334 [316]
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A [342]
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA [165]
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B [364]
AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [294]
AlternateDataStreams: C:\ProgramData\Temp:C3899C0B [171]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [178]
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34 [177]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [183]
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [384]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [155]
AlternateDataStreams: C:\ProgramData\Temp:F9F58B80 [180]
AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [146]
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF [171]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [370]
C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar
C:\Users\CRISYO~1\AppData\Local\Temp\smartbar

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\016A7206F164D5243BE66200904CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\016A7206F164D5243BE662E09C4CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B51A54BED003754EB928BEF1B2E8A42]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B51AA2BED003754EB928BEF1B2E8A42]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B61AA2BED003754EB929BEF1B2E8A42]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\0B6A7206F164D5243BE662E09C4CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\116A7206F164D5243BE662E09C4CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\216A7206F164D5243BE66288984CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\216A7206F164D5243BE662E09C4CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\2E35213FD461DD045869F4E01B62B2BE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\32123894481B5D040B0F8C26B6D7A878]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\40623894481B5D040B0F8C26B6D7A878]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\433F92F177200FF478C2D32BB923656E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\43F238B8E12237E46A4AFF0CB31E2ECC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\4CD231EF64D076744824027B43D7B1AD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\55D0E21DCD38B8E40BA0517C0D9CCCE0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\59F397F664A6B044BA5150D20FA0AD67]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\8B257988D95DB864CAF8EF451C5B3ECE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\93D6CC2FC9612424E87EB7375E2FC46C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73868888]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D61A81]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D68A82]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A0AEB88D68A82]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A143CF598A8430D4BB0E71700E8C09C5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A805D820868346044B5BDD92EB6CA6C3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\A9AB3AEAE939E984293B9178134BD540]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB33A9FC4CD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\C4FE6082BC8553B4B91EC0FE408D71DA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F71A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F72A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\CA86D8ADF7525524299E35592473F73A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\D0386F2D6FEAFBC45BFCAFE158BF5064]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\D40B7F324393F624DACA80C397004DA1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\DF0B7F324F93FE24DBCA80C397004DF2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E13864C95DCE91247A4435FFDA762754]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E2647758E1ED7134F8C4259CC51A2AA8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Components\E5ADE64D843807D4997A4AFC96B78EF5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-28108215-2538129268-678420320-1002\Products\A0108BE1134FF8F478A405B6B2153F2D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\Layers\VC32Ldr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Startup.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Smartbar]
[-HKEY_USERS\.DEFAULT\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Installer\Products\A0108BE1134FF8F478A405B6B2153F2D]
[-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08998c2c-b970-4110-8c1f-7a405e284254}]
[-HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Trolltech]

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\sb.host|""
DeleteValue: HKEY_USERS\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Muvic.exe

Hosts:
EmptyTemp:
RemoveProxy:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following my instructions?
  • fixlog.txt
  • Update on your computer's behaviour
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 27th, 2017, 9:16 pm

Hi mAl, it doesn't look like my reply saved. question, after i copy and paste the above in the note pad, and put it in the FRST scanner, do I hit the scan button or the search button before I hit the Fix button? I copied and pasted it in the scanner and hit the fix button but it would not fix it. so I'm thinking I missed a step. Sorry. Chris
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 28th, 2017, 6:31 am

Hi Chris,

I copied and pasted it in the scanner and hit the fix button but it would not fix it. so I'm thinking I missed a step.


I never asked you to copy/paste in the scanner...

I told you before that you should follow my instructions to the letter, otherwise you could cause serious damage to your computer. Given what you wrote in your last reply, I can clearly see that you haven't done this and it's really starting to make me nervous. We can try to do the fix one more time, but if you don't bother reading the instructions I give you, then we will have to look at other options, such as reformating or possibly even taking your computer to a repair shop. In any case, you can consider this my last warning.

Please reply to let me know that you have read and understood this post.


mAL
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 28th, 2017, 4:51 pm

I clicked start, I opened search programs/files, I clicked enter, a blank notepad opened, I copy/pasted the contents of he code box, then I saved it to the FRST folder/diretory, naming it Fixlist.txt and left it there. then I started FRST sa instructed and pushed the fix button once and waited, but there was nothing in the scanner for it to fix, there was no fixlist.txst to process, there was no log, you never asked me to scan or put anything in the scanner, so then what is it supposed to fix?? when I pressed fix once as you stated a box popped up and said "no fixlist.txt found the fixlist should be in the same folder/directory the tool is located, you should read your own instructions. I did everything exactly following your instructions. I am assuming there has to be something in the scanner for it to fix otherwise I have nothing to post for you. the fixlist still sits in the folder. I have decided that you ARE EXTREMELY RUDE, you do not have the temperament to help. I'm not an idiot. I told you I am not computer savvy. Your instructions seemed to be missing a step. I have been courteous and friendly and grateful for your help and this is how you talk to me. You make me very nervous because you leave out important instructions. I no longer trust your help no do I want it. Thanks for nothing. I hope your supervisor sees this post. Go ahead and follow the above instructions to the letter and you tell me what you get. I did exactly what you said and the scanner produced nothing at all when I hit the fix button once how is it supposed to process the fixlist if it is not in there.
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 28th, 2017, 5:11 pm

Hi Chris,

My intention was never to be rude and if this is the way my last post appeared, then I am truly sorry. Your previous post mentioned that you copied/pasted the contents into the scanner and I thought you had pasted the fix into the FRST "search" box.

I would be happy to keep working with you on this issue with you if you want.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 125 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware