Jump to content

Parkerma

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral

About Parkerma

  • Birthday 03/22/1958

Recent Profile Visitors

3,422 profile views
  1. Dear Ron Lewis, Forum Community Manager I am still receiving all of your emails to all the people you are helping. For some reason I get a copy of them all. There are currently 38 notifications in my inbox after I have deleted at least 50 others. I originally followed the directive from you: Malwarebytes Forums Hi Parkerma, AdvancedSetup has posted a comment on a topic, Finds problems but won't list or remove them AdvancedSetup said: Please follow the advice from @pondus and someone will be happy to assist you further with your issues @Njem Thank you Go to this post I did what was said in this post: Malwarebytes Forums Hi Parkerma, AdvancedSetup has posted a comment on a topic, Community.Intuit.com DNS issues AdvancedSetup said: Okay sounds good. I'll move your post to the Malware Removal section where others are not allowed to post. Please let me get a new set of FRST logs and run the following for me as well. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Make sure you place a check mark in the Additions check box to get a new log for that as well. Next, Please create an mbam-check log: Download mbam-check.exe from here and save it to your desktop Double-click on mbam-check.exe to run it, it should then open a log file Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post Next, Please download MiniToolBox save it to your desktop and run it. Checkmark the following check-boxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump Files Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using Reset FF Proxy Settings option Firefox should be closed. When I completed this and sent it to @pondus, I was chastised by him and told that I did not follow directions. I was advised to go back and re-read the directions and do it correctly. I let him know that I had 50 some emails with directions and was having much difficulty sorting through all of them because of all the strokes I have had. It was much to complicated. Now I await clarification but only received another 38 of your emails to others. Please, would you help me to get this straightened out Ron? Have a terrific July 4th holiday weekend! Warmest Regards, Michael
  2. Sorry, I posted my Farbar text on the wrong thread Ron, I could not delete it. Here it is. Hi Ron, Thanks again Ron. Michael
  3. Hi Ron, I did as you said and was able to rerun the scan. I did a screen save of the 11 "List of found threats". I am now trying to export them to the desktop as requested but it keeps going back to the File name entry and highlighting the (*.txt) area like it wants me to name it something but I am not sure what to name it for it to save. It is stuck at this screen. I'm glad I did a screen save because this may be all we get for a log. I must say, I am not surprised in the least, that threats were found in this location. Remember that I told you I was hacked and documents taken. These are all legal documents in my defense. The only thing left were PDF document empty shells with the name of the document but the documents had no text. I was fortunate that I had them backed up & saved. But that's old news and there is nothing I can do now. Please advise me if there is a name I should enter to save or if the screen save is sufficient. I will not do STEP 7 until I hear back from you. Thank you kindly for your last patient reply. Kind Regards, Michael
  4. Hi Ron, I think I may have made a mistake. Because I am using Firefox, I had to first download the ESET Smart Installer. I did this and it downloaded then went into scan mode. I expected it to be 2 step process. After a while I realized that it was actually doing the full scan not just a pre-scan for Firefox. It was an hour into the scan and I stopped it because I needed to: 1. Make sure that the option Remove found threats is unticked 2. Click on Advanced Settings and ensure these options are ticked: 3. Scan for potentially unwanted applications 4. Scan for potentially unsafe applications 5. Enable Anti-Stealth Technology The scan stopped and I went back to the point where I had to click To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET Smart Installer. for any browser other than IE to do the down load. I did this again and after it downloaded I saw where the changes needed to be made but it was not intuitive like the instructions because the selections where formatted differently than the instructions. Anyway, when I opened up advance settings I could see that the Make sure that the option Remove found threats is unticked box was there and it was ticked. I then followed the instructions which were a bit different from what I was seeing but it all looked good to go. I did not click "Finish" on the prior scan I stopped because I wanted to make sure it did not remove the threats per instructions. I attempted to re-scan but received an error message. I have two screen saves to show the status. I am basically stuck until I hear from you I guess. I hope I have not deleted anything and that not having click "Finish" prevented this. I just can't get it to re-run the scan. My apologies if I wasted your time Ron. Michael
  5. One last question Ron. I attached a screen save of a program that has been listed in my Control Panel for quite a while and unable to uninstall: SavingsBull. I'm not sure if this is bad but it certainly is a ghost when it comes to detection. Just wondering. Hope to hear from you soon. Regards, Michael
  6. Hi Ron. I ran AdwCleaner. You instructed me to uncheck elements I don't want removed. I'm a stupid man Ron. I don't know enough to make that decision without creating a problem (e.g.) I have no idea what swdumon service is. I have attached the log file for your review. Please advise me on this. I still have the Dos box from JRT.exe open on my desk top as well and it will not close. I will not move onto STEP 6 until I hear from you. Thanks again. Michael # AdwCleaner v5.110 - Logfile created 12/04/2016 at 16:07:42 # Updated 10/04/2016 by Xplode # Database : 2016-04-11.4 [Server] # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (X64) # Username : Dad - DAD-PC # Running from : C:\Users\Dad\Desktop\AdwCleaner.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** Service Found : swdumon ***** [ Folders ] ***** Folder Found : C:\Program Files\WebBar Folder Found : C:\Program Files (x86)\driverupdate Folder Found : C:\ProgramData\InstallSightSDK Folder Found : C:\ProgramData\TweakBit Folder Found : C:\ProgramData\Application Data\InstallSightSDK Folder Found : C:\ProgramData\Application Data\TweakBit Folder Found : C:\Users\Dad\AppData\Roaming\K9AMW Folder Found : C:\Windows\SysNative\Tasks\TweakBit Folder Found : C:\Windows\SysNative\Tasks\TweakBit Folder Found : C:\Windows\SysWOW64\C2MP ***** [ Files ] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk File Found : C:\Users\Dad\Documents\WinZip Driver Updater.lnk File Found : C:\Windows\efix.ini File Found : C:\Windows\SysNative\roboot64.exe File Found : C:\Windows\SysNative\drivers\swdumon.sys ***** [ DLL ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh Key Found : HKLM\SOFTWARE\Classes\s Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall Firefox Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1 Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Key Found : HKLM\SOFTWARE\Classes\CLSID\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622} Key Found : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622} Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\DownloadAdmin Key Found : HKCU\Software\eFix Key Found : HKCU\Software\K9Tools Key Found : HKCU\Software\SlimWare Utilities Inc Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. Key Found : HKLM\SOFTWARE\K9Tools Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07B4B423-E4DA-47D1-8327-B589EB4BEB58} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{07B4B423-E4DA-47D1-8327-B589EB4BEB58} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{177CD779-4EEC-43C5-8DEA-4E0EC103624B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CrimeWatch Key Found : [x64] HKLM\SOFTWARE\eFix Key Found : [x64] HKLM\SOFTWARE\WebBar Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\APN PIP Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\DownloadAdmin Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\eFix Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\K9Tools Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\SlimWare Utilities Inc Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{07B4B423-E4DA-47D1-8327-B589EB4BEB58} Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{177CD779-4EEC-43C5-8DEA-4E0EC103624B} Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1} Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05} Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CrimeWatch Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85 Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85 Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8ED25CE3-7189-4B39-9193-1BDCCF5087FC}] Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain] Value Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Codec Settings UAC Manager] ***** [ Web browsers ] ***** [C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "Ask Web Search"); [C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "Ask Web Search"); [C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._dpMembers_.toolbar.ownSearch", true); [C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false); [C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", ""); [C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "findyourmaps@mindspark.com"); [C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mysearch.avg.com [C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : delta-homes [C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com [C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com ************************* C:\AdwCleaner\AdwCleaner[S1].txt - [11110 bytes] - [12/04/2016 16:07:42] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11184 bytes] ##########
  7. Thanks Ron. I have every thing. I disabled my virus then Right clicked on JRT.exe to run as administrator. It never gave an option for XP. It just opened a Dos box: Attached screen save. It says to press any key to continue but I didn't. I instead right clicked on the JRT.exec again and went to properties. I clicked compatibility tab and checked the XP box then right clicked again to run as administrator. The scan started and completed: Attached both Text & Additional files here. The black Dos box remains on my desk top opened and will not close. Task manager will not close it either. Should I continue to STEP 5 with the box open? I will wait to hear from you. Michael Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01 Ran by Dad (administrator) on DAD-PC (12-04-2016 15:10:40) Running from C:\Users\Dad\Desktop Loaded Profiles: Dad (Available Profiles: Dad & Super Dad) Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Storage Appliance Corp.) C:\ProgramData\Clickfree\C2NPlus\UACProxy.exe (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\ENAgent.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE ( ) C:\Windows\System32\lxdicoms.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe (Storage Appliance Corporation) C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE (IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Wondershare Software) C:\Program Files (x86)\Wondershare\VCU\VideoConverterUltimate.exe () C:\Program Files (x86)\Wondershare\VCU\CrashService.exe () C:\Program Files (x86)\Wondershare\VCU\WsTaskLoad.exe (Wondershare) C:\Program Files (x86)\Wondershare\VCU\MetadataConvert.exe (Microsoft Corporation) C:\Windows\System32\wercon.exe (Malwarebytes) C:\Users\Dad\Desktop\JRT.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [45056 2009-02-26] (IOI) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [FaxCenterServer] => "C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe" /s HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-05] () HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] () HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [LedKey] => CNYHKey.exe HKLM-x32\...\Run: [LchDrvKey] => LchDrvKey.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation) HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\C2MP\UpdateChecker.exe" HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [ABBYY Screenshot Reader Bonus] => [X] HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [SacReminderHDDV2N] => C:\ProgramData\Clickfree\C2NPlus\reminder\SacReminder.exe [870224 2011-01-20] (Storage Appliance Corp.) HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {0c54785a-95e1-11e4-900f-001d72bd14f3} - G:\LG_PC_Programs.exe HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {52ab114b-ccd5-11e4-9a11-240008000297} - G:\EasySuite.exe HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {61de5038-2569-11e3-b660-001d72bd14f3} - G:\StartClickFreeBackup.exe HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {cec0494c-cd0b-11e4-93c2-806e6f6e6963} - G:\EasySuite.exe HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {cec04aba-cd0b-11e4-93c2-240008000297} - G:\EasySuite.exe HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2006-11-02] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [Norton Download Manager{NF30052-PROD-FSD40014}] => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe /m HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD6492710294] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54b9838f" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6492710294 /f Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-11-11] ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.twc.com/ BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKU\S-1-5-21-1002242135-839824054-2149840056-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File FireFox: ======== FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353 FF DefaultSearchEngine: Ask Web Search FF DefaultSearchEngine.US: Google FF SelectedSearchEngine: Ask Web Search FF Homepage: hxxps://webmail.roadrunner.com/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-11] () FF Plugin: @Citrix.com/npagee64,version=9.3.62.4 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2013-04-17] (Citrix Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-11] () FF Plugin-x32: @Citrix.com/npagee,version=9.3.62.4 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2013-04-17] (Citrix Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Dad\AppData\Roaming\mozilla\plugins\npagee.dll [2013-04-17] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Dad\AppData\Roaming\mozilla\plugins\npagee64.dll [2013-04-17] (Citrix Systems, Inc.) FF Extension: Easy Screenshot - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\extensions\easyscreenshot@mozillaonline.com [2015-11-08] FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-03-28] FF Extension: Media Player for YouTube™ - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\Extensions\jid1-dgnICqQgv2AUZw@jetpack.xpi [2015-09-03] FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-03-18] FF Extension: YouTube MP3 Downloader for Firefox - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\Extensions\youtubemp3downloaderextension2014_mozilafirefox@jetpack.xpi [2015-08-22] FF Extension: YouTube Flash Video Player - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-25] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-20] [not signed] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-17] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFFw => not found FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi Chrome: ======= CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx <not found> CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CFUACProxy_c2nplus; C:\ProgramData\Clickfree\C2NPlus\UACProxy.exe [87368 2010-07-08] (Storage Appliance Corp.) R2 ENAgent; C:\Windows\SysWOW64\ENAgent.exe [4209856 2012-07-04] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) U2 iprip; C:\Windows\System32\iprip.dll [34816 2006-11-02] (Microsoft Corporation) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-20] (Microsoft Corporation) R2 lxdi_device; C:\Windows\system32\lxdicoms.exe [876976 2007-04-26] ( ) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [156720 2013-04-17] (Citrix Systems, Inc) S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-20] (Microsoft Corporation) R2 SacNetAgentService_C57C4F854F53; C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [163664 2011-01-20] (Storage Appliance Corporation) R2 SNMP; C:\Windows\System32\snmp.exe [49664 2009-04-11] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2009-04-10] (Microsoft Corporation) S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81408 2009-04-11] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ARCSOFTVIRTUALCAPTURE; C:\Windows\System32\DRIVERS\ArcSoftVirtualCapture.sys [17408 2006-12-08] (ArcSoft, Inc.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-11] (AVG Technologies) R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [102160 2013-04-01] (Citrix Systems, Inc.) R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [46640 2013-04-17] (Citrix Systems, Inc.) R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131160 2011-02-07] (Citrix Systems, Inc.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-12] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-15] () R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-12 15:10 - 2016-04-12 15:11 - 00020063 _____ C:\Users\Dad\Desktop\FRST.txt 2016-04-12 14:53 - 2016-04-12 14:53 - 02375168 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe 2016-04-12 14:51 - 2016-04-12 14:51 - 03465280 _____ C:\Users\Dad\Desktop\AdwCleaner.exe 2016-04-12 14:48 - 2016-04-12 14:48 - 01610352 _____ (Malwarebytes) C:\Users\Dad\Desktop\JRT.exe 2016-04-12 13:07 - 2016-04-12 13:07 - 131827749 _____ C:\Users\Dad\Desktop\Mother Angelica on Blasphemy, the Second Vatican Council, and WYD 1993 - YouTube.mp4 2016-04-12 11:49 - 2016-04-12 11:49 - 00266904 _____ C:\Users\Dad\Desktop\Archery_Public_Forum.pdf 2016-04-11 06:42 - 2016-04-11 06:43 - 00000000 ____D C:\1982-8-14 Wedding Pictures 2016-04-09 18:52 - 2016-04-09 18:52 - 00130593 _____ C:\Users\Dad\Documents\Plea-for-Intolerance by Venerable Fulton J Sheen.pdf 2016-04-09 18:19 - 2016-04-09 18:19 - 01330556 _____ C:\Users\Dad\Documents\papa-francesco_esortazione-ap_20160319_amoris-laetitia_en.pdf 2016-04-09 13:20 - 2016-04-09 13:20 - 00000000 ____D C:\Windows\ERDNT 2016-04-09 13:10 - 2016-04-09 13:47 - 00000000 ____D C:\Program Files (x86)\ERUNT 2016-04-09 13:10 - 2016-04-09 13:10 - 00000725 _____ C:\Users\Super Dad\Desktop\NTREGOPT.lnk 2016-04-09 13:10 - 2016-04-09 13:10 - 00000706 _____ C:\Users\Super Dad\Desktop\ERUNT.lnk 2016-04-09 13:10 - 2016-04-09 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2016-04-09 13:02 - 2016-04-09 13:02 - 00003018 _____ C:\Windows\System32\Tasks\{AEB87ACB-EF06-46ED-9E9F-99D127831634} 2016-04-09 11:46 - 2016-04-09 11:46 - 00791393 _____ (Lars Hederer ) C:\Users\Dad\Desktop\erunt-setup.exe 2016-04-09 11:42 - 2016-04-09 11:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dad\Desktop\rkill.exe 2016-04-09 11:36 - 2016-04-09 11:36 - 00130593 _____ C:\Users\Dad\Desktop\The Venerable Fulton J. Sheen Makes A Plea-for-Intolerance.pdf 2016-04-09 10:02 - 2016-04-09 10:06 - 00000917 _____ C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2016-04-09 09:46 - 2016-04-09 09:47 - 00000000 ____D C:\Users\Dad\Desktop\SSA Appeal 2016-04-09 09:40 - 2016-04-09 09:46 - 00000000 ____D C:\Users\Dad\Desktop\Wisconsin State Licensure Rules and Regulations 2016-04-09 09:28 - 2016-04-09 14:58 - 00000000 ___RD C:\Users\Dad\Desktop\Malwarebytes Anti-Malware Forum Help Record 4-9-2016 2016-04-09 08:48 - 2014-12-02 02:32 - 00005632 _____ C:\Users\Dad\Downloads\SQCLIENT.dat 2016-04-07 18:56 - 2016-04-07 18:56 - 00266904 _____ C:\Users\Dad\Desktop\Archery Public Forum.pdf 2016-03-28 21:13 - 2016-03-28 21:13 - 00001062 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk 2016-03-28 21:13 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll 2016-03-28 21:13 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\WSCM32.dll 2016-03-18 23:19 - 2016-03-19 06:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-12 15:10 - 2015-08-09 15:46 - 00000000 ____D C:\FRST 2016-04-12 14:37 - 2015-09-04 10:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-04-12 14:37 - 2014-12-28 15:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-04-12 14:37 - 2006-11-02 10:22 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-12 14:37 - 2006-11-02 10:22 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-11 18:13 - 2016-02-20 19:39 - 00000000 ___RD C:\Users\Dad\Desktop\AIM Documents 2016-04-11 17:36 - 2015-05-25 13:41 - 00000000 ____D C:\Users\Dad\Desktop\Desktop Images USMC and Bald Eagle 2016-04-11 17:08 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\tracing 2016-04-11 17:00 - 2013-09-20 13:50 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps 2016-04-11 08:37 - 2015-09-04 10:10 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-04-11 08:37 - 2015-09-04 10:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-11 08:37 - 2015-09-04 10:10 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-04-10 13:27 - 2013-09-26 07:54 - 00000000 ____D C:\Patio Progress 7-20-2011 2016-04-09 18:30 - 2014-03-12 22:34 - 00003670 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6BB2B7CB-1751-46A3-BB2F-9972F419953C} 2016-04-09 16:04 - 2013-09-18 21:19 - 00079360 _____ C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-04-09 12:43 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf 2016-04-09 12:43 - 2006-11-02 07:46 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-09 12:37 - 2015-08-19 13:21 - 00015886 _____ C:\Windows\SysWOW64\‰š‹œž‘’“”•–—˜™š›œžÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ1 2016-04-09 12:37 - 2015-04-17 13:32 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-04-09 12:37 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-09 12:36 - 2006-11-02 10:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-04-09 09:38 - 2016-03-04 18:44 - 00000000 ____D C:\Users\Dad\Desktop\ARRT Investigation 2016-04-09 09:37 - 2015-11-03 16:43 - 00000000 ___RD C:\Users\Dad\Desktop\Veteran Affairs Benefits MHV Records 2016-04-09 09:32 - 2015-09-18 13:27 - 00000000 ___RD C:\Users\Dad\Desktop\Attorney Mark Gustafson 2016-03-30 00:31 - 2015-11-03 16:37 - 00000000 ___RD C:\Users\Dad\Desktop\My Mother Mary Folder Confraternity 10-13-15 & Consecration 12-8-15 2016-03-29 10:39 - 2015-08-23 14:55 - 00000000 ___RD C:\Users\Dad\Desktop\Poetry 2016-03-28 21:13 - 2015-07-02 00:03 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2016-03-28 19:30 - 2014-02-22 21:12 - 00000000 ____D C:\Users\Dad\Desktop\Aurora DAD's Stuff He Can't Wait To Get Rid Of 2016-03-28 15:09 - 2015-08-10 19:59 - 00000000 ___RD C:\Users\Dad\Desktop\Supply Technician 2016-03-28 13:34 - 2015-07-02 23:03 - 00000000 ___RD C:\Users\Dad\Desktop\Surgical Technician 2016-03-28 13:33 - 2015-03-30 17:44 - 00000000 ____D C:\Users\Dad\Desktop\All Things USA Jobs 2016-03-25 14:27 - 2015-01-16 00:53 - 00000000 ___RD C:\Users\Dad\Desktop\2014 Resumes, Cover letters and References 2016-03-25 13:58 - 2015-09-04 11:11 - 00000000 ___RD C:\Users\Dad\Desktop\USPS JOBS 2016-03-25 12:54 - 2015-06-30 11:53 - 00012926 _____ C:\Users\Dad\Desktop\Envelope Template Legal Size Use Ctrl P to print page 1 only.odt 2016-03-23 04:31 - 2014-12-28 15:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-03-23 03:46 - 2014-12-28 15:29 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-03-23 03:46 - 2014-12-28 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-03-20 14:13 - 2013-10-03 15:03 - 00000000 ____D C:\Users\Super Dad 2016-03-19 06:38 - 2015-08-14 23:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-18 23:20 - 2015-01-16 16:58 - 00001827 _____ C:\Windows\wininit.ini ==================== Files in the root of some directories ======= 2013-09-24 17:49 - 2013-10-03 08:59 - 0001428 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat 2014-03-24 00:39 - 2014-03-24 00:39 - 0000680 _____ () C:\Users\Dad\AppData\Local\d3d9caps.dat 2013-09-18 21:19 - 2016-04-09 16:04 - 0079360 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-15 11:04 - 2013-11-15 11:05 - 0423882 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI059E.txt 2015-03-17 13:09 - 2015-03-17 13:09 - 0376830 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI07F6.txt 2015-03-17 13:09 - 2015-03-17 13:09 - 0387430 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI080A.txt 2015-03-17 13:25 - 2015-03-17 13:25 - 0376466 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI13E4.txt 2015-03-17 13:25 - 2015-03-17 13:25 - 0387814 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI13F1.txt 2015-03-16 23:39 - 2015-03-16 23:39 - 0375374 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI1B9E.txt 2015-03-16 23:39 - 2015-03-16 23:39 - 0387814 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI1BFD.txt 2015-03-17 13:36 - 2015-03-17 13:36 - 0376466 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI1C6C.txt 2015-03-17 13:36 - 2015-03-17 13:36 - 0386662 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI1CB1.txt 2014-02-17 14:31 - 2014-02-17 14:31 - 0350006 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI546F.txt 2014-01-31 23:58 - 2014-01-31 23:59 - 0433752 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI55E2.txt 2013-09-24 17:41 - 2013-09-24 17:42 - 0459926 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI5642.txt 2013-09-24 17:42 - 2013-09-24 17:44 - 0463522 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI56F9.txt 2015-03-16 19:55 - 2015-03-16 19:55 - 0376466 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI7029.txt 2015-03-16 19:55 - 2015-03-16 19:55 - 0385510 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI703D.txt 2013-10-13 19:38 - 2013-10-13 19:38 - 0377244 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI7BF4.txt 2013-10-13 19:38 - 2013-10-13 19:38 - 0386474 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI7C28.txt 2013-11-15 11:04 - 2013-11-15 11:05 - 0015288 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI059E.txt 2015-03-17 13:09 - 2015-03-17 13:09 - 0011436 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI07F6.txt 2015-03-17 13:09 - 2015-03-17 13:09 - 0011436 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI080A.txt 2015-03-17 13:25 - 2015-03-17 13:25 - 0011420 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI13E4.txt 2015-03-17 13:25 - 2015-03-17 13:25 - 0011452 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI13F1.txt 2015-03-16 23:39 - 2015-03-16 23:39 - 0011372 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI1B9E.txt 2015-03-16 23:39 - 2015-03-16 23:39 - 0011452 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI1BFD.txt 2015-03-17 13:36 - 2015-03-17 13:36 - 0011420 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI1C6C.txt 2015-03-17 13:36 - 2015-03-17 13:36 - 0011404 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI1CB1.txt 2014-02-17 14:31 - 2014-02-17 14:31 - 0011880 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI546F.txt 2014-01-31 23:58 - 2014-01-31 23:59 - 0024368 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI55E2.txt 2013-09-24 17:41 - 2013-09-24 17:42 - 0011692 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI5642.txt 2013-09-24 17:42 - 2013-09-24 17:44 - 0011708 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI56F9.txt 2015-03-16 19:55 - 2015-03-16 19:55 - 0011420 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI7029.txt 2015-03-16 19:55 - 2015-03-16 19:55 - 0011356 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI703D.txt 2013-10-13 19:37 - 2013-10-13 19:38 - 0011468 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI7BF4.txt 2013-10-13 19:38 - 2013-10-13 19:38 - 0011404 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI7C28.txt 2013-10-18 19:42 - 2013-10-18 19:42 - 0000241 _____ () C:\Users\Dad\AppData\Local\RAExpertHistory.xml 2013-10-12 20:49 - 2013-10-12 21:08 - 0000279 _____ () C:\Users\Dad\AppData\Local\rahistory.xml Files to move or delete: ==================== C:\Users\Dad\Launchpad Removal.exe C:\Users\Dad\LG Phone PelicanExtension.dll C:\Users\Dad\LPSecurityExtension.dll C:\Users\Dad\SanDiskFormatExtension.dll C:\Users\Dad\version.dat Some files in TEMP: ==================== C:\Users\Dad\AppData\Local\Temp\video-converter-ultimate_full975.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-12 13:13 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01 Ran by Dad (2016-04-12 15:11:28) Running from C:\Users\Dad\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) (2013-09-18 01:16:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1002242135-839824054-2149840056-500 - Administrator - Disabled) Dad (S-1-5-21-1002242135-839824054-2149840056-1000 - Administrator - Enabled) => C:\Users\Dad Guest (S-1-5-21-1002242135-839824054-2149840056-501 - Limited - Disabled) SACNETDRIVEUSER01 (S-1-5-21-1002242135-839824054-2149840056-1031 - Limited - Enabled) Super Dad (S-1-5-21-1002242135-839824054-2149840056-1003 - Limited - Enabled) => C:\Users\Super Dad ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation) Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden Citrix Access Gateway Plug-in (HKLM\...\{95D020BA-5CB1-4769-95E5-3BD0C905ECE5}) (Version: 9.3.62.4 - Citrix Systems, Inc.) Clickfree (HKLM-x32\...\Clickfree) (Version: - ) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Files Opened (HKLM-x32\...\Files Opened) (Version: 1.0 - ) Gateway Photo Frame 4.2.3.6 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.6 - I/O Interconnect) Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3006 - Acer Incorporated) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway) LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.) Media Player Codec Pack 4.3.6 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.6 - Media Player Codec Pack) MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden PMB_ServiceUploader (x32 Version: 9.3.00 - Sony Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5807 - Realtek Semiconductor Corp.) Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION) UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: - ) <==== ATTENTION Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1002242135-839824054-2149840056-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1002242135-839824054-2149840056-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1002242135-839824054-2149840056-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {002D6D93-FD5E-4DDE-9993-BA9191AE6E7B} - System32\Tasks\{36109510-F85D-4BE7-91CE-0DFBE4D03751} => pcalua.exe -a C:\Users\Dad\Desktop\20140321-023-i64.exe -d C:\Users\Dad\Desktop Task: {0D10F079-7C62-4772-BBE1-C217890A7CBC} - System32\Tasks\{CDC61E7F-640E-4895-88DD-1BF5DEFB4940} => pcalua.exe -a D:\AutoRun.exe -d D:\ -c autoLaunch Task: {144E5A33-0755-4FA2-B282-3502B4F9D9DC} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\SymErr.exe Task: {18F7636B-E7AF-43CC-B324-56AD65850436} - System32\Tasks\{EB8C5BDE-3C2D-4C3B-BE5F-29615DBCD8BE} => pcalua.exe -a C:\Users\Dad\Downloads\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All.exe -d C:\Users\Dad\Desktop Task: {276896D7-56E0-40D6-A0E2-B55AA54B8AE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {2BF8DA6A-594A-458D-BD15-E274FBBDCA19} - System32\Tasks\{8840EDCE-F1BF-4744-99D7-AED27AF55520} => pcalua.exe -a "C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7T0FOGK\3500-4500.exe" -d C:\Users\Dad\Desktop Task: {35EEB9BE-064A-4D50-BBF1-C5110F5DC25A} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-02-25] (Acer) Task: {3A746D32-0878-4829-9FF9-88A61FB9002E} - System32\Tasks\{2BB1059F-D442-4B59-A37F-C63138FDAB74} => pcalua.exe -a "C:\ProgramData\Wondershare\Video Converter Ultimate\pluginInstall.exe" -d "C:\ProgramData\Wondershare\Video Converter Ultimate" -c "i" "iexplore" Task: {3C482A21-45EC-43F9-B51C-2C406EFFAAC0} - System32\Tasks\{AEB87ACB-EF06-46ED-9E9F-99D127831634} => pcalua.exe -a C:\Users\Dad\Desktop\erunt-setup.exe -d C:\Users\Dad\Desktop Task: {5313B176-942C-435A-8411-ED89A92E401A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {6D37D174-AE0B-4F71-960B-48081DE7E858} - System32\Tasks\{E7EAB071-88CA-4663-84AF-5D6C429EABC6} => pcalua.exe -a "C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKWY8Y6M\3500-4500.exe" -d C:\Users\Dad\Desktop Task: {BA1867B3-4872-4DA2-8243-4C959DE8EE22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-11] (Adobe Systems Incorporated) Task: {BF62F94F-F630-41F0-B43C-1FDA2D47B161} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\SymErr.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-10-11 20:40 - 2007-02-22 02:15 - 00045056 _____ () C:\Windows\System32\LXF3PMON.DLL 2013-10-11 20:39 - 2006-11-07 10:02 - 00036864 _____ () C:\Windows\System32\LXF3OEM.DLL 2013-10-11 20:39 - 2007-02-22 02:11 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll 2013-10-11 20:39 - 2007-02-22 02:15 - 00003584 _____ () C:\Windows\System32\LXF3PMRC.DLL 2014-02-01 20:41 - 2007-03-15 23:11 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdidrpp.dll 2016-03-28 21:13 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll 2016-03-28 21:13 - 2015-02-27 14:54 - 00101376 _____ () C:\Program Files (x86)\Wondershare\VCU\CrashService.exe 2016-03-28 21:13 - 2016-03-21 13:52 - 02228368 _____ () C:\Program Files (x86)\Wondershare\VCU\WsTaskLoad.exe 2009-02-26 15:11 - 2009-02-26 15:11 - 00031744 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll 2009-02-26 15:11 - 2009-02-26 15:11 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll 2015-07-02 00:03 - 2015-04-28 15:22 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2015-07-02 00:03 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00204800 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_Log.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00060416 _____ () C:\Program Files (x86)\Wondershare\VCU\COMSupport.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00081408 _____ () C:\Program Files (x86)\Wondershare\VCU\MP4_http.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00113664 _____ () C:\Program Files (x86)\Wondershare\VCU\DriverMgr.dll 2016-03-28 21:13 - 2015-02-27 14:53 - 00389120 _____ () C:\Program Files (x86)\Wondershare\VCU\WsBurn.dll 2016-03-28 21:13 - 2016-03-18 14:44 - 00368064 _____ () C:\Program Files (x86)\Wondershare\VCU\sqlite3.dll 2016-03-28 21:13 - 2015-02-27 14:54 - 00131584 _____ () C:\Program Files (x86)\Wondershare\VCU\ExceptionHandler.dll 2016-03-28 21:13 - 2015-10-19 16:11 - 00100352 _____ () C:\Program Files (x86)\Wondershare\VCU\TiVoDecode.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00204288 _____ () C:\Program Files (x86)\Wondershare\VCU\XMLRead.dll 2016-03-28 21:13 - 2015-02-27 14:54 - 00158720 _____ () C:\Program Files (x86)\Wondershare\VCU\WSPermissionAccess.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00259584 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_PlayDecMgr.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00065024 _____ () C:\Program Files (x86)\Wondershare\VCU\MediaInfo.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 02324480 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_Image.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00061440 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_Utility.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00129536 _____ () C:\Program Files (x86)\Wondershare\VCU\MPDECSrc.dll 2016-03-28 21:13 - 2015-10-23 14:06 - 04671488 _____ () C:\Program Files (x86)\Wondershare\VCU\libMPKernal.dll 2016-03-28 21:13 - 2015-10-23 14:06 - 16756755 _____ () C:\Program Files (x86)\Wondershare\VCU\libkernaldec.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00114688 _____ () C:\Program Files (x86)\Wondershare\VCU\DVD_DEC.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00276480 _____ () C:\Program Files (x86)\Wondershare\VCU\DVDReader.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00050688 _____ () C:\Program Files (x86)\Wondershare\VCU\DecoderMgr.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00236032 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_VideoSrc.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00119808 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_ImageDecoder.dll 2016-03-28 21:13 - 2015-06-09 15:20 - 00114176 _____ () C:\Program Files (x86)\Wondershare\VCU\DecPlugins\fdpCodec.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 03094016 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_MediaInfoLib.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00138752 _____ () C:\Program Files (x86)\Wondershare\VCU\WSPlayer.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 06755840 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_ImageProc.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00254464 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DataProcess.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00185856 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_ImageDataprocess.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00104960 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_VideoCompositor.dll 2016-03-28 21:13 - 2015-12-01 14:55 - 00540160 _____ () C:\Program Files (x86)\Wondershare\VCU\EffectPlugin.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00123392 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMRecordMgr.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00310784 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMRecord.dll 2016-03-28 21:13 - 2015-10-13 15:33 - 00274944 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_MtEncoderMgr.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00162304 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMAudioRecord.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00166912 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_ItunesHook.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00214016 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMAplVRecord.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00327680 _____ () C:\Program Files (x86)\Wondershare\VCU\HookD3dDll.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00213504 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMWMRecord.dll 2016-03-28 21:13 - 2015-02-27 14:54 - 00078336 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_MutFileInfo.dll 2016-03-28 21:13 - 2015-08-11 15:22 - 00324096 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_WMHook.dll 2016-03-28 21:13 - 2015-10-13 15:33 - 00246784 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_BatchConvProc.dll 2014-12-05 06:40 - 2014-12-05 06:40 - 03502080 _____ () C:\Windows\SysWow64\ffdshow.ax 2016-03-28 21:13 - 2015-12-01 14:55 - 00204800 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_Log.DLL 2016-03-28 21:13 - 2015-02-27 14:54 - 01085440 _____ () C:\Program Files (x86)\Wondershare\VCU\WSMultiTagMgr.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\123simsen.com -> www.123simsen.com There are 7866 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: EPLTarget => ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [{75ABC9FF-58E2-4B5C-B7F5-5E03C96019EE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{C25A4DF5-0AC3-48F4-AC33-196CEE7DE402}] => (Allow) C:\Windows\SysWOW64\lxdicoms.exe FirewallRules: [{FB12A628-A852-4918-B7B7-9BEAACA56A07}] => (Allow) C:\Windows\SysWOW64\lxdicoms.exe FirewallRules: [{3E1E599C-1C95-4E95-9B78-31C4F7DF2FBE}] => (Allow) LPort=80 FirewallRules: [{1297F1FD-EF78-435E-865D-AC30C36744D5}] => (Allow) LPort=80 FirewallRules: [{B48A4C61-31C2-4B83-8CF9-E747F04B9D21}] => (Allow) LPort=80 FirewallRules: [TCP Query User{9BEDA141-E733-428E-A9EE-BB1761BBE104}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\app4r.exe FirewallRules: [UDP Query User{476829FF-19CF-45B7-8036-530371F9D3F3}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\app4r.exe FirewallRules: [{0A24C3E5-A4AA-4684-89B9-F0A59A32A0E0}] => (Allow) C:\Users\Dad\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe FirewallRules: [{0F20BFD9-1F40-4B7A-A28C-21983E5F553D}] => (Allow) C:\Users\Dad\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe FirewallRules: [{65E4B4DC-0500-4328-976A-BBE6D32CE18F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe FirewallRules: [{30B5B8A8-D17C-4E4E-A6B7-A3FC4CBAE345}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe FirewallRules: [{E8A6FDCF-F35C-4A17-8E42-EDF2D540995E}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe FirewallRules: [{C9B24745-9A9D-4AF3-B78B-E73BE45EE6A7}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe FirewallRules: [{782D0C36-04D6-4A83-9C08-BCDAB061E637}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe FirewallRules: [{66610974-BC0C-4D0C-9DE1-E58D961F2321}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe FirewallRules: [{D8FF9D94-6ABB-4D30-BF1A-1E5701C95A49}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe FirewallRules: [{22AF192A-6366-4E6A-8EE7-1498F303399D}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe FirewallRules: [Microsoft-Windows-RemovableStorageManagement-Client-RPCSS-TCP-In] => (Allow) %systemroot%\system32\rsmsink.exe FirewallRules: [Microsoft-Windows-RemovableStorageManagement-Client-DCOM-In] => (Allow) %systemroot%\system32\rsmsink.exe FirewallRules: [{941BDAE1-1DA2-46D8-ACDB-B5B867370DE4}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.exe FirewallRules: [{F7D609B0-9FB1-4512-BC3F-5EBF598A0D75}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.exe FirewallRules: [{171C3EA1-9D3A-471E-8E23-A322DAD56E3D}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{83A7445F-3E37-4B96-8C32-132F45CDB7C1}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{6BF80151-2817-48CC-8904-FF5D7A06DB4F}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{DA44F5FC-3392-4BEC-ABD1-CF6F8065A0DC}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{C5167CFD-9C5D-4BFE-BB61-C3CE8B51D478}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\App4R.exe FirewallRules: [{6F9FB970-2466-4C3F-860C-4E0644C56F43}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\App4R.exe FirewallRules: [TCP Query User{0644BAD6-D252-4CCD-AC9D-8A7D0C8A76A8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{42840378-FA45-4C9F-8892-456D940A3312}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{0C88D8D9-72A3-4E4A-984B-445C32289310}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [{3ED42A3D-5203-48E5-8036-8426FD36360D}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [{12F38F34-D696-4744-9B13-44F8E4E9445A}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [{65151342-0CB6-4A98-B80E-EEC5A58D6CCE}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{CCF3919A-56DC-483C-BEB4-1B040A66B4E2}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{F541BDC3-1E6A-4996-ACB7-DC961CD3F671}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{717A85B1-A57E-417A-878C-A52F75659472}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [{1FB729DE-317F-486D-ACF4-3AF273DE86E0}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [{936381D3-9EA2-40A0-A911-F55013C5F096}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe FirewallRules: [{49DBB8BB-6962-4BAD-A959-E0078A15C7BC}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{D0766F2C-BB24-4948-82B5-244EB78B89D1}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{26746951-289F-4E4A-8C3A-BAE99C305C25}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{F274856A-C6B0-4D6A-9837-5017582D1AC2}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [{9D8A481D-90CB-4EEA-BAC0-FF81BA3527D3}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [{158D5658-964A-4069-BF73-DC6B19F63F2E}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [{6FD23AF6-9F1E-4907-8E7C-E66D87EE8442}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [{188B66D9-BBFE-4DEC-9531-5F08F5BF547C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{36E5B8B4-D4A8-43B8-9EA9-41A32E2511FA}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{8ED25CE3-7189-4B39-9193-1BDCCF5087FC}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe FirewallRules: [{9CB3C17C-3AF0-4651-96D1-9C4EC5056FE4}] => (Allow) C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{2953EEA8-22FF-440D-9615-3449C2426C76}] => (Allow) C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe FirewallRules: [{DF7C2A48-8956-432C-AE43-9A47A6406779}] => (Allow) C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) C:\Windows\system32\tlntsvr.exe FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [TCP Query User{A05F4C83-35B6-406E-8F45-C0F8F0BA1065}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{C319E126-718B-424E-B8F7-A5E997635258}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{0C7D0571-64F0-4D98-BA2C-33FEFCC22182}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3E3E9412-9C4B-4C92-94FB-1E4E5F7ADE9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{A5255FBE-43AA-481F-870E-0777E52E8D82}C:\program files (x86)\wondershare\vcu-bing\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\medialibserver.exe FirewallRules: [UDP Query User{8B891E5C-7254-4656-985E-46AA4320AE5D}C:\program files (x86)\wondershare\vcu-bing\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\medialibserver.exe FirewallRules: [{97E20349-B2DF-4538-9C51-B264A42E8336}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B62E7FC3-8F43-4A3B-BAF6-607178961E31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{8C81DC38-2E69-4DD1-8E1A-234043868054}C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe FirewallRules: [UDP Query User{0EACE961-E833-4D94-B356-697A301E0070}C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe FirewallRules: [TCP Query User{E187F770-4C27-403B-B52F-98A25256B3FA}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [UDP Query User{E0752CDF-B0A2-4D79-9D62-D8D759A5B83F}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe FirewallRules: [{8309098F-5609-4A6E-AC08-E9BE917FB2D2}] => (Allow) C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{B0323E08-1AB5-4294-8618-FBAED40D2B52}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe FirewallRules: [{1EBBFEC1-99D6-432C-A6F2-9FFB9DF8CFC0}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe FirewallRules: [TCP Query User{26796E6F-3946-4416-BDAB-B45A3EE1AF27}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [UDP Query User{83DB88B7-C86F-4162-A889-0217BE8EA281}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe FirewallRules: [TCP Query User{0E8F3209-5572-4D84-BD06-6A52A6C843AF}C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe FirewallRules: [UDP Query User{C7DCF664-E5B2-474B-9A8A-E5E9E9932A61}C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe FirewallRules: [{C0E85A3A-BC33-4A58-AF74-576F75C3A682}] => (Allow) C:\Windows\System32\lxdicfg.exe FirewallRules: [{4CFC60BC-AF59-4412-AB1C-66C95DE054FB}] => (Allow) C:\Windows\System32\lxdicfg.exe FirewallRules: [TCP Query User{1610CB87-99D0-4817-A487-0CD6F08C3DBF}C:\program files (x86)\wondershare\vcu-bing\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\videoconverterultimate.exe FirewallRules: [UDP Query User{D2ED1D9F-6DD4-41C4-82B8-264838CAD99A}C:\program files (x86)\wondershare\vcu-bing\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\videoconverterultimate.exe FirewallRules: [{F7AE2AFB-CADF-4800-9105-76121223B81B}] => (Allow) C:\Windows\system32\tlntsvr.exe FirewallRules: [TCP Query User{3D74A688-A2D2-49C9-BB9C-3476449399CE}C:\program files (x86)\wondershare\vcu-bing\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\urlreqservice.exe FirewallRules: [UDP Query User{E91EBF8B-D635-40F5-9449-F3E39DBEB998}C:\program files (x86)\wondershare\vcu-bing\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\urlreqservice.exe FirewallRules: [TCP Query User{81A509E9-12C9-42D5-A9FD-92B2D24C2515}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe FirewallRules: [UDP Query User{FDD0D045-06E4-4967-A326-B3E94886DF5C}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe FirewallRules: [TCP Query User{8C80A3C8-9E2F-4452-922E-5B8D28AA8269}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe FirewallRules: [UDP Query User{BD1E8AF7-013E-4D05-A660-49377C1A6116}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe ==================== Restore Points ========================= 21-03-2016 09:52:17 Scheduled Checkpoint 22-03-2016 00:00:02 Scheduled Checkpoint 23-03-2016 00:00:05 Scheduled Checkpoint 23-03-2016 14:46:56 Scheduled Checkpoint 24-03-2016 17:39:20 Windows Update 25-03-2016 10:06:16 Scheduled Checkpoint 26-03-2016 09:49:46 Scheduled Checkpoint 27-03-2016 08:46:09 Scheduled Checkpoint 28-03-2016 17:36:14 Scheduled Checkpoint 28-03-2016 21:27:37 Windows Update 29-03-2016 14:51:56 Scheduled Checkpoint 30-03-2016 10:39:33 Scheduled Checkpoint 31-03-2016 06:36:58 Scheduled Checkpoint 01-04-2016 07:53:13 Scheduled Checkpoint 01-04-2016 13:23:21 Windows Update 02-04-2016 07:48:39 Scheduled Checkpoint 03-04-2016 08:58:18 Scheduled Checkpoint 04-04-2016 06:37:41 Scheduled Checkpoint 04-04-2016 14:00:54 Windows Update 06-04-2016 15:39:32 Scheduled Checkpoint 07-04-2016 06:21:11 Scheduled Checkpoint 08-04-2016 00:00:11 Scheduled Checkpoint 09-04-2016 04:08:39 Scheduled Checkpoint 09-04-2016 09:40:07 Windows Update 10-04-2016 00:00:06 Scheduled Checkpoint 11-04-2016 00:00:22 Scheduled Checkpoint 12-04-2016 00:00:05 Scheduled Checkpoint 12-04-2016 12:54:22 Windows Update ==================== Faulty Device Manager Devices ============= Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/11/2016 04:59:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application E_YARNJJE.EXE, version 7.0.1.0, time stamp 0x4f5efe1a, faulting module E_YASOJJE.DLL, version 7.0.9.0, time stamp 0x4f4adfee, exception code 0xc0000005, fault offset 0x000000000004bc76, process id 0x1038, application start time 0xE_YARNJJE.EXE0. Error: (04/09/2016 12:38:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2016 12:24:54 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Notifications for the volume g:\ are not active. Context: Windows Application Details: The device is not ready. (0x80070015) Error: (04/09/2016 12:09:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2016 11:56:57 AM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Notifications for the volume g:\ are not active. Context: Windows Application Details: The device is not ready. (0x80070015) Error: (04/09/2016 10:07:14 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2016 09:54:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2016 09:28:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/07/2016 05:34:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2016 09:49:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/12/2016 12:57:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.217.1180.0){65F70147-454E-48BA-98AB-7521DB8CF1BF}201 Error: (04/12/2016 12:54:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.217.1039.0 Update Source: %NT AUTHORITY59 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/11/2016 01:14:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 115.44.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/11/2016 01:14:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.217.1039.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/11/2016 01:14:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.217.1039.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/11/2016 01:14:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.217.1039.0 Update Source: %NT AUTHORITY59 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/11/2016 12:54:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 115.44.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/11/2016 12:54:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.217.1039.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/11/2016 12:54:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.217.1039.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (04/11/2016 12:54:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.217.1039.0 Update Source: %NT AUTHORITY59 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 CodeIntegrity: =================================== Date: 2016-04-12 15:10:58.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:57.697 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:57.370 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:57.042 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:56.478 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:56.150 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:55.820 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:55.471 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:08.228 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\RtkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-12 15:10:07.893 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\RtkAPO64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz Percentage of memory in use: 60% Total physical RAM: 4060.26 MB Available physical RAM: 1584.19 MB Total Virtual: 8305.52 MB Available Virtual: 4764.52 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:583.17 GB) (Free:344.76 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: CD6556B4) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=583.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  8. Sorry, my mistake Ron. I added a wrong screen save on the last reply. This is the screen save I intended regarding TweakBit.
  9. Hi Ron, These two replies are what I believe you are looking for. Just an FYI on 2 things: 1. Yesterday, before I even accessed your reply, Malwarebytes had completed a routine scan and surprisingly found TweakBit (see attached screen save), something I have been trying to get rid of for some time. As you can see it is quarantined. I will not delete it or do anything else until I hear back from you. 2. Regarding my number 5 screen save for ERUNT, I saw Vista listed as one of the operating systems supported but I do not see it listed on this screen save. Lastly, is "NPETraceSession.etl" anything I need to worry about? I hope I did not forget any attachments. I will not reboot or do anything else until I hear back from you. Thanks again, Parkerma Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/9/2016 Scan Time: 1:23:44 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.04.09.03 Rootkit Database: v2016.04.03.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows Vista Service Pack 2 CPU: x64 File System: NTFS User: Dad Scan Type: Threat Scan Result: Completed Objects Scanned: 378560 Time Elapsed: 31 min, 12 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  10. Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/09/2016 12:49:02 PM in x64 mode. Windows Version: Windows Vista (TM) Home Premium Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\SysWOW64\C2MP\TrayMenu.exe (PID: 2084) [WD-HEUR] * C:\Windows\CNYHKey.exe (PID: 4060) [WD-HEUR] * C:\Windows\MHotkey.exe (PID: 3048) [WD-HEUR] * C:\Windows\ModLedKey.exe (PID: 3892) [WD-HEUR] * C:\Windows\ChiFuncExt.exe (PID: 4068) [WD-HEUR] 5 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * DFSR [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 04/09/2016 12:51:42 PM Execution time: 0 hours(s), 2 minute(s), and 39 seconds(s)
  11. Thank you for your reply AdvancedSetup. Is AdvancedSetup your name? or how should I address you in our correspondence? I spent almost 10 hours last evening and this morning backing up my entire (C:) Drive to an external hard drive: Clickfree Backup (CN2). My only concern is that whatever is fixed or removed is still on this external drive and if I connect to it again I unleash the problem again. I'm not sure what to do in this case. In any event, I have the external drive disconnected now and I will begin the process as you have clearly laid out for me. You should hear back from me as I progress. Thank you kindly. Parkerma
  12. Can you help me? I think I have been hacked. This file listed in the tags and screen saves was created 12/2/2014. Files have been stolen and deleted. They must have access to my passwords. Activity on social sites not initiated by me. I have attached 3 screen saves. I have already downloaded and run the latest version of Farbar Recovery Scan Tool and attached the (FRST.txt) & (Addition.txt). Please advise. Thanks, MAP FRST.txt Addition.txt
  13. Ron, I followed your last instruction. I downloaded the fixlist.txt to my desktop, the same location where I had saved the FRST64. Both were on my desktop when I right clicked on the FRST icon and selected "Run as Administrator". I clicked "Fix" and it ran smoothly without event. It notified me to reboot before the fix could take affect. I reboot without event. One important detail. I had uninstalled Firefox because the update to 39.0.3? was blocking everything. Firefox 38 was the best browser because I was always fighting with Chrome & IE. The update to 39 a couple months back was hell. I thought the update to 39.0.3 would help but it was worse. So I uninstalled it in order to get to your reply. I am now at the mercy of IE. Fixlog.txt is attached. Thanks Ron, MichaelFixlog.txt
  14. I was able to download the Farbar Scanning tool using IE. I used the 64-bit as directed based on my system. Firefox has been a problem since my upgrade to Firfox 39. It was preventing me from downloading Farbar. I see they have an upgrade Firefox 39.0.3 to fix issues. I have attached the Farbar Scan Report & the Additional Report for your review.FRST.txtAddition.txt I will not do anything until I hear fro you. Thank you for your help. MAP
  15. I have Malwarbytes Malwarbytes is finding and isolating this proxy problem daily. The one day I forgot to click on "remove", I was unable to long on to the internet. With help from my internet service provider we discovered that the LAN, under Internet Properties "Connections" tab, the LAN settings box under Proxy Server had been checked to use a proxy server for my LANS. I did not make this change and the daily Malwarbytes continues to find this problem every day. Malwarebytes Anti-Malware scan log 7-30-15.txt I followed the initial instructions which lead me to Farber Recovery Scan Tool (Firfox made it difficult to finaly get there) The instructions were contradictory (ie) it directs me to download the correct version if I have a 32 or 64 bit system. I am running Vista Home Premium 64 bit system. If you look at the Screen Saves which Bleeping Computer has posted under their downloads, I have attached the screen save, it clearly says that the 64 bitMalwarebytes Anti-Malware scan log 7-30-15.txt so I was unable to do anything other than post this. I look forward to any help you may provide.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.