NPETraceSession.etl

[Parkerma]

Can you help me?

I think I have been hacked. This file listed in the tags and screen saves was created 12/2/2014. Files have been stolen and deleted. They must have access to my passwords. Activity on social sites not initiated by me.

I have attached 3 screen saves. I have already downloaded and run the latest version of Farbar Recovery Scan Tool and attached the (FRST.txt) & (Addition.txt).  Please advise.

Thanks,

MAP

FRST.txt

Addition.txt

[AdvancedSetup]

Hello. Well my guess is that you mostly just have junk and bad settings on the computer more so than any type of infection or hack. Having a router attack and password change was very easy to do due to weak or default passwords on the router. If you've reset the router and you've used a strong password then there should be no worry or concern there of it being attacked again at this point. Now let's just work on cleaning up your computer. Don't go away until we're done though.

 

 

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.
 

 

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
• Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
• Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
• Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
• The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
• You can check here if you're not sure if your computer is 32-bit or 64-bit
• Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
• When we are done, I'll give you instructions on how to cleanup all the tools and logs
• Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
• Your topic will be closed if you haven't replied within 3 days
• (If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 01
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1 | Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.

STEP 02
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.
• Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 03
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Quote

 

 

 

[Parkerma]

Thank you for your reply AdvancedSetup. Is AdvancedSetup your name? or how should I address you in our correspondence?

I spent almost 10 hours last evening and this morning backing up my entire (C:) Drive to an external hard drive: Clickfree Backup (CN2). My only concern is that whatever is fixed or removed is still on this external drive and if I connect to it again I unleash the problem again. I'm not sure what to do in this case. In any event, I have the external drive disconnected now and I will begin the process as you have clearly laid out for me. You should hear back from me as I progress.

Thank you kindly.

Parkerma

[Parkerma]

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/09/2016 12:49:02 PM in x64 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\C2MP\TrayMenu.exe (PID: 2084) [WD-HEUR]
 * C:\Windows\CNYHKey.exe (PID: 4060) [WD-HEUR]
 * C:\Windows\MHotkey.exe (PID: 3048) [WD-HEUR]
 * C:\Windows\ModLedKey.exe (PID: 3892) [WD-HEUR]
 * C:\Windows\ChiFuncExt.exe (PID: 4068) [WD-HEUR]

5 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * DFSR [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/09/2016 12:51:42 PM
Execution time: 0 hours(s), 2 minute(s), and 39 seconds(s)

 

[Parkerma]

Hi Ron,

These two replies are what I believe you are looking for. Just an FYI on 2 things:

1. Yesterday, before I even accessed your reply, Malwarebytes had completed a routine scan and surprisingly found TweakBit (see attached screen save), something I have been trying to get rid of for some time. As you can see it is quarantined. I will not delete it or do anything else until I hear back from you.

2. Regarding my number 5 screen save for ERUNT, I saw Vista listed as one of the operating systems supported but I do not see it listed on this screen save.

Lastly, is "NPETraceSession.etl" anything I need to worry about?

I hope I did not forget any attachments. I will not reboot or do anything else until I hear back from you. Thanks again,

Parkerma

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/9/2016
Scan Time: 1:23:44 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.09.03
Rootkit Database: v2016.04.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Dad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378560
Time Elapsed: 31 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[Parkerma]

Sorry, my mistake Ron. I added a wrong screen save on the last reply. This is the screen save I intended regarding TweakBit.

[AdvancedSetup]

Please go ahead and remove the Tweakbit PUP

The tracelog etl file is a Microsoft tracelog from kernel events on the system. It is not harmful to your system. We'll review and see if we can find why or what enabled it though if possible.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista / Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

[Parkerma]

Thanks Ron. I have every thing. I disabled my virus then Right clicked on JRT.exe to run as administrator. It never gave an option for XP. It just opened a Dos box: Attached screen save. It says to press any key to continue but I didn't. I instead right clicked on the JRT.exec again and went to properties. I clicked compatibility tab and checked the XP box then right clicked again to run as administrator. The scan started and completed: Attached both Text & Additional files here. The black Dos box remains on my desk top opened and will not close. Task manager will not close it either.

Should I continue to STEP 5 with the box open?

I will wait to hear from you.

Michael

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by Dad (administrator) on DAD-PC (12-04-2016 15:10:40)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad & Super Dad)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\C2NPlus\UACProxy.exe
(SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\ENAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
( ) C:\Windows\System32\lxdicoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(Storage Appliance Corporation) C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Wondershare Software) C:\Program Files (x86)\Wondershare\VCU\VideoConverterUltimate.exe
() C:\Program Files (x86)\Wondershare\VCU\CrashService.exe
() C:\Program Files (x86)\Wondershare\VCU\WsTaskLoad.exe
(Wondershare) C:\Program Files (x86)\Wondershare\VCU\MetadataConvert.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Malwarebytes) C:\Users\Dad\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [45056 2009-02-26] (IOI)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [FaxCenterServer] => "C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe" /s
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-05] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-03-21] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [LedKey] => CNYHKey.exe
HKLM-x32\...\Run: [LchDrvKey] => LchDrvKey.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\C2MP\UpdateChecker.exe"
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [ABBYY Screenshot Reader Bonus] => [X]
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\Run: [SacReminderHDDV2N] => C:\ProgramData\Clickfree\C2NPlus\reminder\SacReminder.exe [870224 2011-01-20] (Storage Appliance Corp.)
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {0c54785a-95e1-11e4-900f-001d72bd14f3} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {52ab114b-ccd5-11e4-9a11-240008000297} - G:\EasySuite.exe
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {61de5038-2569-11e3-b660-001d72bd14f3} - G:\StartClickFreeBackup.exe
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {cec0494c-cd0b-11e4-93c2-806e6f6e6963} - G:\EasySuite.exe
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\MountPoints2: {cec04aba-cd0b-11e4-93c2-240008000297} - G:\EasySuite.exe
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download Manager{NF30052-PROD-FSD40014}] => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe /m
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD6492710294] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54b9838f" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6492710294 /f
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-11-11]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.twc.com/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-21] (Wondershare)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-1002242135-839824054-2149840056-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353
FF DefaultSearchEngine: Ask Web Search
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxps://webmail.roadrunner.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-11] ()
FF Plugin: @Citrix.com/npagee64,version=9.3.62.4 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2013-04-17] (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-11] ()
FF Plugin-x32: @Citrix.com/npagee,version=9.3.62.4 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2013-04-17] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dad\AppData\Roaming\mozilla\plugins\npagee.dll [2013-04-17] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dad\AppData\Roaming\mozilla\plugins\npagee64.dll [2013-04-17] (Citrix Systems, Inc.)
FF Extension: Easy Screenshot - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\extensions\easyscreenshot@mozillaonline.com [2015-11-08]
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-03-28]
FF Extension: Media Player for YouTube™ - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\Extensions\jid1-dgnICqQgv2AUZw@jetpack.xpi [2015-09-03]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-03-18]
FF Extension: YouTube MP3 Downloader for Firefox - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\Extensions\youtubemp3downloaderextension2014_mozilafirefox@jetpack.xpi [2015-08-22]
FF Extension: YouTube Flash Video Player - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFFw => not found
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi

Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CFUACProxy_c2nplus; C:\ProgramData\Clickfree\C2NPlus\UACProxy.exe [87368 2010-07-08] (Storage Appliance Corp.)
R2 ENAgent; C:\Windows\SysWOW64\ENAgent.exe [4209856 2012-07-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [34816 2006-11-02] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-20] (Microsoft Corporation)
R2 lxdi_device; C:\Windows\system32\lxdicoms.exe [876976 2007-04-26] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [156720 2013-04-17] (Citrix Systems, Inc)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-20] (Microsoft Corporation)
R2 SacNetAgentService_C57C4F854F53; C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [163664 2011-01-20] (Storage Appliance Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2009-04-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2009-04-10] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81408 2009-04-11] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ARCSOFTVIRTUALCAPTURE; C:\Windows\System32\DRIVERS\ArcSoftVirtualCapture.sys [17408 2006-12-08] (ArcSoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-11] (AVG Technologies)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [102160 2013-04-01] (Citrix Systems, Inc.)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [46640 2013-04-17] (Citrix Systems, Inc.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131160 2011-02-07] (Citrix Systems, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-15] ()
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 15:10 - 2016-04-12 15:11 - 00020063 _____ C:\Users\Dad\Desktop\FRST.txt
2016-04-12 14:53 - 2016-04-12 14:53 - 02375168 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2016-04-12 14:51 - 2016-04-12 14:51 - 03465280 _____ C:\Users\Dad\Desktop\AdwCleaner.exe
2016-04-12 14:48 - 2016-04-12 14:48 - 01610352 _____ (Malwarebytes) C:\Users\Dad\Desktop\JRT.exe
2016-04-12 13:07 - 2016-04-12 13:07 - 131827749 _____ C:\Users\Dad\Desktop\Mother Angelica on Blasphemy, the Second Vatican Council, and WYD 1993 - YouTube.mp4
2016-04-12 11:49 - 2016-04-12 11:49 - 00266904 _____ C:\Users\Dad\Desktop\Archery_Public_Forum.pdf
2016-04-11 06:42 - 2016-04-11 06:43 - 00000000 ____D C:\1982-8-14 Wedding Pictures
2016-04-09 18:52 - 2016-04-09 18:52 - 00130593 _____ C:\Users\Dad\Documents\Plea-for-Intolerance by Venerable Fulton J Sheen.pdf
2016-04-09 18:19 - 2016-04-09 18:19 - 01330556 _____ C:\Users\Dad\Documents\papa-francesco_esortazione-ap_20160319_amoris-laetitia_en.pdf
2016-04-09 13:20 - 2016-04-09 13:20 - 00000000 ____D C:\Windows\ERDNT
2016-04-09 13:10 - 2016-04-09 13:47 - 00000000 ____D C:\Program Files (x86)\ERUNT
2016-04-09 13:10 - 2016-04-09 13:10 - 00000725 _____ C:\Users\Super Dad\Desktop\NTREGOPT.lnk
2016-04-09 13:10 - 2016-04-09 13:10 - 00000706 _____ C:\Users\Super Dad\Desktop\ERUNT.lnk
2016-04-09 13:10 - 2016-04-09 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2016-04-09 13:02 - 2016-04-09 13:02 - 00003018 _____ C:\Windows\System32\Tasks\{AEB87ACB-EF06-46ED-9E9F-99D127831634}
2016-04-09 11:46 - 2016-04-09 11:46 - 00791393 _____ (Lars Hederer ) C:\Users\Dad\Desktop\erunt-setup.exe
2016-04-09 11:42 - 2016-04-09 11:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dad\Desktop\rkill.exe
2016-04-09 11:36 - 2016-04-09 11:36 - 00130593 _____ C:\Users\Dad\Desktop\The Venerable Fulton J. Sheen Makes A Plea-for-Intolerance.pdf
2016-04-09 10:02 - 2016-04-09 10:06 - 00000917 _____ C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2016-04-09 09:46 - 2016-04-09 09:47 - 00000000 ____D C:\Users\Dad\Desktop\SSA Appeal
2016-04-09 09:40 - 2016-04-09 09:46 - 00000000 ____D C:\Users\Dad\Desktop\Wisconsin State Licensure Rules and Regulations
2016-04-09 09:28 - 2016-04-09 14:58 - 00000000 ___RD C:\Users\Dad\Desktop\Malwarebytes Anti-Malware Forum Help Record 4-9-2016
2016-04-09 08:48 - 2014-12-02 02:32 - 00005632 _____ C:\Users\Dad\Downloads\SQCLIENT.dat
2016-04-07 18:56 - 2016-04-07 18:56 - 00266904 _____ C:\Users\Dad\Desktop\Archery Public Forum.pdf
2016-03-28 21:13 - 2016-03-28 21:13 - 00001062 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2016-03-28 21:13 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-03-28 21:13 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\WSCM32.dll
2016-03-18 23:19 - 2016-03-19 06:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 15:10 - 2015-08-09 15:46 - 00000000 ____D C:\FRST
2016-04-12 14:37 - 2015-09-04 10:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-12 14:37 - 2014-12-28 15:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-12 14:37 - 2006-11-02 10:22 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-12 14:37 - 2006-11-02 10:22 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-11 18:13 - 2016-02-20 19:39 - 00000000 ___RD C:\Users\Dad\Desktop\AIM Documents
2016-04-11 17:36 - 2015-05-25 13:41 - 00000000 ____D C:\Users\Dad\Desktop\Desktop Images USMC and Bald Eagle
2016-04-11 17:08 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\tracing
2016-04-11 17:00 - 2013-09-20 13:50 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
2016-04-11 08:37 - 2015-09-04 10:10 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-11 08:37 - 2015-09-04 10:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-11 08:37 - 2015-09-04 10:10 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-10 13:27 - 2013-09-26 07:54 - 00000000 ____D C:\Patio Progress  7-20-2011
2016-04-09 18:30 - 2014-03-12 22:34 - 00003670 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6BB2B7CB-1751-46A3-BB2F-9972F419953C}
2016-04-09 16:04 - 2013-09-18 21:19 - 00079360 _____ C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-09 12:43 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf
2016-04-09 12:43 - 2006-11-02 07:46 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-09 12:37 - 2015-08-19 13:21 - 00015886 _____ C:\Windows\SysWOW64\‰š‹œž‘’“”•–—˜™š›œžÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ1
2016-04-09 12:37 - 2015-04-17 13:32 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-04-09 12:37 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-09 12:36 - 2006-11-02 10:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-09 09:38 - 2016-03-04 18:44 - 00000000 ____D C:\Users\Dad\Desktop\ARRT Investigation
2016-04-09 09:37 - 2015-11-03 16:43 - 00000000 ___RD C:\Users\Dad\Desktop\Veteran Affairs Benefits MHV Records
2016-04-09 09:32 - 2015-09-18 13:27 - 00000000 ___RD C:\Users\Dad\Desktop\Attorney Mark Gustafson
2016-03-30 00:31 - 2015-11-03 16:37 - 00000000 ___RD C:\Users\Dad\Desktop\My Mother Mary Folder Confraternity  10-13-15 & Consecration 12-8-15
2016-03-29 10:39 - 2015-08-23 14:55 - 00000000 ___RD C:\Users\Dad\Desktop\Poetry
2016-03-28 21:13 - 2015-07-02 00:03 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2016-03-28 19:30 - 2014-02-22 21:12 - 00000000 ____D C:\Users\Dad\Desktop\Aurora DAD's Stuff He Can't Wait To Get Rid Of
2016-03-28 15:09 - 2015-08-10 19:59 - 00000000 ___RD C:\Users\Dad\Desktop\Supply Technician
2016-03-28 13:34 - 2015-07-02 23:03 - 00000000 ___RD C:\Users\Dad\Desktop\Surgical Technician
2016-03-28 13:33 - 2015-03-30 17:44 - 00000000 ____D C:\Users\Dad\Desktop\All Things USA Jobs
2016-03-25 14:27 - 2015-01-16 00:53 - 00000000 ___RD C:\Users\Dad\Desktop\2014 Resumes, Cover letters and References
2016-03-25 13:58 - 2015-09-04 11:11 - 00000000 ___RD C:\Users\Dad\Desktop\USPS JOBS
2016-03-25 12:54 - 2015-06-30 11:53 - 00012926 _____ C:\Users\Dad\Desktop\Envelope Template Legal Size Use Ctrl P to print page 1 only.odt
2016-03-23 04:31 - 2014-12-28 15:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-23 03:46 - 2014-12-28 15:29 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-23 03:46 - 2014-12-28 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-20 14:13 - 2013-10-03 15:03 - 00000000 ____D C:\Users\Super Dad
2016-03-19 06:38 - 2015-08-14 23:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-18 23:20 - 2015-01-16 16:58 - 00001827 _____ C:\Windows\wininit.ini

==================== Files in the root of some directories =======

2013-09-24 17:49 - 2013-10-03 08:59 - 0001428 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat
2014-03-24 00:39 - 2014-03-24 00:39 - 0000680 _____ () C:\Users\Dad\AppData\Local\d3d9caps.dat
2013-09-18 21:19 - 2016-04-09 16:04 - 0079360 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-15 11:04 - 2013-11-15 11:05 - 0423882 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI059E.txt
2015-03-17 13:09 - 2015-03-17 13:09 - 0376830 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI07F6.txt
2015-03-17 13:09 - 2015-03-17 13:09 - 0387430 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI080A.txt
2015-03-17 13:25 - 2015-03-17 13:25 - 0376466 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI13E4.txt
2015-03-17 13:25 - 2015-03-17 13:25 - 0387814 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI13F1.txt
2015-03-16 23:39 - 2015-03-16 23:39 - 0375374 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI1B9E.txt
2015-03-16 23:39 - 2015-03-16 23:39 - 0387814 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI1BFD.txt
2015-03-17 13:36 - 2015-03-17 13:36 - 0376466 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI1C6C.txt
2015-03-17 13:36 - 2015-03-17 13:36 - 0386662 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI1CB1.txt
2014-02-17 14:31 - 2014-02-17 14:31 - 0350006 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI546F.txt
2014-01-31 23:58 - 2014-01-31 23:59 - 0433752 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI55E2.txt
2013-09-24 17:41 - 2013-09-24 17:42 - 0459926 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI5642.txt
2013-09-24 17:42 - 2013-09-24 17:44 - 0463522 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI56F9.txt
2015-03-16 19:55 - 2015-03-16 19:55 - 0376466 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI7029.txt
2015-03-16 19:55 - 2015-03-16 19:55 - 0385510 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI703D.txt
2013-10-13 19:38 - 2013-10-13 19:38 - 0377244 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI7BF4.txt
2013-10-13 19:38 - 2013-10-13 19:38 - 0386474 _____ () C:\Users\Dad\AppData\Local\dd_vcredistMSI7C28.txt
2013-11-15 11:04 - 2013-11-15 11:05 - 0015288 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI059E.txt
2015-03-17 13:09 - 2015-03-17 13:09 - 0011436 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI07F6.txt
2015-03-17 13:09 - 2015-03-17 13:09 - 0011436 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI080A.txt
2015-03-17 13:25 - 2015-03-17 13:25 - 0011420 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI13E4.txt
2015-03-17 13:25 - 2015-03-17 13:25 - 0011452 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI13F1.txt
2015-03-16 23:39 - 2015-03-16 23:39 - 0011372 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI1B9E.txt
2015-03-16 23:39 - 2015-03-16 23:39 - 0011452 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI1BFD.txt
2015-03-17 13:36 - 2015-03-17 13:36 - 0011420 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI1C6C.txt
2015-03-17 13:36 - 2015-03-17 13:36 - 0011404 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI1CB1.txt
2014-02-17 14:31 - 2014-02-17 14:31 - 0011880 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI546F.txt
2014-01-31 23:58 - 2014-01-31 23:59 - 0024368 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI55E2.txt
2013-09-24 17:41 - 2013-09-24 17:42 - 0011692 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI5642.txt
2013-09-24 17:42 - 2013-09-24 17:44 - 0011708 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI56F9.txt
2015-03-16 19:55 - 2015-03-16 19:55 - 0011420 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI7029.txt
2015-03-16 19:55 - 2015-03-16 19:55 - 0011356 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI703D.txt
2013-10-13 19:37 - 2013-10-13 19:38 - 0011468 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI7BF4.txt
2013-10-13 19:38 - 2013-10-13 19:38 - 0011404 _____ () C:\Users\Dad\AppData\Local\dd_vcredistUI7C28.txt
2013-10-18 19:42 - 2013-10-18 19:42 - 0000241 _____ () C:\Users\Dad\AppData\Local\RAExpertHistory.xml
2013-10-12 20:49 - 2013-10-12 21:08 - 0000279 _____ () C:\Users\Dad\AppData\Local\rahistory.xml

Files to move or delete:
====================
C:\Users\Dad\Launchpad Removal.exe
C:\Users\Dad\LG Phone PelicanExtension.dll
C:\Users\Dad\LPSecurityExtension.dll
C:\Users\Dad\SanDiskFormatExtension.dll
C:\Users\Dad\version.dat

Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\video-converter-ultimate_full975.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-12 13:13

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Dad (2016-04-12 15:11:28)
Running from C:\Users\Dad\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2013-09-18 01:16:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1002242135-839824054-2149840056-500 - Administrator - Disabled)
Dad (S-1-5-21-1002242135-839824054-2149840056-1000 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-1002242135-839824054-2149840056-501 - Limited - Disabled)
SACNETDRIVEUSER01 (S-1-5-21-1002242135-839824054-2149840056-1031 - Limited - Enabled)
Super Dad (S-1-5-21-1002242135-839824054-2149840056-1003 - Limited - Enabled) => C:\Users\Super Dad

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix Access Gateway Plug-in (HKLM\...\{95D020BA-5CB1-4769-95E5-3BD0C905ECE5}) (Version: 9.3.62.4 - Citrix Systems, Inc.)
Clickfree (HKLM-x32\...\Clickfree) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Files Opened (HKLM-x32\...\Files Opened) (Version: 1.0 - )
Gateway Photo Frame 4.2.3.6 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.6 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3006 - Acer Incorporated)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Media Player Codec Pack 4.3.6 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.6 - Media Player Codec Pack)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.3.00 - Sony Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5807 - Realtek Semiconductor Corp.)
Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version:  - ) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1002242135-839824054-2149840056-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1002242135-839824054-2149840056-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1002242135-839824054-2149840056-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {002D6D93-FD5E-4DDE-9993-BA9191AE6E7B} - System32\Tasks\{36109510-F85D-4BE7-91CE-0DFBE4D03751} => pcalua.exe -a C:\Users\Dad\Desktop\20140321-023-i64.exe -d C:\Users\Dad\Desktop
Task: {0D10F079-7C62-4772-BBE1-C217890A7CBC} - System32\Tasks\{CDC61E7F-640E-4895-88DD-1BF5DEFB4940} => pcalua.exe -a D:\AutoRun.exe -d D:\ -c autoLaunch
Task: {144E5A33-0755-4FA2-B282-3502B4F9D9DC} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\SymErr.exe
Task: {18F7636B-E7AF-43CC-B324-56AD65850436} - System32\Tasks\{EB8C5BDE-3C2D-4C3B-BE5F-29615DBCD8BE} => pcalua.exe -a C:\Users\Dad\Downloads\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All.exe -d C:\Users\Dad\Desktop
Task: {276896D7-56E0-40D6-A0E2-B55AA54B8AE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2BF8DA6A-594A-458D-BD15-E274FBBDCA19} - System32\Tasks\{8840EDCE-F1BF-4744-99D7-AED27AF55520} => pcalua.exe -a "C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7T0FOGK\3500-4500.exe" -d C:\Users\Dad\Desktop
Task: {35EEB9BE-064A-4D50-BBF1-C5110F5DC25A} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-02-25] (Acer)
Task: {3A746D32-0878-4829-9FF9-88A61FB9002E} - System32\Tasks\{2BB1059F-D442-4B59-A37F-C63138FDAB74} => pcalua.exe -a "C:\ProgramData\Wondershare\Video Converter Ultimate\pluginInstall.exe" -d "C:\ProgramData\Wondershare\Video Converter Ultimate" -c "i" "iexplore"
Task: {3C482A21-45EC-43F9-B51C-2C406EFFAAC0} - System32\Tasks\{AEB87ACB-EF06-46ED-9E9F-99D127831634} => pcalua.exe -a C:\Users\Dad\Desktop\erunt-setup.exe -d C:\Users\Dad\Desktop
Task: {5313B176-942C-435A-8411-ED89A92E401A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {6D37D174-AE0B-4F71-960B-48081DE7E858} - System32\Tasks\{E7EAB071-88CA-4663-84AF-5D6C429EABC6} => pcalua.exe -a "C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKWY8Y6M\3500-4500.exe" -d C:\Users\Dad\Desktop
Task: {BA1867B3-4872-4DA2-8243-4C959DE8EE22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-11] (Adobe Systems Incorporated)
Task: {BF62F94F-F630-41F0-B43C-1FDA2D47B161} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-10-11 20:40 - 2007-02-22 02:15 - 00045056 _____ () C:\Windows\System32\LXF3PMON.DLL
2013-10-11 20:39 - 2006-11-07 10:02 - 00036864 _____ () C:\Windows\System32\LXF3OEM.DLL
2013-10-11 20:39 - 2007-02-22 02:11 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2013-10-11 20:39 - 2007-02-22 02:15 - 00003584 _____ () C:\Windows\System32\LXF3PMRC.DLL
2014-02-01 20:41 - 2007-03-15 23:11 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdidrpp.dll
2016-03-28 21:13 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-03-28 21:13 - 2015-02-27 14:54 - 00101376 _____ () C:\Program Files (x86)\Wondershare\VCU\CrashService.exe
2016-03-28 21:13 - 2016-03-21 13:52 - 02228368 _____ () C:\Program Files (x86)\Wondershare\VCU\WsTaskLoad.exe
2009-02-26 15:11 - 2009-02-26 15:11 - 00031744 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
2009-02-26 15:11 - 2009-02-26 15:11 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
2015-07-02 00:03 - 2015-04-28 15:22 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-07-02 00:03 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00204800 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_Log.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00060416 _____ () C:\Program Files (x86)\Wondershare\VCU\COMSupport.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00081408 _____ () C:\Program Files (x86)\Wondershare\VCU\MP4_http.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00113664 _____ () C:\Program Files (x86)\Wondershare\VCU\DriverMgr.dll
2016-03-28 21:13 - 2015-02-27 14:53 - 00389120 _____ () C:\Program Files (x86)\Wondershare\VCU\WsBurn.dll
2016-03-28 21:13 - 2016-03-18 14:44 - 00368064 _____ () C:\Program Files (x86)\Wondershare\VCU\sqlite3.dll
2016-03-28 21:13 - 2015-02-27 14:54 - 00131584 _____ () C:\Program Files (x86)\Wondershare\VCU\ExceptionHandler.dll
2016-03-28 21:13 - 2015-10-19 16:11 - 00100352 _____ () C:\Program Files (x86)\Wondershare\VCU\TiVoDecode.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00204288 _____ () C:\Program Files (x86)\Wondershare\VCU\XMLRead.dll
2016-03-28 21:13 - 2015-02-27 14:54 - 00158720 _____ () C:\Program Files (x86)\Wondershare\VCU\WSPermissionAccess.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00259584 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_PlayDecMgr.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00065024 _____ () C:\Program Files (x86)\Wondershare\VCU\MediaInfo.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 02324480 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_Image.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00061440 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_Utility.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00129536 _____ () C:\Program Files (x86)\Wondershare\VCU\MPDECSrc.dll
2016-03-28 21:13 - 2015-10-23 14:06 - 04671488 _____ () C:\Program Files (x86)\Wondershare\VCU\libMPKernal.dll
2016-03-28 21:13 - 2015-10-23 14:06 - 16756755 _____ () C:\Program Files (x86)\Wondershare\VCU\libkernaldec.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00114688 _____ () C:\Program Files (x86)\Wondershare\VCU\DVD_DEC.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00276480 _____ () C:\Program Files (x86)\Wondershare\VCU\DVDReader.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00050688 _____ () C:\Program Files (x86)\Wondershare\VCU\DecoderMgr.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00236032 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_VideoSrc.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00119808 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_ImageDecoder.dll
2016-03-28 21:13 - 2015-06-09 15:20 - 00114176 _____ () C:\Program Files (x86)\Wondershare\VCU\DecPlugins\fdpCodec.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 03094016 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_MediaInfoLib.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00138752 _____ () C:\Program Files (x86)\Wondershare\VCU\WSPlayer.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 06755840 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_ImageProc.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00254464 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DataProcess.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00185856 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_ImageDataprocess.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00104960 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_VideoCompositor.dll
2016-03-28 21:13 - 2015-12-01 14:55 - 00540160 _____ () C:\Program Files (x86)\Wondershare\VCU\EffectPlugin.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00123392 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMRecordMgr.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00310784 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMRecord.dll
2016-03-28 21:13 - 2015-10-13 15:33 - 00274944 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_MtEncoderMgr.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00162304 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMAudioRecord.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00166912 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_ItunesHook.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00214016 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMAplVRecord.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00327680 _____ () C:\Program Files (x86)\Wondershare\VCU\HookD3dDll.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00213504 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_DRMWMRecord.dll
2016-03-28 21:13 - 2015-02-27 14:54 - 00078336 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_MutFileInfo.dll
2016-03-28 21:13 - 2015-08-11 15:22 - 00324096 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_WMHook.dll
2016-03-28 21:13 - 2015-10-13 15:33 - 00246784 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_BatchConvProc.dll
2014-12-05 06:40 - 2014-12-05 06:40 - 03502080 _____ () C:\Windows\SysWow64\ffdshow.ax
2016-03-28 21:13 - 2015-12-01 14:55 - 00204800 _____ () C:\Program Files (x86)\Wondershare\VCU\WS_Log.DLL
2016-03-28 21:13 - 2015-02-27 14:54 - 01085440 _____ () C:\Program Files (x86)\Wondershare\VCU\WSMultiTagMgr.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1002242135-839824054-2149840056-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: EPLTarget =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{75ABC9FF-58E2-4B5C-B7F5-5E03C96019EE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{C25A4DF5-0AC3-48F4-AC33-196CEE7DE402}] => (Allow) C:\Windows\SysWOW64\lxdicoms.exe
FirewallRules: [{FB12A628-A852-4918-B7B7-9BEAACA56A07}] => (Allow) C:\Windows\SysWOW64\lxdicoms.exe
FirewallRules: [{3E1E599C-1C95-4E95-9B78-31C4F7DF2FBE}] => (Allow) LPort=80
FirewallRules: [{1297F1FD-EF78-435E-865D-AC30C36744D5}] => (Allow) LPort=80
FirewallRules: [{B48A4C61-31C2-4B83-8CF9-E747F04B9D21}] => (Allow) LPort=80
FirewallRules: [TCP Query User{9BEDA141-E733-428E-A9EE-BB1761BBE104}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\app4r.exe
FirewallRules: [UDP Query User{476829FF-19CF-45B7-8036-530371F9D3F3}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\app4r.exe
FirewallRules: [{0A24C3E5-A4AA-4684-89B9-F0A59A32A0E0}] => (Allow) C:\Users\Dad\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe
FirewallRules: [{0F20BFD9-1F40-4B7A-A28C-21983E5F553D}] => (Allow) C:\Users\Dad\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe
FirewallRules: [{65E4B4DC-0500-4328-976A-BBE6D32CE18F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe
FirewallRules: [{30B5B8A8-D17C-4E4E-A6B7-A3FC4CBAE345}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe
FirewallRules: [{E8A6FDCF-F35C-4A17-8E42-EDF2D540995E}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{C9B24745-9A9D-4AF3-B78B-E73BE45EE6A7}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{782D0C36-04D6-4A83-9C08-BCDAB061E637}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{66610974-BC0C-4D0C-9DE1-E58D961F2321}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{D8FF9D94-6ABB-4D30-BF1A-1E5701C95A49}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{22AF192A-6366-4E6A-8EE7-1498F303399D}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [Microsoft-Windows-RemovableStorageManagement-Client-RPCSS-TCP-In] => (Allow) %systemroot%\system32\rsmsink.exe
FirewallRules: [Microsoft-Windows-RemovableStorageManagement-Client-DCOM-In] => (Allow) %systemroot%\system32\rsmsink.exe
FirewallRules: [{941BDAE1-1DA2-46D8-ACDB-B5B867370DE4}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.exe
FirewallRules: [{F7D609B0-9FB1-4512-BC3F-5EBF598A0D75}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.exe
FirewallRules: [{171C3EA1-9D3A-471E-8E23-A322DAD56E3D}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{83A7445F-3E37-4B96-8C32-132F45CDB7C1}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{6BF80151-2817-48CC-8904-FF5D7A06DB4F}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{DA44F5FC-3392-4BEC-ABD1-CF6F8065A0DC}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{C5167CFD-9C5D-4BFE-BB61-C3CE8B51D478}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\App4R.exe
FirewallRules: [{6F9FB970-2466-4C3F-860C-4E0644C56F43}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\App4R.exe
FirewallRules: [TCP Query User{0644BAD6-D252-4CCD-AC9D-8A7D0C8A76A8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{42840378-FA45-4C9F-8892-456D940A3312}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{0C88D8D9-72A3-4E4A-984B-445C32289310}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{3ED42A3D-5203-48E5-8036-8426FD36360D}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{12F38F34-D696-4744-9B13-44F8E4E9445A}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{65151342-0CB6-4A98-B80E-EEC5A58D6CCE}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{CCF3919A-56DC-483C-BEB4-1B040A66B4E2}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{F541BDC3-1E6A-4996-ACB7-DC961CD3F671}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{717A85B1-A57E-417A-878C-A52F75659472}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{1FB729DE-317F-486D-ACF4-3AF273DE86E0}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{936381D3-9EA2-40A0-A911-F55013C5F096}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{49DBB8BB-6962-4BAD-A959-E0078A15C7BC}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{D0766F2C-BB24-4948-82B5-244EB78B89D1}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{26746951-289F-4E4A-8C3A-BAE99C305C25}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{F274856A-C6B0-4D6A-9837-5017582D1AC2}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{9D8A481D-90CB-4EEA-BAC0-FF81BA3527D3}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{158D5658-964A-4069-BF73-DC6B19F63F2E}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{6FD23AF6-9F1E-4907-8E7C-E66D87EE8442}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{188B66D9-BBFE-4DEC-9531-5F08F5BF547C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{36E5B8B4-D4A8-43B8-9EA9-41A32E2511FA}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{8ED25CE3-7189-4B39-9193-1BDCCF5087FC}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{9CB3C17C-3AF0-4651-96D1-9C4EC5056FE4}] => (Allow) C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{2953EEA8-22FF-440D-9615-3449C2426C76}] => (Allow) C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
FirewallRules: [{DF7C2A48-8956-432C-AE43-9A47A6406779}] => (Allow) C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) C:\Windows\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [TCP Query User{A05F4C83-35B6-406E-8F45-C0F8F0BA1065}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C319E126-718B-424E-B8F7-A5E997635258}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0C7D0571-64F0-4D98-BA2C-33FEFCC22182}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E3E9412-9C4B-4C92-94FB-1E4E5F7ADE9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A5255FBE-43AA-481F-870E-0777E52E8D82}C:\program files (x86)\wondershare\vcu-bing\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\medialibserver.exe
FirewallRules: [UDP Query User{8B891E5C-7254-4656-985E-46AA4320AE5D}C:\program files (x86)\wondershare\vcu-bing\medialibserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\medialibserver.exe
FirewallRules: [{97E20349-B2DF-4538-9C51-B264A42E8336}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B62E7FC3-8F43-4A3B-BAF6-607178961E31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8C81DC38-2E69-4DD1-8E1A-234043868054}C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe
FirewallRules: [UDP Query User{0EACE961-E833-4D94-B356-697A301E0070}C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe
FirewallRules: [TCP Query User{E187F770-4C27-403B-B52F-98A25256B3FA}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [UDP Query User{E0752CDF-B0A2-4D79-9D62-D8D759A5B83F}C:\program files (x86)\wondershare\vcu\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\mediaserver.exe
FirewallRules: [{8309098F-5609-4A6E-AC08-E9BE917FB2D2}] => (Allow) C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{B0323E08-1AB5-4294-8618-FBAED40D2B52}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{1EBBFEC1-99D6-432C-A6F2-9FFB9DF8CFC0}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [TCP Query User{26796E6F-3946-4416-BDAB-B45A3EE1AF27}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [UDP Query User{83DB88B7-C86F-4162-A889-0217BE8EA281}C:\program files (x86)\wondershare\vcu\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\vcu\medialibserver.exe
FirewallRules: [TCP Query User{0E8F3209-5572-4D84-BD06-6A52A6C843AF}C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe
FirewallRules: [UDP Query User{C7DCF664-E5B2-474B-9A8A-E5E9E9932A61}C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\mediaserver.exe
FirewallRules: [{C0E85A3A-BC33-4A58-AF74-576F75C3A682}] => (Allow) C:\Windows\System32\lxdicfg.exe
FirewallRules: [{4CFC60BC-AF59-4412-AB1C-66C95DE054FB}] => (Allow) C:\Windows\System32\lxdicfg.exe
FirewallRules: [TCP Query User{1610CB87-99D0-4817-A487-0CD6F08C3DBF}C:\program files (x86)\wondershare\vcu-bing\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\videoconverterultimate.exe
FirewallRules: [UDP Query User{D2ED1D9F-6DD4-41C4-82B8-264838CAD99A}C:\program files (x86)\wondershare\vcu-bing\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\videoconverterultimate.exe
FirewallRules: [{F7AE2AFB-CADF-4800-9105-76121223B81B}] => (Allow) C:\Windows\system32\tlntsvr.exe
FirewallRules: [TCP Query User{3D74A688-A2D2-49C9-BB9C-3476449399CE}C:\program files (x86)\wondershare\vcu-bing\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\urlreqservice.exe
FirewallRules: [UDP Query User{E91EBF8B-D635-40F5-9449-F3E39DBEB998}C:\program files (x86)\wondershare\vcu-bing\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu-bing\urlreqservice.exe
FirewallRules: [TCP Query User{81A509E9-12C9-42D5-A9FD-92B2D24C2515}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe
FirewallRules: [UDP Query User{FDD0D045-06E4-4967-A326-B3E94886DF5C}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe
FirewallRules: [TCP Query User{8C80A3C8-9E2F-4452-922E-5B8D28AA8269}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe
FirewallRules: [UDP Query User{BD1E8AF7-013E-4D05-A660-49377C1A6116}C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\vcu\videoconverterultimate.exe

==================== Restore Points =========================

21-03-2016 09:52:17 Scheduled Checkpoint
22-03-2016 00:00:02 Scheduled Checkpoint
23-03-2016 00:00:05 Scheduled Checkpoint
23-03-2016 14:46:56 Scheduled Checkpoint
24-03-2016 17:39:20 Windows Update
25-03-2016 10:06:16 Scheduled Checkpoint
26-03-2016 09:49:46 Scheduled Checkpoint
27-03-2016 08:46:09 Scheduled Checkpoint
28-03-2016 17:36:14 Scheduled Checkpoint
28-03-2016 21:27:37 Windows Update
29-03-2016 14:51:56 Scheduled Checkpoint
30-03-2016 10:39:33 Scheduled Checkpoint
31-03-2016 06:36:58 Scheduled Checkpoint
01-04-2016 07:53:13 Scheduled Checkpoint
01-04-2016 13:23:21 Windows Update
02-04-2016 07:48:39 Scheduled Checkpoint
03-04-2016 08:58:18 Scheduled Checkpoint
04-04-2016 06:37:41 Scheduled Checkpoint
04-04-2016 14:00:54 Windows Update
06-04-2016 15:39:32 Scheduled Checkpoint
07-04-2016 06:21:11 Scheduled Checkpoint
08-04-2016 00:00:11 Scheduled Checkpoint
09-04-2016 04:08:39 Scheduled Checkpoint
09-04-2016 09:40:07 Windows Update
10-04-2016 00:00:06 Scheduled Checkpoint
11-04-2016 00:00:22 Scheduled Checkpoint
12-04-2016 00:00:05 Scheduled Checkpoint
12-04-2016 12:54:22 Windows Update

==================== Faulty Device Manager Devices =============

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2016 04:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application E_YARNJJE.EXE, version 7.0.1.0, time stamp 0x4f5efe1a, faulting module E_YASOJJE.DLL, version 7.0.9.0, time stamp 0x4f4adfee, exception code 0xc0000005, fault offset 0x000000000004bc76,
process id 0x1038, application start time 0xE_YARNJJE.EXE0.

Error: (04/09/2016 12:38:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2016 12:24:54 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume g:\ are not active.

Context: Windows Application

Details:
    The device is not ready.   (0x80070015)

Error: (04/09/2016 12:09:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2016 11:56:57 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume g:\ are not active.

Context: Windows Application

Details:
    The device is not ready.   (0x80070015)

Error: (04/09/2016 10:07:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2016 09:54:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2016 09:28:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2016 05:34:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2016 09:49:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/12/2016 12:57:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.217.1180.0){65F70147-454E-48BA-98AB-7521DB8CF1BF}201

Error: (04/12/2016 12:54:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.217.1039.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2016 01:14:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 115.44.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2016 01:14:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.217.1039.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2016 01:14:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.217.1039.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2016 01:14:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.217.1039.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2016 12:54:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 115.44.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2016 12:54:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.217.1039.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2016 12:54:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.217.1039.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2016 12:54:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.217.1039.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

CodeIntegrity:
===================================
  Date: 2016-04-12 15:10:58.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:57.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:57.370
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:57.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:56.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:56.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:55.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:55.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:08.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\RtkAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 15:10:07.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\RtkAPO64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 60%
Total physical RAM: 4060.26 MB
Available physical RAM: 1584.19 MB
Total Virtual: 8305.52 MB
Available Virtual: 4764.52 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:583.17 GB) (Free:344.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: CD6556B4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=583.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Parkerma]

Hi Ron. I ran AdwCleaner. You instructed me to uncheck elements I don't want removed. I'm a stupid man Ron. I don't know enough to make that decision without creating a problem (e.g.) I have no idea what swdumon service is. I have attached the log file for your review. Please advise me on this. I still have the Dos box from JRT.exe open on my desk top as well and it will not close.

I will not move onto STEP 6 until I hear from you. Thanks again.

Michael

 

# AdwCleaner v5.110 - Logfile created 12/04/2016 at 16:07:42
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (X64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon

***** [ Folders ] *****

Folder Found : C:\Program Files\WebBar
Folder Found : C:\Program Files (x86)\driverupdate
Folder Found : C:\ProgramData\InstallSightSDK
Folder Found : C:\ProgramData\TweakBit
Folder Found : C:\ProgramData\Application Data\InstallSightSDK
Folder Found : C:\ProgramData\Application Data\TweakBit
Folder Found : C:\Users\Dad\AppData\Roaming\K9AMW
Folder Found : C:\Windows\SysNative\Tasks\TweakBit
Folder Found : C:\Windows\SysNative\Tasks\TweakBit
Folder Found : C:\Windows\SysWOW64\C2MP

***** [ Files ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
File Found : C:\Users\Dad\Documents\WinZip Driver Updater.lnk
File Found : C:\Windows\efix.ini
File Found : C:\Windows\SysNative\roboot64.exe
File Found : C:\Windows\SysNative\drivers\swdumon.sys

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\Classes\s
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall Firefox
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\DownloadAdmin
Key Found : HKCU\Software\eFix
Key Found : HKCU\Software\K9Tools
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKLM\SOFTWARE\K9Tools
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{177CD779-4EEC-43C5-8DEA-4E0EC103624B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CrimeWatch
Key Found : [x64] HKLM\SOFTWARE\eFix
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\APN PIP
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\DownloadAdmin
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\eFix
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\K9Tools
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\SlimWare Utilities Inc
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{177CD779-4EEC-43C5-8DEA-4E0EC103624B}
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}
Key Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CrimeWatch
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8ED25CE3-7189-4B39-9193-1BDCCF5087FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Value Found : HKU\S-1-5-21-1002242135-839824054-2149840056-1000\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Codec Settings UAC Manager]

***** [ Web browsers ] *****

[C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "Ask Web Search");
[C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "Ask Web Search");
[C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._dpMembers_.toolbar.ownSearch", true);
[C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\5viaco4g.default-1435958614353\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "findyourmaps@mindspark.com");
[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mysearch.avg.com
[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : delta-homes
[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [11110 bytes] - [12/04/2016 16:07:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11184 bytes] ##########

[Parkerma]

One last question Ron. I attached a screen save of a program that has been listed in my Control Panel for quite a while and unable to uninstall: SavingsBull. I'm not sure if this is bad but it certainly is a ghost when it comes to detection. Just wondering. Hope to hear from you soon.

Regards,

Michael

[AdvancedSetup]

The item found from AdwCleaner is from sliimware utilities which most experts don't see a need for and why it was listed. I would go ahead and tell AdwCleaner to remove all. Then have it reboot the system.

Then let me know how the computer is running.

We can check for the SavingsBull and other issues after the this reboot

 

[Parkerma]

Hi Ron,

I think I may have made a mistake. Because I am using Firefox, I had to first  download the  ESET Smart Installer. I did this and it downloaded then went into scan mode. I expected it to be 2 step process. After a while I realized that it was actually doing the full scan not just a pre-scan for Firefox. It was an hour into the scan and I stopped it because I needed to:

1. Make sure that the option Remove found threats is unticked

2. Click on Advanced Settings and ensure these options are ticked:

3. Scan for potentially unwanted applications

4. Scan for potentially unsafe applications

5. Enable Anti-Stealth Technology

The scan stopped and I went back to the point where I had to click To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET Smart Installer. for any browser other than IE to do the down load. I did this again and after it downloaded I saw where the changes needed to be made but it was not intuitive like the instructions because the selections where formatted differently than the instructions. Anyway, when I opened up advance settings I could see that the Make sure that the option Remove found threats is unticked box was there and it was ticked. I then followed the instructions which were a bit different from what I was seeing but it all looked good to go.

I did not click "Finish" on the prior scan I stopped because I wanted to make sure it did not remove the threats per instructions. I attempted to re-scan but received an error message. I have two screen saves to show the status. I am basically stuck until I hear from you I guess. I hope I have not deleted anything and that not having click "Finish" prevented this. I just can't get it to re-run the scan.

My apologies if I wasted your time Ron.

Michael

 

[AdvancedSetup]

No need to apologize - the canned message is old and I'm sure that ESET has probably changed things a bit since it was last created and updated.

Unfortunately you'll probably need to reboot and try it again. You can tell it to remove what it finds but if it removes something valid it can be difficult to restore it and why we try to see what it finds instead of just removing by default.

After the reboot when you go to launch it see if it has a completed log from the run or not and if it does try to post that back.

Thanks again

Ron

 

[Parkerma]

Hi Ron,

I did as you said and was able to rerun the scan. I did a screen save of the 11 "List of found threats". I am now trying to export them to the desktop as requested but it keeps going back to the File name entry and highlighting the (*.txt) area like it wants me to name it something but I am not sure what to name it for it to save. It is stuck at this screen. I'm glad I did a screen save because this may be all we get for a log.

I must say, I am not surprised in the least, that threats were found in this location. Remember that I told you I was hacked and documents taken. These are all legal documents in my defense. The only thing left were PDF document empty shells with the name of the document but the documents had no text. I was fortunate that I had them backed up & saved. But that's old news and there is nothing I can do now.

Please advise me if there is a name I should enter to save or if the screen save is sufficient. I will not do STEP 7 until I hear back from you. Thank you kindly for your last patient reply.

Kind Regards,

Michael

 

[AdvancedSetup]

Well if you have all the documents backed up and are not able to get the list in text then go ahead and run ESET again but this time tell it to go ahead and remove all threats found.

Ron

 

[Parkerma]

Sorry, I posted my Farbar text on the wrong thread Ron, I could not delete it. Here it is.

Hi Ron,

 

Thanks again Ron.

Michael

Edited April 14, 2016 by AdvancedSetup
Removed logs due to private information

[AdvancedSetup]

Check your PM and I'll get back with you again sometime tomorrow.

 

Thanks

Ron

 

[exile360]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!