Jump to content

3 PUP malware threats discovered - PLEASE HELP ME !


Recommended Posts

 

3 PUP malware threats discovered - PLEASE HELP ME !

Started by edsueond, Saturday at 06:16 PM

 

HERE BELOW IS THE MALWARBYTES scan I did, but I was unable to download the Farbar scan as directed...what do I do next ?  thanks, Susan

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/15/2016
Scan Time: 12:11:30 PM
Logfile: malwarebytes pup found on 10 15 2016 on compaq laptop pc.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.15.12
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Ed and Sue

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365419
Time Elapsed: 1 hr, 42 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.YourFileDownloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8EF08895-0EC2-4E5F-A91C-C6312062DF7A}, , [8ff9badfe1b9270f26449f2c5da535cb], 

Registry Values: 1
PUP.Optional.YourFileDownloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8EF08895-0EC2-4E5F-A91C-C6312062DF7A}|Path, \YourFile DownloaderUpdate, , [8ff9badfe1b9270f26449f2c5da535cb]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SlimCleanerPlus, C:\Users\Ed and Sue\AppData\Local\SlimWare Utilities Inc, , [9deb702974266fc78e8735d233d2768a], 

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

Link to post
Share on other sites

  • Staff

Hello,

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Hi TwinHeaded Eagle...as I wrote ABOVE, I could NOT download the Farbar Recovery Scan Tool !  i tried four times and each time it told me IT WAS NOT RESONSIVE....so I don't know what is wrong NOW with my PC that would not allow me to download what you ask...any suggestions on how to MAKE IT DOWNLOAD ?  Let me know asap...thanks,  Susan

Link to post
Share on other sites

I DON'T KNOW WHAT YOU ARE TALKING ABOUT...I POSTED ONE REQUEST AND THEN I WAS TOLD BY SOMEONE ON THE MALWAREBYTES FORUM THAT I HAD POSTED MY PROBLEM ON THE "WRONG" FORUM AND THEY TOLD ME TO RE-MY PROBLEM....WHICH I DID..SO PLEASE, WHATEVER "YOU HAVE TO DO " FIX THIS DOUBLE POST OR WHATEVER AND JUST GET ME HELP WITH MY PROBLEM.  AS REGARDS THE RESPONSE FROM TWINHEADED EAGLE...PLEASE LOOK AT THE FIRST LINE OF MY POST.....ABOVE....AND YOU WILL NOTE THAT I WAS UNABLE TO DO THE FARBAR SCAN.....

3 PUP malware threats discovered - PLEASE HELP ME !

Started by edsueond, Saturday at 06:16 PM

 

HERE BELOW IS THE MALWARBYTES scan I did, but I was unable to download the Farbar scan as directed...what do I do next ?  thanks, Susan

 

I DON'T KNOW WHAT IS GOING ON WITH THIS FORUM, BUT CAN YOU PLEASE GET EVERYONE ON THE SAME PAGE..AND GET ME SOME HELP...THANKS,   Susan

Link to post
Share on other sites

  • Root Admin

The user "edsueond" started the topic, not you  @yosoy4ever . That is what I'm asking as there are 2 different usernames asking about this now.

For @edsueond  the MBAM log shows that the threats were not selected to be removed. Please run MBAM again and this time please ensure you select all found items and have MBAM remove them please and that should correct the issue.

Thank you

Ron Lewis

 

Link to post
Share on other sites

  • Root Admin

Please run a full Disk Check

Check Disk

  • Press the WindowsKey.png on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.


Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

Next,


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Edited by AdvancedSetup
Link to post
Share on other sites

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>chkdsk
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
  242880 file records processed.
File verification completed.
  1043 large file records processed.
  0 bad file records processed.
  0 EA records processed.
  95 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
  300622 index entries processed.
Index verification completed.
  0 unindexed files processed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
  242880 security descriptors processed.
Security descriptor verification completed.
  28872 data files processed.
CHKDSK is verifying Usn Journal...
  36800896 USN bytes processed.
Usn Journal verification completed.
Windows has checked the file system and found no problems.

  91209005 KB total disk space.
  48456336 KB in 157172 files.
     80184 KB in 28873 indexes.
         0 KB in bad sectors.
    291473 KB in use by the system.
      4096 KB occupied by the log file.
  42381012 KB available on disk.

      4096 bytes in each allocation unit.
  22802251 total allocation units on disk.
  10595253 allocation units available on disk.

C:\Windows\system32>

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by Administrator (21-10-2016 15:36:00) Run:3
Running from C:\Users\Ed and Sue\Downloads
Loaded Profiles: Administrator (Available Profiles: user & Ed and Sue & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-936523094-2541983458-908479171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-936523094-2541983458-908479171-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-936523094-2541983458-908479171-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-936523094-2541983458-908479171-1002 -> {F77607EC-D7EE-4FC1-85E2-6686CB59B1CA} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
CHR HKLM\...\Chrome\Extension: [hpdpkkpdlooddakbebmkeeegehfjdnih] - <no Path\update_url>
Task: {1B4260D7-8F13-4146-932A-26F27DF1174D} - System32\Tasks\{E67D6C3F-B554-484E-A7C0-CBE411C5150D} => pcalua.exe -a C:\Windows\system32\ISUSPM.cpl -c Program Updates
Task: {0AFB88C3-2DFE-4929-9C64-4DD8BA8CE036} - System32\Tasks\{76AD04DA-14CE-4514-8255-D7D46A06EC83} => pcalua.exe -a "C:\Users\Ed and Sue\Downloads\epson318534eu.exe" -d "C:\Users\Ed and Sue\Downloads"
Task: {26BFB4C7-521F-47B2-9E8A-E6CF6D8BCBA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {8F4A1099-2AE7-42B1-A78A-6C7D885F9E1A} - System32\Tasks\{FC02F823-A2CC-4B5F-9DDB-D863C839A82A} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {9C939CCE-6CBF-4021-80C4-EB99623C86AE} - System32\Tasks\InstallShield Software update service => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
Task: {A75AF775-DE2E-4BE9-ABBC-715CE04AB7B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {B99AE639-8B40-4B07-8C94-D9FE5FDF3764} - System32\Tasks\{BC198264-5B69-4054-869A-A867A55567C7} => pcalua.exe -a E:\Setup.exe -d e:\
Task: {D131105F-5FC2-4B08-950C-E8CF7620E2D0} - \Bomgar Task 735841 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
EmptyTemp:
Reboot:

*****************

Processes closed successfully.
Restore point was successfully created.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-936523094-2541983458-908479171-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-936523094-2541983458-908479171-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-936523094-2541983458-908479171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-936523094-2541983458-908479171-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-936523094-2541983458-908479171-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKU\S-1-5-21-936523094-2541983458-908479171-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F77607EC-D7EE-4FC1-85E2-6686CB59B1CA} => key not found. 
HKCR\CLSID\{F77607EC-D7EE-4FC1-85E2-6686CB59B1CA} => key not found. 
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hpdpkkpdlooddakbebmkeeegehfjdnih" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B4260D7-8F13-4146-932A-26F27DF1174D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B4260D7-8F13-4146-932A-26F27DF1174D}" => key removed successfully.
C:\Windows\System32\Tasks\{E67D6C3F-B554-484E-A7C0-CBE411C5150D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E67D6C3F-B554-484E-A7C0-CBE411C5150D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AFB88C3-2DFE-4929-9C64-4DD8BA8CE036}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AFB88C3-2DFE-4929-9C64-4DD8BA8CE036}" => key removed successfully.
C:\Windows\System32\Tasks\{76AD04DA-14CE-4514-8255-D7D46A06EC83} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76AD04DA-14CE-4514-8255-D7D46A06EC83}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26BFB4C7-521F-47B2-9E8A-E6CF6D8BCBA0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26BFB4C7-521F-47B2-9E8A-E6CF6D8BCBA0}" => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4A1099-2AE7-42B1-A78A-6C7D885F9E1A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4A1099-2AE7-42B1-A78A-6C7D885F9E1A}" => key removed successfully.
C:\Windows\System32\Tasks\{FC02F823-A2CC-4B5F-9DDB-D863C839A82A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC02F823-A2CC-4B5F-9DDB-D863C839A82A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C939CCE-6CBF-4021-80C4-EB99623C86AE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C939CCE-6CBF-4021-80C4-EB99623C86AE}" => key removed successfully.
C:\Windows\System32\Tasks\InstallShield Software update service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\InstallShield Software update service" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A75AF775-DE2E-4BE9-ABBC-715CE04AB7B5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A75AF775-DE2E-4BE9-ABBC-715CE04AB7B5}" => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B99AE639-8B40-4B07-8C94-D9FE5FDF3764}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99AE639-8B40-4B07-8C94-D9FE5FDF3764}" => key removed successfully.
C:\Windows\System32\Tasks\{BC198264-5B69-4054-869A-A867A55567C7} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BC198264-5B69-4054-869A-A867A55567C7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D131105F-5FC2-4B08-950C-E8CF7620E2D0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D131105F-5FC2-4B08-950C-E8CF7620E2D0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bomgar Task 735841" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9722539 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 2488005 B
Edge => 0 B
Chrome => 1171090 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 16384 B
NetworkService => 0 B
user => 0 B
Ed and Sue => 12773461 B
Administrator => 18555339 B

RecycleBin => 3524 B
EmptyTemp: => 54.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:46:36 ====

Link to post
Share on other sites

  • Root Admin

The request was::  CHKDSK C: /R you ran /F   F does not check the entire drive and repair it like the /R does.

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02
Let's clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed.
  • Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look at the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up, click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore.

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • 2 weeks later...

here are the first two scans....the second one took a VERY, VERY long time....and to boot, I was faced with a dental emergency and am just getting back on line, so I will do the other two scans as soon as possible...thanks,  Susan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows Vista (TM) Home Basic x86 
Ran by Ed and Sue (Administrator) on Sun 10/30/2016 at 11:42:39.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 29 

Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{4E5DD802-FEBF-4ACC-92FC-329E0E242C01} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{50B3EA16-6D4D-46BF-88C5-861E2003272A} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{5A46CF7F-A7E5-45BC-856D-42DD7E7EF972} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{649D9BDD-1F7D-4A52-88C5-7B2B8CB7CBF3} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{774E9D71-969C-4C20-B13F-BD5C641C2BF2} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{808458F1-D62E-4F1B-AA75-5C12FDD1551F} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{84089C13-21EC-4B6E-81BE-08A1DEEBA787} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{8AB112D9-FF04-4A5B-BD6D-5B08F90AC809} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{95E700D5-BFDC-40A0-8577-C1056C593247} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{9ED89DB8-9673-441A-B7E4-682BC0091410} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{A1AB3BBA-99CE-4214-9191-2C98D11E4337} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{BE27D32C-C65B-4AF2-A9B2-0CA932C5DA8D} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{CF0439B8-3839-49E2-8452-3918767BD25C} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{DABF8DE7-8630-4BF5-89A8-0D76FEDB86AB} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{E2A55CC7-2F48-4E41-A5B9-6643F2C7EE12} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{E9921E27-9808-4E56-AB6F-372F9104DFDA} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{FA003C15-B302-4441-BE35-312FBAB8C904} (Empty Folder)
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\{FFDB3D78-8DDE-4E82-B2E1-74DEF9809354} (Empty Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\Windows\Tasks\DriverToolkit Autorun.job (Task) 
Successfully deleted: C:\Program Files\drivertoolkit (Folder) 
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6PPS6Y4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QVN9WQ3B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD5665SF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ed and Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1Z0O7S3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6PPS6Y4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QVN9WQ3B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD5665SF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1Z0O7S3 (Temporary Internet Files Folder) 

Registry: 2 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/30/2016 at 12:15:23.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v6.030 - Logfile created 30/10/2016 at 20:50:55
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-30.1 [Local]
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (X86)
# Username : Ed and Sue - USER-PC
# Running from : C:\Users\Ed and Sue\Downloads\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[!] Folder not deleted: C:\Device
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\BackWeb.Client.ScriptHelper-3572475
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{23699B0B-C14D-4054-A545-FC0927BB0879}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{268CA04C-106C-4636-B707-95E8CD5859E0}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2BB3E614-F616-42DD-A99A-69C1FC268741}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{35274ADF-B8DE-4909-80D1-A26269216903}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5BBF357E-EA8C-48BF-83CA-DE279FB83BBA}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{929825DF-A1B4-40C9-8F3C-6DA06BADC150}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A72B8EA8-5B63-4C90-9FE8-D9C76C99DE32}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C86BFADB-406F-47C7-A8D8-FAA37B39089F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{103E3C9A-E8AE-4B19-A339-01FE9439763E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{24486CE9-7BC2-4516-B743-39FFDD4F861B}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{326C4F48-FE3B-4E54-9118-9B6C3B6C9B1E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{39D884BB-2881-4F3A-B9B9-2D3AF4C2C191}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{59E5BDB9-126F-4575-901E-D32132A19B94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{5CF866F0-10A3-4ED4-9BE3-668F2F148E2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{618B2F0C-A1AF-4D1D-9354-CF0C42AF5BCB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8EFEE482-37BC-4F3D-83E6-CB5BBE077E43}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CE1482C8-E8FD-4277-9A4F-094D712F6B60}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EEFDBFA7-0F18-4216-8F90-6B6F71D6AB83}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F12BA68C-976E-4567-BA3B-629DFCEBC5FE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F66F6A81-E727-4774-B461-8A5CB7F7DE07}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-D156-49DD-A659-20E69C1EE15F}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-106C-4636-B707-95E8CD5859E0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\ImInstaller
[-] Key deleted: HKU\S-1-5-21-936523094-2541983458-908479171-1002\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-936523094-2541983458-908479171-1002\Software\DriverTuner
[-] Key deleted: HKU\S-1-5-21-936523094-2541983458-908479171-1002\Software\DriverTuner_Init
[-] Key deleted: HKU\S-1-5-21-936523094-2541983458-908479171-1002\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
[-] Key deleted: HKU\S-1-5-21-936523094-2541983458-908479171-1002\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\DriverTuner
[#] Key deleted on reboot: HKCU\Software\DriverTuner_Init
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\YourFileDownloader
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE


***** [ Web browsers ] *****

[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7751 Bytes] - [30/10/2016 20:50:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [7548 Bytes] - [30/10/2016 17:41:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [7622 Bytes] - [30/10/2016 20:33:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7970 Bytes] ##########
 

 

 

Link to post
Share on other sites

Hi..I just wanted to let you know that I had a cracked tooth and that has side lined me for awhile.BUT I am NOW sending you this message from my husband's desktop PC as I had tried to DOWNLOAD Sophos on my laptob FIVE times and it would not down load.  I FINALLY on the sixth try got it to download and I AM NOW DOING THE SCAN....but the ONLY MAJOR PROBLEM is....is that it has been running now for OVER 18 HOURS and the green bar showing me the status is only HALF WAY complete !!  That seems incredible to me..don't you think ?  I ran Sophos just now on this PC of my husbands and it did THE WHOLE THING in 35 minutes and HE HAD NO ERRORS detected from the scan....I don't know if this LONG TIME is peculiar on my laptop or if you have run into it before....I am just hopeful it is NOT truly and heavily invected...but so far....NO ERRORS found.....but I AM NOT GOING TO STOP IT NOR CANCEL IT and try it again...I'll just let it KEEP GOING and will let you know the results if and when it completes the scan....thanks for helping me and eing patient.  Sue

Link to post
Share on other sites

  • Root Admin

Yes, sometimes Sophos is very slow. It's possible that maybe your own antivirus was in conflict with it slowing it down. Will check out the other items when you post.

Thank you again, and at least it was just a crack on the tooth and not something worse.

Cheers

Ron

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-11-2016
Ran by Ed and Sue (administrator) on USER-PC (07-11-2016 16:27:17)
Running from C:\Users\Ed and Sue\Downloads
Loaded Profiles: Ed and Sue (Available Profiles: user & Ed and Sue & Administrator)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
( ) C:\Windows\System32\lxcycoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(Symantec) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Symantec, Inc.) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\22.8.0.50\conathst.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\22.8.0.50\n360.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\22.8.0.50\n360.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Ed and Sue\Downloads\FRST (2).exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2015-01-18] (Symantec Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\PFW: 
HKU\S-1-5-21-936523094-2541983458-908479171-1002\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-01-02] (Google Inc.)
HKU\S-1-5-21-936523094-2541983458-908479171-1002\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-936523094-2541983458-908479171-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-936523094-2541983458-908479171-1002\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-936523094-2541983458-908479171-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5A8B397F-F644-41EA-9B82-A58EB0AD71EC}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-936523094-2541983458-908479171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-936523094-2541983458-908479171-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-936523094-2541983458-908479171-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKU\S-1-5-21-936523094-2541983458-908479171-1002 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7NDKB_en
SearchScopes: HKU\S-1-5-21-936523094-2541983458-908479171-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7NDKB_en
SearchScopes: HKU\S-1-5-21-936523094-2541983458-908479171-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-936523094-2541983458-908479171-1002 -> {F77607EC-D7EE-4FC1-85E2-6686CB59B1CA} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-11] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-11] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-936523094-2541983458-908479171-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-10-19]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default [2016-11-07]
CHR Extension: (Google Slides) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
CHR Extension: (Google Docs) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14]
CHR Extension: (YouTube) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-14]
CHR Extension: (eBay) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-11-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-10-11]
CHR Extension: (Google Search) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Google Sheets) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-15]
CHR Extension: (Norton Safe) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-04]
CHR Extension: (Gmail) - C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360\Engine\22.8.0.50\Exts\Chrome.crx [2016-09-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
S4 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
S4 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S4 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [537264 2007-06-20] ( )
S4 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)
R2 N360; C:\Program Files\Norton 360\Engine\22.8.0.50\N360.exe [289080 2016-09-23] (Symantec Corporation)
R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20161102.001\BHDrvx86.sys [1334008 2016-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1608000.032\ccSetx86.sys [137456 2016-06-01] (Symantec Corporation)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388824 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124632 2016-10-03] (Symantec Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [159232 2007-02-22] (Conexant Systems Inc.)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\22.7.0.76\Definitions\IPSDefs\20161104.001\IDSvix86.sys [768728 2016-10-27] (Symantec Corporation)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 SRTSP; C:\Windows\System32\Drivers\N360\1608000.032\SRTSP.SYS [634096 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1608000.032\SRTSPX.SYS [43248 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360\1608000.032\SYMEFASI.SYS [1291992 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [87792 2016-10-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1608000.032\Ironx86.SYS [229616 2016-09-23] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1608000.032\SYMTDIV.SYS [351416 2016-09-23] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-07 16:20 - 2016-11-07 16:25 - 01759744 _____ (Farbar) C:\Users\Ed and Sue\Downloads\FRST (2).exe
2016-11-06 12:43 - 2016-11-06 12:43 - 00000000 ____D C:\ProgramData\Sophos
2016-11-06 12:39 - 2016-11-06 12:39 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-11-06 12:39 - 2016-11-06 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-11-06 12:31 - 2016-11-06 12:31 - 00000000 ____D C:\Program Files\Sophos
2016-11-01 19:04 - 2016-11-01 19:09 - 155945632 _____ (Sophos Limited) C:\Users\Ed and Sue\Downloads\Sophos Virus Removal Tool (1).exe
2016-11-01 17:15 - 2016-11-01 17:18 - 155945632 _____ (Sophos Limited) C:\Users\Ed and Sue\Downloads\Sophos Virus Removal Tool.exe
2016-10-30 17:16 - 2016-10-30 17:17 - 03910208 _____ C:\Users\Ed and Sue\Downloads\adwcleaner_6.030.exe
2016-10-30 14:26 - 2016-10-30 14:27 - 03910208 _____ C:\Users\Ed and Sue\Downloads\AdwCleaner (2).exe
2016-10-30 11:51 - 2016-10-30 11:52 - 03910208 _____ C:\Users\Ed and Sue\Downloads\AdwCleaner (1).exe
2016-10-30 11:49 - 2016-10-30 19:50 - 00000000 ____D C:\AdwCleaner
2016-10-30 11:36 - 2016-10-30 11:37 - 03910208 _____ C:\Users\Ed and Sue\Downloads\AdwCleaner.exe
2016-10-30 11:15 - 2016-10-30 11:15 - 00004363 _____ C:\Users\Ed and Sue\Desktop\JRT.txt
2016-10-30 10:41 - 2016-10-30 10:41 - 01631928 _____ (Malwarebytes) C:\Users\Ed and Sue\Downloads\JRT.exe
2016-10-21 14:36 - 2016-10-21 14:46 - 00011134 _____ C:\Users\Ed and Sue\Downloads\Fixlog.txt
2016-10-21 14:28 - 2016-10-21 14:32 - 00002980 _____ C:\fixlist.txt
2016-10-21 14:07 - 2016-10-21 14:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2016-10-21 14:07 - 2016-10-21 14:07 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage
2016-10-20 12:56 - 2016-10-20 12:56 - 00002980 _____ C:\Users\Ed and Sue\Downloads\fixlist (3).txt
2016-10-20 12:56 - 2016-10-20 12:56 - 00002980 _____ C:\Users\Ed and Sue\Downloads\fixlist (2).txt
2016-10-20 12:52 - 2016-10-20 12:52 - 00002980 _____ C:\Users\Ed and Sue\Downloads\fixlist (1).txt
2016-10-18 13:56 - 2016-10-18 13:56 - 00040310 _____ C:\Addition.txt
2016-10-18 13:56 - 2016-10-18 13:56 - 00025862 _____ C:\FRST.txt
2016-10-18 13:36 - 2016-10-18 13:46 - 00040307 _____ C:\Users\Ed and Sue\Downloads\Addition.txt
2016-10-18 11:52 - 2016-10-18 11:53 - 01756672 _____ (Farbar) C:\Users\Ed and Sue\Downloads\FRST (1).exe
2016-10-17 13:32 - 2016-11-07 16:46 - 00018172 _____ C:\Users\Ed and Sue\Downloads\FRST.txt
2016-10-17 13:31 - 2016-10-17 13:31 - 01756672 _____ (Farbar) C:\Users\Ed and Sue\Downloads\FRST.exe
2016-10-17 13:25 - 2016-10-17 13:25 - 01756672 _____ (Farbar) C:\Users\Ed and Sue\Downloads\A406.tmp
2016-10-15 16:54 - 2016-10-15 16:54 - 00001030 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-10-15 16:54 - 2016-10-15 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-10-15 16:44 - 2016-10-15 16:44 - 00001564 _____ C:\malwarebytes pup found on 10 15 2016 on compaq laptop pc.txt
2016-10-11 10:46 - 2016-10-11 10:46 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\Sun
2016-10-11 10:46 - 2016-10-11 10:46 - 00000000 ____D C:\Users\Ed and Sue\.oracle_jre_usage

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-07 16:35 - 2006-11-02 07:45 - 00003296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-07 16:35 - 2006-11-02 07:45 - 00003296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-07 16:27 - 2015-06-12 09:21 - 00000000 ____D C:\FRST
2016-11-06 19:34 - 2012-11-30 00:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-06 19:32 - 2014-07-11 16:59 - 00000348 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-11-06 12:43 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-02 18:59 - 2015-02-25 18:18 - 00002643 _____ C:\Users\Ed and Sue\Desktop\Microsoft Photo Editor.lnk
2016-11-01 12:40 - 2006-11-02 05:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-01 12:35 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-01 12:34 - 2006-11-02 07:58 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-21 14:27 - 2012-05-05 13:31 - 00000000 ____D C:\469fdb890c37804470d920213da46a
2016-10-21 14:11 - 2013-05-09 11:55 - 00094536 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-21 14:07 - 2013-05-08 19:50 - 00000000 ____D C:\Users\Administrator
2016-10-21 13:51 - 2015-08-18 15:37 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\CrashDumps
2016-10-19 12:51 - 2016-06-04 10:52 - 00000000 ____D C:\Windows\system32\Drivers\N360
2016-10-19 12:50 - 2016-08-13 10:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-10-19 12:50 - 2016-06-04 11:00 - 00001979 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-10-19 12:50 - 2014-05-18 14:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-18 10:27 - 2014-09-06 23:09 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-17 06:47 - 2016-06-04 11:00 - 00087792 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2016-10-17 06:47 - 2016-06-04 11:00 - 00008234 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2016-10-15 10:49 - 2014-09-06 22:57 - 00000915 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-15 10:49 - 2014-05-18 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-11 11:11 - 2016-08-13 10:56 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2016-10-11 11:09 - 2016-08-13 10:57 - 00086803 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-10-11 10:56 - 2007-01-20 04:55 - 00000000 ____D C:\Program Files\Java
2016-10-11 10:55 - 2013-12-12 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-11 10:47 - 2007-01-20 04:55 - 00000000 ____D C:\Program Files\Common Files\Java
2016-10-11 10:46 - 2012-06-09 14:26 - 00000000 ____D C:\Users\Ed and Sue
2016-10-11 10:41 - 2015-01-22 23:57 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-10-11 10:20 - 2016-08-13 10:57 - 00086037 _____ C:\Windows\ZAM.krnl.trace

==================== Files in the root of some directories =======

2013-01-25 14:16 - 2015-06-22 22:31 - 0002272 _____ () C:\Users\Ed and Sue\AppData\Roaming\wklnhst.dat
2012-09-18 21:45 - 2016-09-27 11:22 - 0001356 _____ () C:\Users\Ed and Sue\AppData\Local\d3d9caps.dat
2013-05-21 13:23 - 2013-05-21 13:24 - 0004608 _____ () C:\Users\Ed and Sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-26 17:34 - 2013-05-16 09:05 - 0000245 _____ () C:\ProgramData\hpqp.ini
2010-01-13 14:54 - 2016-08-13 10:34 - 0097415 _____ () C:\ProgramData\nvModes.001
2013-05-18 17:07 - 2014-01-21 17:26 - 0097415 _____ () C:\ProgramData\nvModes.dat

Some files in TEMP:
====================
C:\Users\Ed and Sue\AppData\Local\Temp\libeay32.dll
C:\Users\Ed and Sue\AppData\Local\Temp\msvcr120.dll
C:\Users\Ed and Sue\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-07 14:13

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Ed and Sue (07-11-2016 17:41:58)
Running from C:\Users\Ed and Sue\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) (2010-01-07 08:40:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-936523094-2541983458-908479171-500 - Administrator - Enabled) => C:\Users\Administrator
Ed and Sue (S-1-5-21-936523094-2541983458-908479171-1002 - Administrator - Enabled) => C:\Users\Ed and Sue
Guest (S-1-5-21-936523094-2541983458-908479171-501 - Limited - Disabled)
user (S-1-5-21-936523094-2541983458-908479171-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.0.0.1550.41613 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.1.0 - LSoft Technologies)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
APH placeholder (Version:  - ) Hidden
ArcSoft PhotoImpression 5 (HKLM\...\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}) (Version:  - ArcSoft)
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Compaq Connections (remove only) (HKLM\...\HPOOVClient-3572475 Uninstaller) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
DNAMigrator (Version: 14.2.0.39 - Total Defense, Inc.) Hidden
EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Granny In Paradise (HKLM\...\Granny In Paradise_is1) (Version:  - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6310 - Hewlett-Packard)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}) (Version: 1.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch Buttons 6.10 B9 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.10 B9 - Hewlett-Packard)
HP Support Solutions Framework (HKLM\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM\...\{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}) (Version: 1.0.94 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guide 0041 (HKLM\...\{D5CEFEDA-38DF-4F94-A392-C86163CB9965}) (Version: 1.00.0008 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{355FADAF-55C4-4E08-88D4-A86C4CA6930C}) (Version: 3.00 C2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 5.0 (HKLM\...\{99C5770C-1C90-42E7-9B74-D47CFAF14621}) (Version: 5.00.050 - muvee Technologies)
Norton 360 (HKLM\...\N360) (Version: 22.8.0.50 - Symantec Corporation)
Norton Utilities 16 (HKLM\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
RF Wireless Mouse (HKLM\...\{6D9258A8-A3A0-11D5-87D4-00055D0100B6}) (Version:  - )
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.114 - Roxio)
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Symantec Technical Support Advanced Chat Controls (HKLM\...\{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}) (Version: 3.5.3 - Symantec Corporation)
Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Total Defense Internet Security Suite (HKLM\...\eTrust Suite Personal) (Version: 9.0.0.26 - Total Defense, Inc.)
TurboTax Deluxe 2005 (HKLM\...\TurboTax Deluxe 2005) (Version:  - )
TurboTax Deluxe Deduction Maximizer 2006 (HKLM\...\TurboTax Deluxe Deduction Maximizer 2006) (Version:  - )
TurboTax ItsDeductible 2005 (HKLM\...\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}) (Version: 9.05.0000 - Intuit)
TurboTax ItsDeductible 2006 (HKLM\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.8 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015013AB-945D-4BE4-A02A-EA9DE7051DD7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-02] (Adobe Systems Incorporated)
Task: {0A6DBD47-35E2-4E40-971E-0FE61F2DA709} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)

Task: {0B94351A-E531-4A7A-B1BA-B32DFD08851C} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {271C5085-0274-40DD-881D-B09D9C0CB018} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {279FC9A4-6CD3-4FF8-A909-A308B8919484} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {3F06068B-3C52-4A1C-889B-9AD81BBA7566} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4BE969EB-360F-4B6B-A980-8D928335C021} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {5AE831C4-00B9-43A4-841A-DBA48F315968} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {5C2DA0B7-774F-44C8-BE24-8EE8600F8507} - System32\Tasks\Microsoft\Windows\RestartManager\{DBBD73F6-3FEB-42ab-816A-A2DF80FA82A4} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {650486CE-2C9E-4792-807B-3CD4E81CEBBE} - System32\Tasks\InstallShield Software online update program => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-02-16] (InstallShield Software Corporation)
Task: {73CD2477-EED3-4D30-8E97-BBE3AE18E93C} - System32\Tasks\Hewlett-Packard online update program => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {7571AA84-D6E8-42C1-94FC-4DB756D30BFE} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {7A4E9576-F843-447E-B463-B4E1E71705F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {7A6A5ED8-CEB0-4325-BF70-3A882DEB6564} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {7ADBBD3A-FF83-4EF1-831C-5E7968E30397} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.2.0.31\SymErr.exe
Task: {A884AC7A-DAF6-4F2D-B846-E613EF6CC7E0} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {B356B9B4-ED9C-49F7-9DF2-E1544366E820} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {BB78517F-D477-415C-B27F-CB3C980A7D64} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.2.0.31\SymErr.exe
Task: {C4986AF1-61FA-452A-ACB0-B120F27604B2} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {EC0ED7E3-5E6B-44F5-B658-2A07BF30094C} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-10-30] (Hewlett-Packard)
Task: {F801D86D-AB69-4DF8-9E40-D56EA651965D} - System32\Tasks\HP online update program => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-02-18] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ed and Sue\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2012-10-19 17:38 - 2001-10-28 15:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2016-02-11 08:41 - 2007-03-16 06:38 - 00117760 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxcypp5c.dll
2010-01-30 17:31 - 2005-06-28 13:59 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2016-10-17 06:42 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-10-17 06:42 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Ed and Sue\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [360]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43042613.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43042613.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-936523094-2541983458-908479171-1002\...\citi.com -> hxxps://creditcards.citi.com
IE trusted site: HKU\S-1-5-21-936523094-2541983458-908479171-1002\...\turbotax.com -> hxxps://turbotax.com
IE trusted site: HKU\S-1-5-21-936523094-2541983458-908479171-1002\...\turbotax.com -> hxxp://turbotax.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2016-06-14 17:38 - 00000855 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-936523094-2541983458-908479171-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AddFiltr => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CAAMSvc => 2
MSCONFIG\Services: CaCCProvSP => 3
MSCONFIG\Services: CAISafe => 2
MSCONFIG\Services: ccSchedulerSVC => 2
MSCONFIG\Services: DiskDoctorService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: hpqwmiex => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: lxcy_device => 2
MSCONFIG\Services: MemeoBackgroundService => 2
MSCONFIG\Services: NU16StartManagerSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RoxMediaDB9 => 3
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: SpeedDiskService => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UmxEngine => 2
MSCONFIG\Services: XAudioService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk => C:\Windows\pss\Compaq Connections.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM Startup => c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
MSCONFIG\startupreg: LXCYCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SSDMonitor => C:\Program Files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => 
MSCONFIG\startupreg: WAWifiMessage => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [EarthLink2] => (Allow) C:\Program Files\earthlink totalaccess\taskpanl.exe
FirewallRules: [EarthLink1] => (Allow) C:\Program Files\earthlink totalaccess\taskpanl.exe
FirewallRules: [Backweb2] => (Allow) C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
FirewallRules: [Backweb1] => (Allow) C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{0B553254-53A7-4B0D-A646-D323C8C6B90D}] => (Allow) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{F5F50A65-30E9-459D-A3C9-26541A94A8AD}] => (Allow) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [TCP Query User{62B71CC2-6AFF-4360-B6D2-5106D2E024C1}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{AA88741D-6C95-40CE-8ECA-A17CD3563289}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{F15CB21B-EAF8-43C4-BD0F-7DB6E93AF49D}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxcyjswx.exe
FirewallRules: [{BA78CC3F-9109-4092-B4A1-37AB14AFD285}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxcywavs.exe
FirewallRules: [{DEBBBBE4-5130-4300-8F06-D569206E3B84}] => (Allow) C:\Program Files\Granny In Paradise\granny_download.exe
FirewallRules: [{2E34CE9D-EAC2-4599-B471-F4F9AB21C4C3}] => (Allow) C:\Program Files\Granny In Paradise\granny_download.exe
FirewallRules: [{FEC60C2B-261D-4EE5-911F-1FE471060BA0}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{178901D8-62A2-41D6-AB90-8AD334E7CC50}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{3ED8988D-0FF7-4150-A911-BB4FB67F5A76}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxcyjswx.exe
FirewallRules: [{390CEEC6-357A-47C9-83FB-A9B0292DEE3C}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxcyserv.exe
FirewallRules: [{0BC11401-47E3-4199-A06B-B24A67927161}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxcyserv.exe
FirewallRules: [{A94221D0-B6AB-4C31-BA51-CB75DB0E1627}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxcyupld.exe
FirewallRules: [{05BC69FD-8903-4824-A240-ADF864EA6A80}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxcyupld.exe
FirewallRules: [{8B479893-D89F-46B4-A752-CDE60E40CD95}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxcywavs.exe
FirewallRules: [{298C8CBF-152D-4E3E-8CA3-28BEF8E00924}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{9622A358-AC12-4DF9-95F1-471805996B7C}C:\users\ed and sue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\ed and sue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{46390744-BFB6-4A62-B0ED-5D13ECD588D9}C:\users\ed and sue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\ed and sue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{9A91DAF4-D69A-4DD1-A93D-B910E448D0BE}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{0F9AB2EE-7E6E-4588-B8E7-584673405CF7}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{2D5C5C43-D237-4701-80F8-6E708C1CDE60}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

==================== Restore Points =========================

30-09-2016 09:23:14 Scheduled Checkpoint
30-09-2016 23:37:53 Scheduled Checkpoint
21-10-2016 14:36:05 Restore Point Created by FRST
30-10-2016 10:42:39 JRT Pre-Junkware Removal
01-11-2016 17:21:26 Installed Sophos Virus Removal Tool.
01-11-2016 19:09:52 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2016 12:42:33 PM) (Source: MsiInstaller) (EventID: 11606) (User: user-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (11/06/2016 12:42:29 PM) (Source: MsiInstaller) (EventID: 11606) (User: user-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (11/06/2016 12:41:36 PM) (Source: MsiInstaller) (EventID: 11606) (User: user-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (11/06/2016 12:41:34 PM) (Source: MsiInstaller) (EventID: 11606) (User: user-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (11/04/2016 04:03:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application N360.exe, version 13.1.2.9, time stamp 0x57d1daa2, faulting module NCOLUE.dll, version 2015.8.0.97, time stamp 0x57e53afa, exception code 0xc0000005, fault offset 0x00017081,
process id 0x230, application start time 0x01d2346657153fe7.

Error: (11/02/2016 06:58:33 PM) (Source: MsiInstaller) (EventID: 11500) (User: user-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (11/02/2016 06:58:32 PM) (Source: MsiInstaller) (EventID: 11500) (User: user-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (11/02/2016 06:58:30 PM) (Source: MsiInstaller) (EventID: 11500) (User: user-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (10/21/2016 03:01:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ED AND SUE\DOWNLOADS\FIXLOG.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/21/2016 03:01:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ED AND SUE\DOWNLOADS\FIXLOG.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (11/04/2016 09:51:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton 360 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/01/2016 12:35:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/01/2016 12:35:16 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412

Error: (11/01/2016 12:34:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Event-ID 10003

Error: (11/01/2016 12:34:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Event-ID 10003

Error: (11/01/2016 12:33:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Event-ID 10003

Error: (10/30/2016 07:48:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (10/30/2016 07:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/30/2016 07:47:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/30/2016 07:47:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-11-07 17:25:48.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 17:25:46.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 17:25:43.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 17:25:41.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 16:46:14.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 16:46:12.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 16:46:10.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 16:46:08.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 16:42:05.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20161102.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-07 16:42:03.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20161102.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Mobile AMD Sempron(tm) Processor 3500+
Percentage of memory in use: 69%
Total physical RAM: 1981.87 MB
Available physical RAM: 606.58 MB
Total Virtual: 4208.26 MB
Available Virtual: 2075.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:86.98 GB) (Free:35.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:6.17 GB) (Free:0.47 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93.2 GB) (Disk ID: B90883C0)
Partition 1: (Active) - (Size=87 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.