Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.kotver!gm2

Virus Spyware Malware

  • This topic is locked This topic is locked

#16
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

OK, ran adwCleaner again as instructed    :)  


  • 0

Advertisements


#17
iamarealgi[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

OK, ran adwCleaner again as instructed    :)  


  • 0

#18
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

OK, ran adwCleaner again as instructed    :)  


  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
You may have missed this, need to see 2 new logs from FARBER.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#20
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

i have norton off and i did miss the re-run of Farbar Recovery Scan Tool so i am going to restart norton, then run the Farbar.


  • 0

#21
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

OK Norton is happy, here are the txt files from Farbar

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by JHS-JJS (administrator) on JHS-JJS-DELL8MG (31-08-2016 15:31:37)
Running from C:\Users\JHS-JJS\Desktop\NEW PROGRAMS
Loaded Profiles: JHS-JJS (Available Profiles: JHS-JJS)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\1225226945\ee\aolsoftware.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\n360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\conathst.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6431232 2008-07-18] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Skytel] => Skytel.exe
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [73728 2007-06-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1225226945\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Run: [Google Update] => "C:\Users\JHS-JJS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1103472.exe [460216 2009-01-16] (Adobe Systems, Inc.)
HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2010-08-20]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{7B502934-EB48-4DA8-88AB-AD32601DC390}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Internet Explorer:
==================
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll => No File
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2016-06-20] (Microsoft Corporation)
DPF: HKLM-x32 {138E6DC9-722B-4F4B-B09D-95D191869696} hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {615F158E-D5CA-422F-A8E7-F6A5EED7063B} hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: HKLM-x32 {639658F3-B141-4D6B-B936-226F75A5EAC3} hxxp://chill.comcast.net/GameShell/online/en/DinerDash2/DinerDash2.1.0.0.68.cab
DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: HKLM-x32 {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} hxxp://webgames.d.tmsrv.com/c=090ebd64320856d8effccd9c89a96f87/aff=t_05en_wg/p/release/playtime/wg_mahjongescapeancientchina/mahjongescapeancientchina/GameFiles/SpinTopGamesLauncher.cab
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {AC2881FD-5760-46DB-83AE-20A5C6432A7E} hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: HKLM-x32 {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://aolsvc.aol.com/onlinegames/free-trial-mahjong-fortuna-2-deluxe/zylomplayer.cab
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} hxxp://webgames.d.tmsrv.com/c=090ebd64320856d8effccd9c89a96f87/aff=t_03cm_wg/p/release/playfirst/wg_mahjong_roadshow/mahjong_roadshow/MahjongRoadshowWeb.1.0.0.16.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\JHS-JJS\AppData\Roaming\Mozilla\Firefox\Profiles\w9t2iu8p.default-1450825045209
FF DefaultSearchEngine.US: Google
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-01-16] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2008-11-06] (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [2008-12-10] (DivX, Inc)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2009-06-05] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @movenetworks.com/Quantum Media Player -> C:\Users\JHS-JJS\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-02-20] (Move Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1231050607-2223395895-1768608861-1000: @movenetworks.com/Quantum Media Player -> C:\Users\JHS-JJS\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-02-20] (Move Networks)
FF Plugin HKU\S-1-5-21-1231050607-2223395895-1768608861-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\JHS-JJS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-02-22] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\JHS-JJS\AppData\Roaming\Mozilla\Firefox\Profiles\w9t2iu8p.default-1450825045209\searchplugins\norton-safe-search.xml [2016-08-31]
FF Extension: (Firefox Hotfix) - C:\Users\JHS-JJS\AppData\Roaming\Mozilla\Firefox\Profiles\w9t2iu8p.default-1450825045209\Extensions\[email protected] [2016-08-31]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-08-12]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\JHS-JJS\AppData\Roaming\Move Networks
FF Extension: (Move Media Player) - C:\Users\JHS-JJS\AppData\Roaming\Move Networks [2010-02-20] [not signed]

Chrome:
=======
CHR Profile: C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Norton Identity Protection) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-15]
CHR Extension: (Google Wallet) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\JHS-JJS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-27]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-27]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-18] (Andrea Electronics Corporation)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\N360.exe [289080 2016-08-16] (Symantec Corporation)
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607010.020\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-08-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160830.001\IDSvia64.sys [876760 2016-07-08] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-31] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2008-07-21] (Windows ® Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607010.020\SRTSP64.SYS [773360 2016-08-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607010.020\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607010.020\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1607010.020\SYMTDIV.SYS [468152 2016-06-01] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160703.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160703.001\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-31 14:23 - 2016-08-31 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-31 13:22 - 2016-08-31 14:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-31 13:22 - 2016-08-31 13:22 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-31 13:22 - 2016-08-31 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-31 13:21 - 2016-08-31 13:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-31 13:21 - 2016-08-31 13:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-31 13:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-31 13:21 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-31 13:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-31 12:18 - 2016-08-31 14:26 - 00000000 ____D C:\AdwCleaner
2016-08-31 10:18 - 2016-08-31 15:29 - 00000000 ____D C:\Users\JHS-JJS\Desktop\NEW PROGRAMS
2016-08-30 10:40 - 2016-08-31 15:31 - 00000000 ____D C:\FRST
2016-08-27 15:17 - 2016-08-27 15:17 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-08-27 15:12 - 2016-08-27 15:12 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-08-24 16:15 - 2008-02-06 20:57 - 00114688 _____ (Viewpoint Corporation) C:\Users\JHS-JJS\AppData\LocalLow\vmpremov.exe
2016-08-21 13:34 - 2016-08-05 13:56 - 00728356 _____ C:\Windows\ntbtlog.txt
2016-08-14 10:44 - 2008-01-20 22:50 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\cmd - Copy.exe
2016-08-12 13:26 - 2016-08-12 13:26 - 45702448 _____ C:\Users\JHS-JJS\Downloads\Firefox Setup 43.0.1 (6).exe
2016-08-09 12:37 - 2016-08-09 12:37 - 01204056 _____ (Symantec Corporation) C:\Users\JHS-JJS\Downloads\AutoDetectPkg.exe
2016-08-02 10:56 - 2016-06-10 10:45 - 02802176 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-02 10:47 - 2016-06-25 12:04 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-02 10:47 - 2016-06-25 12:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-02 10:47 - 2016-06-25 12:04 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-02 10:47 - 2016-06-25 12:03 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-02 10:47 - 2016-06-25 12:03 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-08-02 10:47 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2016-08-02 10:47 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-08-02 10:47 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-08-02 10:47 - 2016-06-25 11:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-08-02 10:47 - 2016-06-25 11:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-08-02 10:47 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-08-01 22:29 - 2016-06-20 14:24 - 18804736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-01 22:29 - 2016-06-20 14:21 - 02351616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-01 22:29 - 2016-06-20 14:16 - 10940416 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-01 22:29 - 2016-06-20 14:15 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-01 22:29 - 2016-06-20 14:15 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-01 22:29 - 2016-06-20 14:14 - 02159104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-01 22:29 - 2016-06-20 14:14 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-01 22:29 - 2016-06-20 14:14 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-01 22:29 - 2016-06-20 14:13 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-01 22:29 - 2016-06-20 14:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-01 22:29 - 2016-06-20 14:13 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-08-01 22:29 - 2016-06-20 14:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-08-01 22:29 - 2016-06-20 14:13 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-08-01 22:29 - 2016-06-20 13:50 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-01 22:29 - 2016-06-20 13:48 - 12842496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-01 22:29 - 2016-06-20 13:46 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-01 22:29 - 2016-06-20 13:45 - 09755136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-01 22:29 - 2016-06-20 13:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-01 22:29 - 2016-06-20 13:44 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-01 22:29 - 2016-06-20 13:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-08-01 22:29 - 2016-06-20 13:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-01 22:29 - 2016-06-20 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-01 22:29 - 2016-06-20 13:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-08-01 22:29 - 2016-06-20 13:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-08-01 22:29 - 2016-06-20 13:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-31 15:28 - 2010-04-18 02:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-31 14:33 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\inf
2016-08-31 14:33 - 2006-11-02 08:46 - 00832852 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 14:32 - 2016-07-05 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-31 14:27 - 2010-04-18 02:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-31 14:27 - 2008-09-22 10:10 - 00000288 _____ C:\Windows\Tasks\RtlNICDiagVistaStart.job
2016-08-31 14:27 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 14:27 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 14:27 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 14:26 - 2006-11-02 11:42 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-31 14:12 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\ModemLogs
2016-08-31 14:11 - 2016-07-02 10:39 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\b263cb
2016-08-31 12:22 - 2006-11-02 09:33 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-08-30 16:45 - 2016-07-03 14:50 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-08-30 16:20 - 2008-10-28 14:35 - 00000000 ____D C:\Users\JHS-JJS
2016-08-30 13:50 - 2008-10-28 14:36 - 00102768 _____ C:\Users\JHS-JJS\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-30 13:49 - 2006-11-02 11:21 - 00375264 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-27 16:43 - 2008-10-28 14:36 - 00000000 ___RD C:\Users\JHS-JJS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup(233)
2016-08-27 15:27 - 2013-01-15 21:57 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\NPE
2016-08-27 15:12 - 2016-07-03 14:34 - 00002060 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-08-27 15:12 - 2015-08-05 09:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-08-27 15:12 - 2015-03-04 11:37 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2016-08-27 11:50 - 2016-06-16 15:22 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\MigWiz
2016-08-27 10:08 - 2009-10-08 18:40 - 00000000 ____D C:\Program Files\Google
2016-08-27 10:08 - 2008-11-22 16:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-26 15:29 - 2008-11-22 16:57 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\Google
2016-08-26 14:28 - 2011-02-19 10:11 - 00000000 ____D C:\Users\JHS-JJS\AppData\Roaming\Mozilla
2016-08-26 14:28 - 2008-11-22 16:22 - 00000000 ____D C:\ProgramData\Google
2016-08-26 14:26 - 2008-11-22 16:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-26 14:26 - 2008-09-22 10:16 - 00000000 ____D C:\ProgramData\Adobe
2016-08-26 13:56 - 2009-04-30 10:38 - 00000000 ____D C:\Users\JHS-JJS\.gimp-2.6
2016-08-21 13:50 - 2008-10-29 16:44 - 00000680 _____ C:\Users\JHS-JJS\AppData\Local\d3d9caps.dat
2016-08-21 13:35 - 2016-07-30 10:36 - 00000000 ____D C:\NPE
2016-08-19 16:15 - 2009-06-01 13:12 - 00000000 ____D C:\Users\JHS-JJS\Desktop\DUCKIES
2016-08-14 11:50 - 2011-06-04 22:00 - 00000000 ____D C:\Users\JHS-JJS\AppData\Local\CrashDumps
2016-08-12 16:50 - 2006-11-02 08:33 - 88866816 _____ C:\Windows\system32\config\software_previous
2016-08-12 16:49 - 2015-03-04 11:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-08-12 16:49 - 2008-09-22 10:14 - 00000000 ____D C:\Program Files (x86)\Digital Line Detect
2016-08-12 16:49 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2016-08-12 16:49 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2016-08-12 16:49 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
2016-08-12 16:49 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2016-08-12 16:49 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2016-08-12 16:49 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-12 16:43 - 2006-11-02 08:33 - 23855104 _____ C:\Windows\system32\config\system_previous
2016-08-12 16:33 - 2006-11-02 08:33 - 82051072 _____ C:\Windows\system32\config\components_previous
2016-08-12 16:33 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-08-12 13:27 - 2016-07-05 11:48 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-12 12:31 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-08-12 12:31 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2016-08-12 12:28 - 2012-07-25 10:45 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-08-12 12:28 - 2009-01-29 00:41 - 00000000 ____D C:\Program Files (x86)\MySpace
2016-08-12 12:28 - 2008-09-22 10:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-11 16:52 - 2016-06-28 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox(69)
2016-08-09 12:39 - 2010-03-20 15:01 - 00000000 ____D C:\ProgramData\Norton
2016-08-07 12:29 - 2010-12-29 11:54 - 00000000 ____D C:\Users\JHS-JJS\Desktop\New Folder
2016-08-05 16:04 - 2016-07-05 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service(70)
2016-08-02 10:56 - 2013-08-14 19:47 - 00000000 ____D C:\Windows\system32\MRT
2016-08-02 10:47 - 2006-11-02 08:35 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2009-11-10 11:23 - 2009-11-10 11:23 - 0024226 _____ () C:\Users\JHS-JJS\AppData\Roaming\UserTile.png
2008-10-28 20:33 - 2016-07-16 10:23 - 0002276 _____ () C:\Users\JHS-JJS\AppData\Roaming\wklnhst.dat
2008-10-29 16:44 - 2016-08-21 13:50 - 0000680 _____ () C:\Users\JHS-JJS\AppData\Local\d3d9caps.dat
2008-10-31 09:35 - 2015-04-30 12:14 - 0015360 _____ () C:\Users\JHS-JJS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-30 15:51 - 2013-01-30 15:51 - 0301806 _____ () C:\Users\JHS-JJS\AppData\Local\dd_ReportViewerMSI7E90.txt
2013-01-30 15:51 - 2013-01-30 15:51 - 0010978 _____ () C:\Users\JHS-JJS\AppData\Local\dd_ReportViewerUI7E90.txt
2014-04-26 17:10 - 2014-04-26 17:11 - 0442244 _____ () C:\Users\JHS-JJS\AppData\Local\dd_vcredistMSI6163.txt
2014-04-26 17:10 - 2014-04-26 17:11 - 0012204 _____ () C:\Users\JHS-JJS\AppData\Local\dd_vcredistUI6163.txt
2008-11-09 18:00 - 2009-10-14 15:53 - 0008248 _____ () C:\Users\JHS-JJS\AppData\Local\en.ini
2011-05-18 19:16 - 2011-06-03 07:28 - 0001940 _____ () C:\Users\JHS-JJS\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2016-05-11 14:26 - 2016-05-11 14:26 - 0004908 _____ () C:\ProgramData\lbogtyso.zat

Some files in TEMP:
====================
C:\Users\JHS-JJS\AppData\Local\Temp\libeay32.dll
C:\Users\JHS-JJS\AppData\Local\Temp\msvcr120.dll
C:\Users\JHS-JJS\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-31 14:35

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by JHS-JJS (31-08-2016 15:32:04)
Running from C:\Users\JHS-JJS\Desktop\NEW PROGRAMS
Windows Vista ™ Home Premium Service Pack 2 (X64) (2008-09-22 09:59:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1231050607-2223395895-1768608861-500 - Administrator - Disabled)
Guest (S-1-5-21-1231050607-2223395895-1768608861-501 - Limited - Enabled)
JHS-JJS (S-1-5-21-1231050607-2223395895-1768608861-1000 - Administrator - Enabled) => C:\Users\JHS-JJS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AOL Instant Messenger (HKLM-x32\...\AOL Instant Messenger) (Version:  - )
AOL Mail and AIM Gadget (HKLM-x32\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 1.1 (HKLM-x32\...\MP Navigator EX 1.1) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version:  - )
Canon MX850 series User Registration (HKLM-x32\...\Canon MX850 series User Registration) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
Comcast Access (HKLM-x32\...\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1) (Version: ComcastAccess-1.59 - Comcast Cable Communications Management LLC)
Comcast Access (x32 Version: 1.59 - Comcast Cable Communications Management LLC) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6534) - SightSpeed Inc.)
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Female Voice Pack (HKLM-x32\...\{71F8C486-8A13-468E-8B73-06051075556A}) (Version: 3.3.1 - Screaming Bee)
Garmin City Navigator North America NT 2010.20 (HKLM-x32\...\{C2E8B236-7554-45FE-92C0-94EF76E4D182}) (Version: 13.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Meter Drivers for OneTouch® Software (x32 Version: 1.7.0 - LifeScan) Hidden
Meter Drivers for OneTouch® Software v1.7.0 (HKLM-x32\...\InstallShield_{B18C4F32-5CDD-4357-8523-85659CFCF2A0}) (Version: 1.7.0 - LifeScan)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
Modem Diagnostic Tool (HKLM\...\{1C89932F-1D9D-4776-AD7A-9156FF792539}) (Version: 1.0.17.8 - Dell)
MorphVOX Pro (HKLM-x32\...\{D1E01FCE-5C90-402B-BB4E-B73EC6F85328}) (Version: 4.3.8 - Screaming Bee)
Move Media Player (HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM-x32\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Msxml4 for LDCF (HKLM-x32\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - )
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.1.32 - Symantec Corporation)
ODF Add-in for Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
OneTouch Software (HKLM-x32\...\{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Personality Voices (HKLM-x32\...\{29C042AB-059B-414C-840E-94775E3F24A8}) (Version: 1.0.0 - Screaming Bee)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Presto! PageManager 7.15.20 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.20 - NewSoft Technology Corporation)
Prodigy Diabetes Management Software Version 2.4 win7 (HKLM-x32\...\{A9FA2103-D1C8-4D80-A2AE-BE5B5388CE43}) (Version: 2.4 - Prodigy Diabetes Care LLC)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM-x32\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
RTC Client API v1.2 (HKLM-x32\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{FE893E2C-11B4-47CB-88F6-6647D90C6A13}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Symantec Technical Support Web Controls (HKLM-x32\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB Video Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (HKLM\...\1B8C0FE57993F0D33DD0A689D44B5B3D8954B0F7) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Xilisoft PowerPoint to Video Converter Free (HKLM-x32\...\Xilisoft PowerPoint to Video Converter Free) (Version: 1.1.1.20120601 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1231050607-2223395895-1768608861-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\JHS-JJS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {199C1A68-D14F-42C8-92ED-08231530F0D0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {1BB1662A-F883-4999-B10B-34B680B2032B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {2D65E116-BC2D-40F7-8DEC-F995E0A2F480} - System32\Tasks\{AEB3560F-FEA4-4B1B-A229-C629B89FB2EF} => pcalua.exe -a C:\Users\JHS-JJS\Desktop\epson12578.exe -d C:\epson\epson11889_easyprint_310a
Task: {54D1D4F4-5D3C-4CAB-BC82-EF018B19B497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A11ED75-4E12-4A9A-B419-BB346B8351CF} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {9920D46F-AD36-4ECC-91D9-C938F405886E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {B1A8D429-0D8C-4CD8-A6CD-A3E83B1EE0CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C0044E95-1977-45B0-9B7B-69DCF08A7E50} - System32\Tasks\{6D7B84B1-EB05-439D-B85E-D3E8034E6F8A} => pcalua.exe -a "C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYOC2QJR\epson12578[1].exe" -d C:\epson\epson11889_easyprint_310a
Task: {C3D8CD03-979C-4EF9-81EE-5E3421856239} - System32\Tasks\{7FA9A828-22F3-460F-A1B2-95415F2B2CED} => pcalua.exe -a "C:\Users\JHS-JJS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3Z64ST2\uninstall_flash_player[1].exe" -d C:\Users\JHS-JJS\Desktop
Task: {DAFB9A93-E033-4139-9F96-32DDA0777E80} - System32\Tasks\PDVDDXSrv.exe_1027380385 => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23] (CyberLink Corp.)
Task: {E35F71AF-20F9-42F8-8344-5ABC853C19C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E9D084FD-53F3-4C0F-9521-918E42973369} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files (x86)\Realtek\RTNICDiag\RTNICDiag.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\JHS-JJS\AppData\Local\b263cb\84e7ae.lnk -> C:\Users\JHS-JJS\AppData\Local\b263cb\d9bd8b.bat (No File)
Shortcut: C:\Users\JHS-JJS\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2012-11-29 18:40 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-09-28 21:13 - 2011-04-20 01:21 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2008-11-06 17:05 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2010-08-20 10:16 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2008-11-06 17:05 - 2006-10-30 17:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2010-08-20 10:16 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2016-08-30 16:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1231050607-2223395895-1768608861-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\JHS-JJS\Pictures\814Bafter.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gusvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{8231B56C-8AA5-4DB1-B7BA-6EFB9852FD11}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{0FA34347-DBB4-496F-B057-0C7BF90A1765}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{8502FBEE-4902-4E12-A440-C2763044592F}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{5E33A72A-0EB8-460A-9E79-5D33349705F9}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{BD42D8D3-0C82-488B-9C36-3D9EB63A2D47}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{5FEE2D57-74DF-4148-A2E5-72A86B75C649}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{2043639E-B5B7-45C2-A99F-099EE9BF8A7F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{9E797555-45B8-4FB8-923F-E68BDEB2EBEE}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{F81AE30B-FB0E-41A3-B68E-80D46134D9B0}] => (Allow) C:\Program Files (x86)\Common Files\aol\1225226945\ee\aolsoftware.exe
FirewallRules: [{BD52F696-9697-404A-8F39-0A96E032C374}] => (Allow) C:\Program Files (x86)\Common Files\aol\1225226945\ee\aolsoftware.exe
FirewallRules: [{31B9103E-D02A-4E8F-8758-18B5A8675784}] => (Allow) C:\Program Files (x86)\AOL 9.1\waol.exe
FirewallRules: [{CABA289E-319E-4F0E-B8D0-517C3694EABF}] => (Allow) C:\Program Files (x86)\AOL 9.1\waol.exe
FirewallRules: [{5A50C113-6BC3-4BBD-9713-BB86E933EA01}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{69B57AF6-89DC-4292-9C52-856E7D9A21A2}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{305C62F5-F89F-46CD-8566-6EA807C3D1E9}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{25949A3A-27A2-4F0B-9174-7A272D664888}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{E329B7FB-0624-48DE-B80D-27D93D7D4BE6}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{E5481570-F9C4-4B9D-AED4-AB14486A3703}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{6D20654B-BB68-43B8-8DAC-071AE2AB3A4C}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{C076B208-40DF-4BDB-A384-26C99A4788D8}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [TCP Query User{E8828832-CD94-4F98-BCEC-6718AE6A0E7A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8785FD17-DAB9-47FE-BD6E-CD658B66EB99}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{D3D2A2A0-55F8-43FF-8525-F6A8EF46872B}C:\program files (x86)\myspace\im\myspaceim.exe] => (Block) C:\program files (x86)\myspace\im\myspaceim.exe
FirewallRules: [UDP Query User{92A5C238-8C8A-41A7-ACB0-64A067D672F8}C:\program files (x86)\myspace\im\myspaceim.exe] => (Block) C:\program files (x86)\myspace\im\myspaceim.exe
FirewallRules: [TCP Query User{38458AFF-5900-4E44-B5B8-58A76EFD6139}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{27263D7D-4D5A-4EAA-91C3-E0C31BB1FA12}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{54865894-FDCF-4FC8-9619-CA11ADF8679B}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{07C7D077-B64F-4DE2-92A2-BE87F38F4C3F}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [TCP Query User{E4E134F3-AF98-4F8E-B5A5-F27EF069539E}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{F7AE3640-965E-4376-B4E0-ED2511C447F1}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [{41FBA0F1-4CC4-49DB-9AF3-3C43BF6940EB}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{42066CB8-2269-4EDD-B1EB-12668EFC0C0E}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [TCP Query User{0FFD9AE2-49DC-4A3B-9222-151CAD34D34A}C:\program files (x86)\dell video chat\dellvideochat.exe] => (Allow) C:\program files (x86)\dell video chat\dellvideochat.exe
FirewallRules: [UDP Query User{1F2F193F-E345-4494-803A-6D98C83DE9B8}C:\program files (x86)\dell video chat\dellvideochat.exe] => (Allow) C:\program files (x86)\dell video chat\dellvideochat.exe
FirewallRules: [{51486B28-6663-4252-A824-CEBA1D54F916}] => (Allow) C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe
FirewallRules: [{8F8D8C50-4423-4B7B-AAF6-36A5E2A23C55}] => (Allow) C:\Program Files (x86)\AOL 9.5a\waol.exe
FirewallRules: [{57F0A163-F1BC-499C-A843-A80D701B8956}] => (Allow) C:\Program Files (x86)\AOL 9.5a\waol.exe
FirewallRules: [{D2E27BDC-EB2B-462F-BDB0-D8D940D92F09}] => (Allow) C:\Program Files (x86)\AIM7\aim.exe
FirewallRules: [{DC2C19E6-C0E5-4605-A7CD-68F6A98D6F13}] => (Allow) C:\Program Files (x86)\AIM7\aim.exe
FirewallRules: [{A7563E34-3FAD-4A40-9233-143877E59A33}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{F6C2AF67-C32A-4412-98C6-83E748B9EB7C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{01628688-915B-4B26-ADD9-DAB44E409517}] => (Allow) svchost.exe
FirewallRules: [{8DDE1490-36E5-4D34-8C0B-686F984DD6BD}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F253449D-EAF6-4DAF-8B3E-0C0FC02362D1}] => (Allow) LPort=80
FirewallRules: [{AB026861-E3ED-4AB8-9D00-8F40706056DD}] => (Allow) LPort=80
FirewallRules: [{CB4FD7E5-1D14-476D-A886-8F7DA34C4F39}] => (Allow) LPort=80
FirewallRules: [{18ED92B9-E6F6-478F-A7CF-DAA226DB5B09}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3AA6A666-40D9-4098-836C-3678C6DAB417}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{EE19CFD7-A08B-464D-87FA-27EF98343EFB}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9E12FEAE-E4CC-4C77-98DD-AEF13095AD25}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{2D18DE15-A408-4618-AF38-BAE2E0D58168}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{9A35707B-BFEF-4299-923F-89C64CEED5C7}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{A56400D8-4781-4A3F-9043-4FDAA68FCE40}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{F62F2D50-D7FE-4EF9-8E4E-A94233CC0BCB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{A17346CF-282E-4E1F-B12E-D158BEFAE4FD}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{6FA630E9-1B30-41C7-B8A3-339A6485716A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{65F483B8-6ED7-4871-9A84-E5CA8663F08E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{644AF81B-C200-4345-9B96-EDF1643EDC83}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{F542CAD3-D553-4F23-8E75-511C00DC7433}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{1BC7405E-E50B-49D5-B480-78B0E5565002}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{81C826AA-F783-4BB3-9F5C-D59DF9B799CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C2ACD4F-9335-403F-B726-094678DDD218}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

30-08-2016 16:19:47 Restore Point Created by FRST
31-08-2016 10:36:33 Windows Defender Checkpoint
31-08-2016 12:59:07 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: isatap.hsd1.de.comcast.net.
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2016 02:29:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2016 02:28:59 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Windows Defender Real-Time Protection checkpoint has encountered an error and failed to start.

    User: JHS-JJS-Dell8mg\JHS-JJS

    Checkpoint ID: 24

    Error Code: 0x80070005

    Error description: Access is denied.

Error: (08/31/2016 02:15:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/31/2016 02:14:31 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Windows Defender Real-Time Protection checkpoint has encountered an error and failed to start.

    User: JHS-JJS-Dell8mg\JHS-JJS

    Checkpoint ID: 24

    Error Code: 0x80070005

    Error description: Access is denied.

Error: (08/31/2016 02:14:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2016 12:26:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2016 12:25:35 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Windows Defender Real-Time Protection checkpoint has encountered an error and failed to start.

    User: JHS-JJS-Dell8mg\JHS-JJS

    Checkpoint ID: 24

    Error Code: 0x80070005

    Error description: Access is denied.

Error: (08/31/2016 12:22:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\ADWCLEANER\QUARANTINE\QUARANTINE.DB-JOURNAL> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/31/2016 12:22:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\ADWCLEANER\QUARANTINE\QUARANTINE.DB-JOURNAL> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/31/2016 12:22:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\ADWCLEANER\QUARANTINE\QUARANTINE.DB-JOURNAL> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (08/31/2016 02:27:38 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Canon MX850 series Printer with shared resource name Canon MX850 series Printer. Error 2114. The printer cannot be used by others on the network.

Error: (08/31/2016 02:27:38 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Canon MX870 series Printer with shared resource name Canon MX870 series Printer. Error 2114. The printer cannot be used by others on the network.

Error: (08/31/2016 02:27:38 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer PageManager PDF Writer with shared resource name PageManager PDF Writer. Error 2114. The printer cannot be used by others on the network.

Error: (08/31/2016 02:26:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/31/2016 02:26:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/31/2016 02:26:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/31/2016 02:26:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/31/2016 02:26:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/31/2016 02:26:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/31/2016 02:26:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-08-31 15:32:00.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:32:00.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:31:59.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:31:58.706
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:30:42.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:30:41.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:30:41.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 15:30:40.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 14:28:56.551
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 14:14:25.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 42%
Total physical RAM: 8190.26 MB
Available physical RAM: 4693.19 MB
Total Virtual: 16561.56 MB
Available Virtual: 12843.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1177.27 GB) (Free:1077.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1192.3 GB) (Disk ID: B0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=1177.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Almost done,

Download the enclosed => Attached File  fixlist.txt   695bytes   39 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.


Next
Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

  • 0

#23
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

OK here is the (Fixlog.txt)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by JHS-JJS (31-08-2016 17:12:24) Run:2
Running from C:\Users\JHS-JJS\Desktop\NEW PROGRAMS
Loaded Profiles: JHS-JJS (Available Profiles: JHS-JJS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll => No File
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll => No File
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
C:\Users\JHS-JJS\AppData\Local\Temp\libeay32.dll
C:\Users\JHS-JJS\AppData\Local\Temp\msvcr120.dll
C:\Users\JHS-JJS\AppData\Local\Temp\sqlite3.dll
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}" => key removed successfully
"HKCR\CLSID\{3ef64538-8b54-4573-b48f-4d34b0238ab2}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3ef64538-8b54-4573-b48f-4d34b0238ab2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value removed successfully
"HKCR\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value removed successfully
"HKCR\Wow6432Node\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}" => key removed successfully
C:\Users\JHS-JJS\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\JHS-JJS\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\JHS-JJS\AppData\Local\Temp\sqlite3.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7368951 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 103432 B
Edge => 0 B
Chrome => 0 B
Firefox => 13860096 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 65960 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
JHS-JJS => 2650399 B

RecycleBin => 0 B
EmptyTemp: => 30.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:13:13 ====


  • 0

#24
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:23:18 PM, on 8/31/2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16800)

FIREFOX: 47.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\N360.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Common Files\aol\1225226945\ee\aolsoftware.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\coNatHst.exe
C:\Users\JHS-JJS\Desktop\NEW PROGRAMS\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\coIEPlg.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1225226945\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\JHS-JJS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.5; AOLBuild 4337.185; Windows NT 6.0; WOW64; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.rixmag.com/celebrities.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~2\AIM\aim.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...ader.5.8.05.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell...r/SysProExe.CAB
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://chill.comcast...h2.1.0.0.68.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinn....0/iewwload.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://webgames.d.tm...mesLauncher.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace....ceUploader2.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinn...ly/monopoly.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast...ronGameHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} (CPlayFirstMahjongRoaControl Object) - http://webgames.d.tm...eb.1.0.0.16.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 12028 bytes
 


  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
This is an optional step i sugest you do it.
To many unnecessary programs running at start up !


Open Hijackthis
Do a system Scan only this time.
Place a check mark in the following Entries:

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1225226945\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\JHS-JJS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')


Click fix checked
Close Hijackthis
Reboot

Let me know when that is done and how the computer is?
  • 0

Advertisements


#26
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

OK, Computer seems fine. Norton is happy, everything seems to work as before. Would you recommend i keep all the downloaded programs ?


  • 0

#27
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
No. Do not keep those tools / programs.

For your information.
Microsoft will ship the last security updates for the aged OS Windows Vista on April 17, 2017, then it becomes an unsupported operating system.

We need to remove the tools we used and then close the topic.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
ps something for you...
“I believed that I knew exactly what the students needed, if only they would listen. Now I know that a classroom has to be vibrant for students to invest their time and effort. We cannot force children to learn. They have to discover things and be teachers too.” -Pernille Ripp
http://plpnetwork.co...onate-learners/
  • 0

#28
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Log file from DelFix. Looks the tools got deleted except for malwarebytes, do you recommend using it in the future? 

# DelFix v1.013 - Logfile created 01/09/2016 at 15:31:51
# Updated 17/04/2016 by Xplode
# Username : JHS-JJS - JHS-JJS-DELL8MG
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#29
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Yes. Keep Malwarebytes and always run it when you suspect something is just not right. Malwarebytes can remove a great deal of infections.
  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


Thanks
Joe :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: Virus Spyware, Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP