Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't post getting error 403


  • This topic is locked This topic is locked

#1
Becky616

Becky616

    Member

  • Member
  • PipPip
  • 27 posts

Hi

I ran frst but everytime I try to post results this happens.

403 Forbidden

A potentially unsafe operation has been detected in your request to this site.

 

I know this is not much of a computer but it's all I can afford. A friend told me about your site so thought I would see if you can help me. Computer was running fine until my facebook got hacked. Everytime I turn on computer it now says I have a virus doesn't say what kind just that I have one. Now when I start computer my antivirus microsoft essentials is off have to physically turn it on. And when I open IE and other programs it is saying their not responding all I get is a spinning circle then finally they will respond but computer is very slow now. Not sure what happened. Please help if you can. Thanks Becky


Edited by Becky616, 05 September 2016 - 02:59 AM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Try and attach the 2 log files to your next reply


How to attach a file:
  • Below the Reply to this topic box, click on More Reply Options button.
  • Scroll down and click on Browse button.
  • Navigate to where the file is that you want to attach
  • Click on the file then click the Open button.
  • Click the Attach This File button.
  • Click Add Reply button once you have completed your post and are ready to submit.

  • 0

#3
Becky616

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Attached File  FRST.txt   12.79KB   240 downloads

Attached File  Addition.txt   23.4KB   165 downloads


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Hello,

I'm posting logs directly in. I'll review and get back to you.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016
Ran by Becky (administrator) on BECKY-PC (05-09-2016 02:55:06)
Running from C:\Users\Becky\Desktop
Loaded Profiles: Becky (Available Profiles: Becky)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(© 2015 Microsoft Corporation) C:\Users\Becky\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2011-03-01] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-424182356-2710099381-261839163-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-424182356-2710099381-261839163-1000\...\Run: [BingSvc] => C:\Users\Becky\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-424182356-2710099381-261839163-1000\...\MountPoints2: G - G:\setupSNK.exe
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MP210 series Printer.lnk [2016-09-05]
ShortcutTarget: Canon IJ Status Monitor Canon MP210 series Printer.lnk -> C:\Users\Becky\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP210 series Printer;cnmss Canon MP210 series Printer (Local).dll;Canon IJ Status Monitor Canon MP210 series Printer.lnk (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7136AB81-1A15-453F-8248-04ED9C133DDF}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{943259FD-175C-4E56-8A91-9D25CFD1DA06}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKU\S-1-5-21-424182356-2710099381-261839163-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U358&ocid=U358DHP&osmkt=en-us
HKU\S-1-5-21-424182356-2710099381-261839163-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-424182356-2710099381-261839163-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKU\S-1-5-21-424182356-2710099381-261839163-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF ProfilePath: C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\3fswtyn9.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll [2012-06-01] (CouponAlert)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-03] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bing) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2016-01-30]
CHR Extension: (Adblock Plus) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-03]
CHR HKU\S-1-5-21-424182356-2710099381-261839163-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-424182356-2710099381-261839163-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [229376 2010-05-17] (Puran Software) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R1 MpKsl9c7c7115; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{713800D2-6325-4378-90D2-394C47CFE906}\MpKsl9c7c7115.sys [39168 2016-09-05] (Microsoft Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation )
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-08-15] (Apple, Inc.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 02:55 - 2016-09-05 02:55 - 00009998 _____ C:\Users\Becky\Desktop\FRST.txt
2016-09-05 02:53 - 2016-09-05 02:55 - 00000000 ____D C:\FRST
2016-09-05 02:49 - 2016-09-05 02:49 - 01747968 _____ (Farbar) C:\Users\Becky\Desktop\FRST.exe
2016-09-05 02:01 - 2016-09-05 02:03 - 00000000 ____D C:\Windows\LastGood

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 02:31 - 2006-11-02 08:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-05 02:31 - 2006-11-02 08:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-05 02:20 - 2011-03-01 14:31 - 00000000 ____D C:\Users\Becky\AppData\Local\VirtualStore
2016-09-05 02:06 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-09-05 02:04 - 2013-08-18 07:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-05 01:59 - 2011-03-30 15:16 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 01:58 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-08 17:50 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2014-06-24 21:25 - 2014-06-24 21:25 - 6010880 _____ () C:\Program Files\GUT6B5B.tmp
2011-03-01 14:31 - 2012-01-29 11:19 - 0001356 _____ () C:\Users\Becky\AppData\Local\d3d9caps.dat
2011-03-01 22:46 - 2011-03-07 13:56 - 0005632 _____ () C:\Users\Becky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-25 22:04 - 2016-02-25 22:04 - 0000000 _____ () C:\Users\Becky\AppData\Local\{E0CBAB02-7CE0-48AB-BD3B-A9261765951F}

Files to move or delete:
====================
C:\Users\Becky\cnmss Canon MP210 series Printer (Local).dll


Some files in TEMP:
====================
C:\Users\Becky\AppData\Local\Temp\BingSvc.exe
C:\Users\Becky\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Becky\AppData\Local\Temp\BSvcUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 02:05

==================== End of FRST.txt ============================
  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Becky (05-09-2016 02:56:04)
Running from C:\Users\Becky\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2011-03-01 20:52:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-424182356-2710099381-261839163-500 - Administrator - Disabled)
Becky (S-1-5-21-424182356-2710099381-261839163-1000 - Administrator - Enabled) => C:\Users\Becky
Guest (S-1-5-21-424182356-2710099381-261839163-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - )
Canon MP210 series User Registration (HKLM\...\Canon MP210 series User Registration) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
PIXMA Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Puran Defrag Free Edition 7.1 (HKLM\...\Puran Defrag Free Edition_is1) (Version: - Puran Software)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0102EA9D-AC1F-4938-8F16-AD546EEBAF4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-17] (Adobe Systems Incorporated)
Task: {4071B176-79D6-4B4B-903C-8ED938C46B64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4C26B4EB-EDE5-4264-B4C2-BFF270579E7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {C274B91D-F01F-4B8F-A660-747B9A55C0F2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {D90F6467-08D5-4EB8-95B1-18B5CA42946C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {E36FE86B-DACA-41C9-8DF4-A3BE091FC5A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-424182356-2710099381-261839163-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img36.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Becky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MP210 series Printer.lnk => C:\Windows\pss\Canon IJ Status Monitor Canon MP210 series Printer.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{FAE7FF0B-9CC6-4122-9B44-E7B6E16AEB4F}] => (Allow) LPort=80
FirewallRules: [{2D81496A-457B-4111-B7F3-FA95C4D3431A}] => (Allow) LPort=80
FirewallRules: [{F2816D46-F7EE-40F3-BDFC-16DD47A0DE1B}] => (Allow) LPort=80
FirewallRules: [TCP Query User{CB5656A2-7539-4D2C-90BE-02D41894939E}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{D534596A-7B28-467C-85A2-3B449935EA0B}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{D1D41890-B1C9-4872-9177-CF4EB5AB3AF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8FDE14B-A7D7-453B-B0D3-D9E110A6FF00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99F1A5B4-F5E0-4F0F-9B48-6F83AF20D40B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{561429B8-3369-4E2C-A5B2-40B254F3616A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{D1F3F0D8-147C-4AF0-8068-BE806D237E28}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0B67F13A-A8A7-4136-8C71-327171231899}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{89870C53-8C90-4816-A2E2-F8A08D4E0F16}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

05-06-2016 09:01:48 Windows Update
06-07-2016 20:31:47 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
12-07-2016 08:56:53 Windows Update
14-07-2016 18:40:53 Windows Update
17-07-2016 20:52:36 Windows Update
23-07-2016 11:24:01 Windows Update
06-08-2016 17:42:41 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #7
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2016 12:32:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 96463016

Error: (08/30/2016 12:32:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 96463016

Error: (08/30/2016 12:32:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/28/2016 09:44:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2278

Error: (08/28/2016 09:44:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2278

Error: (08/28/2016 09:44:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/28/2016 09:44:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1279

Error: (08/28/2016 09:44:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1279

Error: (08/28/2016 09:44:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/26/2016 06:36:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4743


System errors:
=============
Error: (09/05/2016 01:59:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error: (09/05/2016 01:59:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/05/2016 01:59:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 116.22.0.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft....5D-99752CCA7094

Signature Type: Network Inspection System

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 2.1.12706.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (09/05/2016 01:59:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.225.4098.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft....5D-99752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.12902.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (09/05/2016 01:59:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.225.4098.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft....5D-99752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.12902.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (09/05/2016 01:59:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.225.4098.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.12902.0

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/05/2016 01:58:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:32:30 AM on 8/30/2016 was unexpected.

Error: (08/17/2016 04:21:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (08/08/2016 05:35:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: User

Update Stage: Install

Source Path:

Signature Type:

Update Type:

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version:

Error code: 0x80070652

Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (08/08/2016 05:35:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.225.2242.0

Update Source: Microsoft Malware Protection Center

Update Stage: Install

Source Path: http://go.microsoft....5D-99752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.12902.0

Error code: 0x80070652

Error description: Another installation is already in progress. Complete that installation before proceeding with this install.


CodeIntegrity:
===================================
Date: 2015-11-03 20:19:27.145
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:35.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:34.042
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:32.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:32.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:06.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:05.758
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:04.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:04.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-19 18:57:03.124
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz
Percentage of memory in use: 51%
Total physical RAM: 2037.69 MB
Available physical RAM: 985.58 MB
Total Virtual: 4318.65 MB
Available Virtual: 2812.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:101.41 GB) (Free:11.34 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.38 GB) (Free:9.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 993352ED)
Partition 1: (Not Active) - (Size=10.4 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=101.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-424182356-2710099381-261839163-1000\...\MountPoints2: G - G:\setupSNK.exe
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\S-1-5-21-424182356-2710099381-261839163-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-424182356-2710099381-261839163-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
C:\Users\Becky\cnmss Canon MP210 series Printer (Local).dll
C:\Users\Becky\AppData\Local\Temp\BingSvc.exe
C:\Users\Becky\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Becky\AppData\Local\Temp\BSvcUpdater.exe
Task: {C274B91D-F01F-4B8F-A660-747B9A55C0F2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Program Files\AVAST Software\
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post or attach it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#7
Becky616

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi. Also forgot to say my windows update icon in taskbar has windows can't check for updates. Went to updates and the last update was in July. Ok just wanted to let you know that. Don't know if that has anything to do with this but thought better mention it. Thanks Becky


  • 0

#8
Becky616

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi. Also forgot to say my windows update icon in taskbar has windows can't check for updates. Went to updates and the last update was in July. Ok just wanted to let you know that. Don't know if that has anything to do with this but thought better mention it. Thanks Becky


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
See post # 6 and follow instructions
  • 0

#10
Becky616

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

HI

After running fixlist and reboot an error box came up that said RUN DLL error loading C:\users\becky\cnmsss~1.dll the specified mode module could not be found.  Windows icon in taskbar still says windows can't check for updates. Here is the fixlog results.

Attached File  Fixlog.txt   6.01KB   173 downloads


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Hello,

We will get to windows up date, but not yet.

See if this fixes the RUN DLL error at boot, if not post a new FRST.txt log

Ready
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
ShortcutTarget: Canon IJ Status Monitor Canon MP210 series Printer.lnk -> C:\Users\Becky\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP210 series Printer;cnmss Canon 
C:\Users\Becky\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP210 series Printer;cnmss Canon 
Startup: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MP210 series Printer.lnk [2016-09-05]
C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MP210 series Printer.lnk [2016-09-05]
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run
  • 0

#12
Becky616

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi

Ran fixlist and rebooted. nothing came up. here's the log

Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Becky (05-09-2016 14:55:28) Run:2
Running from C:\Users\Becky\Desktop
Loaded Profiles: Becky (Available Profiles: Becky)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
ShortcutTarget: Canon IJ Status Monitor Canon MP210 series Printer.lnk -> C:\Users\Becky\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP210 series Printer;cnmss Canon
C:\Users\Becky\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP210 series Printer;cnmss Canon
Startup: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MP210 series Printer.lnk [2016-09-05]
C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MP210 series Printer.lnk [2016-09-05]
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
ShortcutTarget: Canon IJ Status Monitor Canon MP210 series Printer.lnk -> C:\Users\Becky\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP210 series Printer;cnmss Canon => not found.
"C:\Users\Becky\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP210 series Printer;cnmss Canon" => not found.
C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MP210 series Printer.lnk => moved successfully
"C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MP210 series Printer.lnk [2016-09-05]" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3257150 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 824 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 848 B
Becky => 1965342 B

RecycleBin => 0 B
EmptyTemp: => 13 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:56:26 ====


Edited by Becky616, 05 September 2016 - 01:13 PM.

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next
    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

  • 0

#14
Becky616

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi

adwcleaner results about to do jrt

# AdwCleaner v6.010 - Logfile created 05/09/2016 at 15:33:25
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-05.1 [Server]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : Becky - BECKY-PC
# Running from : C:\Users\Becky\Desktop\adwcleaner_6.010.exe
# Mode: Clean
# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Program Files\CouponAlert_2pEI
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Program Files\Coupons
[#] Folder deleted on reboot: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[#] Folder deleted on reboot: C:\Program Files\Coupons
[-] Folder deleted: C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\CouponAlert_2pEI
[#] Key deleted on reboot: HKLM\SOFTWARE\CouponAlert_2pEI_is1
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4623a8c4-150d-4983-8982-68c01e7d6541}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{4623a8c4-150d-4983-8982-68c01e7d6541}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CouponAlert_2pInstaller.Start.CouponAlert_2pInstaller.Start
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CouponAlert_2pInstaller.Start.CouponAlert_2pInstaller.Start.1
[#] Key deleted on reboot: {F194CFD8-D3D5-42DF-805C-0087A161448F}
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\S-1-5-21-424182356-2710099381-261839163-1000\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion

***** [ Web browsers ] *****

[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2731 Bytes] - [05/09/2016 15:33:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [2944 Bytes] - [05/09/2016 15:23:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2877 Bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows Vista ™ Home Premium x86
Ran by Becky (Administrator) on Mon 09/05/2016 at 15:41:46.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 3

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Program Files\GUT6B5B.tmp (File)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/05/2016 at 15:44:06.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by Becky616, 05 September 2016 - 01:48 PM.

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
One more malware scan to run, it will take a bit longer then previous scans


  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP