Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please check FRST scans

Started by debodun , Jan 11 2020 02:17 PM

  • Please log in to reply

#1
debodun
Posted 11 January 2020 - 02:17 PM

debodun

    Member

  • Member
  • PipPipPip
  • 567 posts

Suddenly getting browser ads when there wasn't any before, slower performance and sometimes get rifgt click menu wne left clicking mouse.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by Owner (administrator) on OWNER-PC (Hewlett-Packard HP Compaq dc5700 Small Form Factor) (11-01-2020 15:07:04)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0976F330-BF25-4F6F-B0B1-665D9BF7BCC0} - System32\Tasks\{68760510-2907-489D-B7A2-C35A3446BE71} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]
Task: {0A0C5E8A-2FCE-4C99-B12F-00B4B70AFB83} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {3866323C-2748-4598-9252-1BABADF0622F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {41E2110D-1421-413B-8E62-70C64466298F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {5D084169-00AD-4D36-A448-C9A76FB459A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {6B4D3DDA-9B0C-4B4E-A917-B9A141F6ED35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3129184 2012-09-24] (Piriform Ltd -> Piriform Ltd)
Task: {A149C588-D529-48EB-BAE0-95CA7AC5FE1C} - System32\Tasks\{304152A7-70D0-4E91-9F4E-DBD1652C7AAC} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E05E619F-5932-445D-9D21-1FC2630E6BEE}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF DefaultProfile: 8wi3sbs5.default-1412761564967
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 [2020-01-11]
FF Homepage: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.google.com/?gws_rd=ssl
FF Notifications: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.sevenforums.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] (Apple Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-11 15:07 - 2020-01-11 15:08 - 000009034 _____ C:\Users\Owner\Desktop\FRST.txt
2020-01-11 15:04 - 2020-01-11 15:05 - 002573312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2020-01-07 11:01 - 2020-01-07 11:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-05 17:39 - 2020-01-05 17:39 - 000048483 _____ C:\Users\Owner\Documents\data.pdf
2020-01-02 13:27 - 2020-01-10 17:17 - 000012895 _____ C:\Users\Owner\Documents\Celebrity Deaths 2020.odt
2020-01-01 14:05 - 2020-01-03 14:49 - 000014009 _____ C:\Users\Owner\Documents\Expenses 2019.ods
2019-12-31 17:23 - 2019-12-31 17:23 - 000000394 __RSH C:\ProgramData\ntuser.pol
2019-12-30 14:25 - 2019-12-31 13:35 - 000014251 _____ C:\Users\Owner\Documents\Jesus Genealogy.odt
2019-12-30 14:25 - 2019-12-30 14:25 - 000032194 _____ C:\Users\Owner\Documents\Jesus Genealogy.pdf
2019-12-29 19:50 - 2019-12-29 19:50 - 000003728 ____N C:\bootsqm.dat
2019-12-28 10:33 - 2019-12-28 10:33 - 000009769 _____ C:\Users\Owner\Documents\2 lines.odt
2019-12-28 10:21 - 2020-01-07 11:27 - 000025396 _____ C:\Users\Owner\Documents\data.odt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-11 15:08 - 2015-05-23 11:52 - 000000000 ____D C:\FRST
2020-01-11 11:01 - 2016-11-16 12:13 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2020-01-11 10:25 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-11 10:25 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-11 10:21 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-11 10:21 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2020-01-11 10:17 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-10 17:24 - 2012-07-22 08:28 - 000000000 ____D C:\ProgramData\TEMP
2020-01-10 17:24 - 2012-07-22 08:28 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2020-01-10 15:01 - 2012-01-12 11:24 - 000000000 ___RD C:\Users\Owner\Desktop\misc house contents
2020-01-10 14:27 - 2012-01-12 11:21 - 000000000 ____D C:\Users\Owner\Desktop\House Pics
2020-01-10 10:30 - 2016-05-26 07:08 - 000024971 _____ C:\Users\Owner\Documents\SCF emails.odt
2020-01-10 10:28 - 2019-09-12 12:54 - 000022761 _____ C:\Users\Owner\Documents\SCF emails alphabetically by first name .odt
2020-01-10 10:27 - 2017-06-29 10:22 - 000013006 _____ C:\Users\Owner\Documents\riddles.odt
2020-01-09 10:56 - 2012-01-12 11:21 - 000000000 ____D C:\Users\Owner\Desktop\silver, jewelry, coins
2020-01-08 15:53 - 2014-11-07 07:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-01-07 12:34 - 2012-01-12 11:23 - 000000000 ____D C:\Users\Owner\Desktop\Things For Sale
2020-01-06 13:19 - 2014-01-13 18:27 - 000018656 _____ C:\Users\Owner\Documents\Home Delivered Meals.ods
2020-01-04 11:10 - 2019-10-05 10:25 - 000010304 _____ C:\Users\Owner\Documents\Weight 2020.ods
2020-01-04 10:44 - 2019-11-05 11:06 - 000014871 _____ C:\Users\Owner\Documents\Net Worth 2020.ods
2020-01-04 10:32 - 2018-12-03 12:37 - 000017840 _____ C:\Users\Owner\Documents\Net Worth 2019.ods
2020-01-02 13:25 - 2019-01-01 11:13 - 000019364 _____ C:\Users\Owner\Documents\Celebrity Deaths 2019.odt
2019-12-31 17:23 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-12-31 17:23 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-12-31 17:22 - 2016-05-18 15:52 - 000001079 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2019-12-31 17:22 - 2016-05-18 15:52 - 000001079 _____ C:\ProgramData\Desktop\SpywareBlaster.lnk
2019-12-31 17:22 - 2012-07-22 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2019-12-29 20:27 - 2017-09-11 14:35 - 000000467 _____ C:\VEW.txt
2019-12-19 10:25 - 2015-11-01 15:14 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-23 16:19
==================== End of FRST.txt ========================


  • 0

Advertisements

#2
debodun
Posted 11 January 2020 - 02:17 PM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Addition txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by Owner (11-01-2020 15:11:12)
Running from C:\Users\Owner\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-12-17 19:41:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3384263181-369055421-3260215636-500 - Administrator - Disabled)
Guest (S-1-5-21-3384263181-369055421-3260215636-501 - Limited - Disabled)
Owner (S-1-5-21-3384263181-369055421-3260215636-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.303 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardRd81 (HKLM-x32\...\{54C8FE84-89C4-40E8-976C-439EB0729BD6}) (Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 5.00.0000.0011 - EASTMAN KODAK Company) Hidden
CR2 (HKLM-x32\...\{432C3720-37BF-4BD7-8E49-F38E090246D0}) (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
EKS Dinner With Moriarty (HKLM-x32\...\EKS Dinner With Moriarty) (Version:  - )
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version:  - )
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}) (Version: 5.00.0000.0037 - EASTMAN KODAK Company) Hidden
ESSCT (HKLM-x32\...\{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 5.00.0000.0013 - EASTMAN KODAK Company) Hidden
ESShelp (HKLM-x32\...\{87843A41-7808-4F2E-B13F-25C1E67CF2FD}) (Version: 5.00.0000.0005 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 5.00.0000.0010 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 5.00.0000.0020 - EASTMAN KODAK Company) Hidden
ESSSONIC (HKLM-x32\...\{4F677FC7-7AA8-412B-A957-F13CBE1C7331}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSTUTOR (HKLM-x32\...\{CA60320D-6A16-49C8-A34F-84EEF4799567}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSvpaht (HKLM-x32\...\{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSvpot (HKLM-x32\...\{48C82F7A-F100-4DAB-A310-8E18BF2159E1}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
Free MIDI to MP3 Converter 1.0 (HKLM-x32\...\{181E1175-1FF8-4EA5-BC08-A7CA39B85502}_is1) (Version:  - PolySoft Solutions)
HLPIndex (HKLM-x32\...\{38441BE7-79B0-42B8-8297-833704F949FE}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
HLPPDOCK (HKLM-x32\...\{154508C0-07C5-4659-A7A0-E49968750D21}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (HKLM-x32\...\{AADAC983-FDE9-42FA-8FD9-7BB324155593}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (HKLM-x32\...\{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}) (Version: 632.62.0002.0001 - EASTMAN KODAK Company) Hidden
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 72.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.1 (x64 en-US)) (Version: 72.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notifier (HKLM-x32\...\{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OTtBP (HKLM-x32\...\{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
OTtBPSDK (HKLM-x32\...\{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}) (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
SKIN0001 (HKLM-x32\...\{FDF9943A-3D5C-46B3-9679-586BD237DDEE}) (Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
Skype™ 5.5 (HKLM-x32\...\{F1CECE09-7CBE-4E98-B435-DA87CDA86167}) (Version: 5.5.124 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.14 - Piriform)
SpywareBlaster 5.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.6.0 - BrightFort LLC)
StuffIt Expander 2011 15.0.8 (HKLM-x32\...\{4D4ABFF9-4E06-44A0-86B1-DEEB7C5CA382}_is1) (Version: 15.0.8 - Smith Micro Software, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation -> Malwarebytes Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation -> Malwarebytes Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-05 10:08 - 000000098 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0E227B60-E7FB-4017-9EC7-A62A5EFA8967}] => (Allow) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe () [File not signed]
FirewallRules: [{C86A2602-2440-441D-972C-BEC7E06FC3E4}] => (Allow) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe () [File not signed]
FirewallRules: [{217F7D9C-49CD-4ED9-9050-3C2E4E9D8CC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3994F65F-7D58-4F72-86D1-2E5CD9A2AD1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D2F24F04-D188-44AF-8CAB-1440B2782E38}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{1A10243C-DC57-4AFE-AD3D-54A683104F27}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D920EAFE-1F31-4BB5-BC15-E747556F30C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D0FFCD08-CDC4-41E1-B87C-BCCEA99F34B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

26-01-2018 14:34:58 Windows Update
13-02-2018 13:49:09 Windows Update
05-03-2018 13:08:47 Windows Update
13-03-2018 12:20:54 Windows Update
30-03-2018 13:10:28 Windows Update
10-04-2018 12:22:19 Windows Update
19-04-2018 12:29:46 Windows Update
05-05-2018 15:40:18 Windows Update
08-05-2018 12:51:18 Windows Update
12-06-2018 12:28:59 Windows Update
06-07-2018 13:15:59 Windows Update
10-07-2018 12:30:24 Windows Update
14-08-2018 12:35:43 Windows Update
07-09-2018 13:46:51 Scheduled Checkpoint
11-09-2018 12:31:49 Windows Update
26-09-2018 14:33:47 Scheduled Checkpoint
26-11-2018 16:48:35 Windows Update
13-05-2019 15:49:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
13-05-2019 15:50:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
23-11-2019 16:27:35 Scheduled Checkpoint
08-12-2019 19:06:22 Windows Update
29-12-2019 20:07:23 Windows Update

==================== Faulty Device Manager Devices ============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

BIOS: Hewlett-Packard 786E2 v02.04 04/13/2007
Motherboard: Hewlett-Packard 0A60h
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 93%
Total physical RAM: 3063.31 MB
Available physical RAM: 194.9 MB
Total Virtual: 6124.77 MB
Available Virtual: 2819.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.56 GB) (Free:725.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.75 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CF2E5F36)
Partition 1: (Active) - (Size=929.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#3
debodun
Posted 21 January 2020 - 01:38 PM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

There are some disturbing entries in the Addition txt, especially items listed under Internet Explorer restricted sites since I don't use that very much (Britney Spears nude?????).


  • 0

#4
RKinner
Posted 14 February 2020 - 02:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Could I see a new FRST scan?


  • 0

#5
debodun
Posted 14 February 2020 - 03:21 PM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2020
Ran by Owner (administrator) on OWNER-PC (Hewlett-Packard HP Compaq dc5700 Small Form Factor) (14-02-2020 16:12:49)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0976F330-BF25-4F6F-B0B1-665D9BF7BCC0} - System32\Tasks\{68760510-2907-489D-B7A2-C35A3446BE71} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]
Task: {0A0C5E8A-2FCE-4C99-B12F-00B4B70AFB83} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {3866323C-2748-4598-9252-1BABADF0622F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {41E2110D-1421-413B-8E62-70C64466298F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-12] (Adobe Inc. -> Adobe)
Task: {5D084169-00AD-4D36-A448-C9A76FB459A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-12] (Adobe Inc. -> Adobe)
Task: {6B4D3DDA-9B0C-4B4E-A917-B9A141F6ED35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3129184 2012-09-24] (Piriform Ltd -> Piriform Ltd)
Task: {A149C588-D529-48EB-BAE0-95CA7AC5FE1C} - System32\Tasks\{304152A7-70D0-4E91-9F4E-DBD1652C7AAC} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E05E619F-5932-445D-9D21-1FC2630E6BEE}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF DefaultProfile: 8wi3sbs5.default-1412761564967
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 [2020-02-14]
FF Homepage: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.google.com/?gws_rd=ssl
FF Notifications: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.sevenforums.com
FF Extension: (uBlock Origin) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967\Extensions\[email protected] [2020-02-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-12] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-12] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] (Apple Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-14 16:12 - 2020-02-14 16:14 - 000008721 _____ C:\Users\Owner\Desktop\FRST.txt
2020-02-14 16:12 - 2020-02-14 16:12 - 002279424 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-14 16:14 - 2015-05-23 11:52 - 000000000 ____D C:\FRST
2020-02-14 16:12 - 2016-11-16 12:13 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2020-02-14 12:26 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-02-14 12:26 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-02-14 12:22 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-14 12:22 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2020-02-14 12:17 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-12 09:04 - 2015-11-01 15:14 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-02-12 08:58 - 2018-03-13 13:58 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-02-12 08:58 - 2013-02-09 10:03 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-02-12 08:58 - 2012-03-31 06:33 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-02-12 08:58 - 2011-12-17 15:43 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-02-12 08:58 - 2011-12-17 15:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-02-12 08:58 - 2011-12-17 15:43 - 000000000 ____D C:\Windows\system32\Macromed
2020-02-11 16:21 - 2020-01-02 13:27 - 000016247 _____ C:\Users\Owner\Documents\Celebrity Deaths 2020.odt
2020-02-11 12:26 - 2017-06-29 10:22 - 000012777 _____ C:\Users\Owner\Documents\riddles.odt
2020-02-11 11:58 - 2014-11-07 07:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-02-01 14:03 - 2019-11-05 11:06 - 000016383 _____ C:\Users\Owner\Documents\Net Worth 2020.ods
2020-02-01 12:11 - 2019-10-05 10:25 - 000010406 _____ C:\Users\Owner\Documents\Weight 2020.ods
2020-01-27 17:30 - 2012-07-22 08:28 - 000000000 ____D C:\ProgramData\TEMP
2020-01-27 17:30 - 2012-07-22 08:28 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2020-01-21 15:27 - 2019-12-28 10:21 - 000023675 _____ C:\Users\Owner\Documents\data.odt
2020-01-15 12:29 - 2014-01-13 18:27 - 000018653 _____ C:\Users\Owner\Documents\Home Delivered Meals.ods

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-01-29 15:37
==================== End of FRST.txt ========================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2020
Ran by Owner (14-02-2020 16:16:40)
Running from C:\Users\Owner\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-12-17 19:41:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3384263181-369055421-3260215636-500 - Administrator - Disabled)
Guest (S-1-5-21-3384263181-369055421-3260215636-501 - Limited - Disabled)
Owner (S-1-5-21-3384263181-369055421-3260215636-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.330 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardRd81 (HKLM-x32\...\{54C8FE84-89C4-40E8-976C-439EB0729BD6}) (Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 5.00.0000.0011 - EASTMAN KODAK Company) Hidden
CR2 (HKLM-x32\...\{432C3720-37BF-4BD7-8E49-F38E090246D0}) (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
EKS Dinner With Moriarty (HKLM-x32\...\EKS Dinner With Moriarty) (Version:  - )
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version:  - )
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}) (Version: 5.00.0000.0037 - EASTMAN KODAK Company) Hidden
ESSCT (HKLM-x32\...\{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 5.00.0000.0013 - EASTMAN KODAK Company) Hidden
ESShelp (HKLM-x32\...\{87843A41-7808-4F2E-B13F-25C1E67CF2FD}) (Version: 5.00.0000.0005 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 5.00.0000.0010 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 5.00.0000.0020 - EASTMAN KODAK Company) Hidden
ESSSONIC (HKLM-x32\...\{4F677FC7-7AA8-412B-A957-F13CBE1C7331}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSTUTOR (HKLM-x32\...\{CA60320D-6A16-49C8-A34F-84EEF4799567}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSvpaht (HKLM-x32\...\{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSvpot (HKLM-x32\...\{48C82F7A-F100-4DAB-A310-8E18BF2159E1}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
Free MIDI to MP3 Converter 1.0 (HKLM-x32\...\{181E1175-1FF8-4EA5-BC08-A7CA39B85502}_is1) (Version:  - PolySoft Solutions)
HLPIndex (HKLM-x32\...\{38441BE7-79B0-42B8-8297-833704F949FE}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
HLPPDOCK (HKLM-x32\...\{154508C0-07C5-4659-A7A0-E49968750D21}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (HKLM-x32\...\{AADAC983-FDE9-42FA-8FD9-7BB324155593}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (HKLM-x32\...\{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}) (Version: 632.62.0002.0001 - EASTMAN KODAK Company) Hidden
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 73.0 (x64 en-US) (HKLM\...\Mozilla Firefox 73.0 (x64 en-US)) (Version: 73.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notifier (HKLM-x32\...\{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OTtBP (HKLM-x32\...\{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
OTtBPSDK (HKLM-x32\...\{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}) (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
SKIN0001 (HKLM-x32\...\{FDF9943A-3D5C-46B3-9679-586BD237DDEE}) (Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
Skype™ 5.5 (HKLM-x32\...\{F1CECE09-7CBE-4E98-B435-DA87CDA86167}) (Version: 5.5.124 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.14 - Piriform)
SpywareBlaster 5.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.6.0 - BrightFort LLC)
StuffIt Expander 2011 15.0.8 (HKLM-x32\...\{4D4ABFF9-4E06-44A0-86B1-DEEB7C5CA382}_is1) (Version: 15.0.8 - Smith Micro Software, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation -> Malwarebytes Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation -> Malwarebytes Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-05 10:08 - 000000098 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0E227B60-E7FB-4017-9EC7-A62A5EFA8967}] => (Allow) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe () [File not signed]
FirewallRules: [{C86A2602-2440-441D-972C-BEC7E06FC3E4}] => (Allow) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe () [File not signed]
FirewallRules: [{217F7D9C-49CD-4ED9-9050-3C2E4E9D8CC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3994F65F-7D58-4F72-86D1-2E5CD9A2AD1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D2F24F04-D188-44AF-8CAB-1440B2782E38}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{1A10243C-DC57-4AFE-AD3D-54A683104F27}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D920EAFE-1F31-4BB5-BC15-E747556F30C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D0FFCD08-CDC4-41E1-B87C-BCCEA99F34B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

13-03-2018 12:20:54 Windows Update
30-03-2018 13:10:28 Windows Update
10-04-2018 12:22:19 Windows Update
19-04-2018 12:29:46 Windows Update
05-05-2018 15:40:18 Windows Update
08-05-2018 12:51:18 Windows Update
12-06-2018 12:28:59 Windows Update
06-07-2018 13:15:59 Windows Update
10-07-2018 12:30:24 Windows Update
14-08-2018 12:35:43 Windows Update
07-09-2018 13:46:51 Scheduled Checkpoint
11-09-2018 12:31:49 Windows Update
26-09-2018 14:33:47 Scheduled Checkpoint
26-11-2018 16:48:35 Windows Update
13-05-2019 15:49:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
13-05-2019 15:50:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
23-11-2019 16:27:35 Scheduled Checkpoint
08-12-2019 19:06:22 Windows Update
29-12-2019 20:07:23 Windows Update
15-01-2020 16:01:55 Windows Update
18-01-2020 17:08:51 Windows Update
29-01-2020 15:45:23 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/27/2020 04:35:18 PM) (Source: Firefox) (EventID: 1287) (User: )
Description: Event-ID 1287

Error: (01/14/2020 10:52:34 AM) (Source: Firefox) (EventID: 1287) (User: )
Description: Event-ID 1287


System errors:
=============
Error: (01/30/2020 04:54:32 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (01/30/2020 04:54:27 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (01/30/2020 04:54:21 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4.

Error: (01/30/2020 04:54:14 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.

Error: (01/30/2020 04:54:06 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy16.

Error: (01/30/2020 04:53:58 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy15.

Error: (01/30/2020 04:53:50 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy12.

Error: (01/11/2020 04:55:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.


CodeIntegrity:
===================================

Date: 2020-01-29 15:15:02.374
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-29 15:15:00.673
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-29 15:14:58.942
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-29 15:14:52.593
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-29 15:14:50.923
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-29 15:14:49.223
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-29 15:14:45.713
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-29 15:14:44.028
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Hewlett-Packard 786E2 v02.04 04/13/2007
Motherboard: Hewlett-Packard 0A60h
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 70%
Total physical RAM: 3063.31 MB
Available physical RAM: 900.14 MB
Total Virtual: 6124.77 MB
Available Virtual: 3692.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.56 GB) (Free:727.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.75 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CF2E5F36)
Partition 1: (Active) - (Size=929.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#6
RKinner
Posted 14 February 2020 - 03:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Hard drive has a problem.

(Best to use multiple replies and post the logs as you get them)


1. Double-click (My) Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after the line).
 

sfc /scannow

 


(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Since you already have Speccy:

 

Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (Some Versions do not have the serial number that's OK)
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.

Now click on Attach this file.

 

Uninstall TeamViewer - your version is very very old.

 

Uninstall SpywareBlaster

 

If you no linger use the Kodak camera, uninstall Kodak EasyShare software

 

Download the free offline installer for Avast:

https://www.avast.co...ST&locale=en-us

(Direct link, Download, Save but do not install yet.

 

Uninstall MSE

 

Reboot.

 

Right click on the Avast installer and Run As Admin.  Follow the prompts to install it.  Decline optional software and demo or trial versions and stick with the Basic (Free) version.  Once it installs it will want to run a Quick Scan.  Decline.  Instead run a Boot-time Scan

 

Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours so I let it run at night while I sleep.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

 

Make a new FRST scan and post the logs.

 

 


 


  • 0

#7
debodun
Posted 15 February 2020 - 12:09 PM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

check disk ran 4 hours but didn't find anything - same for scannow.

 

Here is the System scan with VEW

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/02/2020 2:57:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

And the Application scan:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/02/2020 3:01:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by debodun, 15 February 2020 - 02:02 PM.

  • 0

#8
debodun
Posted 15 February 2020 - 02:06 PM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Here is the Speccy scan:

 

Attached Files


  • 0

#9
RKinner
Posted 15 February 2020 - 03:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Did you remember to reboot before running VEW?  Normally we get a few errors.

 

As far as the hard drive, the error

Error: (01/30/2020 04:54:32 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.

indicates a hard drive problem.  The disk check we ran will hopefully correct the error.

 

Speccy shows the drive isn't that bad.  Only the one parameter looks ugly:

 

C3 Hardware ECC Recovered    100 (100) Data 000057FE9C

 

 

Use Speccy to monitor this value.  If it changes this may indicate that the drive is dying.


  • 0

#10
debodun
Posted 16 February 2020 - 11:19 AM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Did you remember to reboot before running VEW?  Normally we get a few errors.

 

As far as the hard drive, the error

Error: (01/30/2020 04:54:32 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.

indicates a hard drive problem.  The disk check we ran will hopefully correct the error.

 

Speccy shows the drive isn't that bad.  Only the one parameter looks ugly:

 

C3 Hardware ECC Recovered    100 (100) Data 000057FE9C

 

 

Use Speccy to monitor this value.  If it changes this may indicate that the drive is dying.

I rebooted and tried Event Viewer again and got this when I clicked on RUN:

 

 

 

 

Attached Thumbnails

  • event viewer.jpg

  • 0

Advertisements

#11
debodun
Posted 16 February 2020 - 11:20 AM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Ans what should I look for in Speccy as you suggested?


  • 0

#12
RKinner
Posted 16 February 2020 - 11:56 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You have to right click on VEW.exe and Run As Admin or you will get that error every time.


  • 0

#13
debodun
Posted 16 February 2020 - 02:39 PM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Oops! Will have to try again when I reboot. As you can tell, I am not very tech savvy.


  • 0

#14
RKinner
Posted 16 February 2020 - 03:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

One reboot is enough.  You should be able to run VEW right now.


  • 0

#15
debodun
Posted 16 February 2020 - 03:44 PM

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Apparently not. I am still getting the same output as I already posted.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP