I was given a vista machine and it seems to be running between 50 - 90 percent cpu all the time, even when nothing is open. Any help would be appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2016 01
Ran by Household (administrator) on HOUSEHOLD-PC (20-06-2016 18:45:43)
Running from C:\Users\Household\Downloads
Loaded Profiles: Household (Available Profiles: Household)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIPKE.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-06-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIPKE.EXE [380400 2014-11-13] (SEIKO EPSON CORPORATION)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1105F29B-937E-45C4-80D2-8C13A3BB1992}: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{A05FB141-A447-48C4-919E-847EBD221EFD}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP68
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP68
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3298834333-971083110-3924135021-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-18] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Extension: DownThemAll! - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-21]
FF Extension: FlashGot - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-04-21]
FF Extension: Greasemonkey - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-06-20]
FF Extension: Tab Mix Plus - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-20]
FF Extension: Tamper Data - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2016-06-20]
FF Extension: Private Tab - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\Extensions\[email protected] [2016-04-21]
FF Extension: Flashblock - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-06-15]
FF Extension: Adblock Plus - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-28] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-04-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2016-04-28] [not signed]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-07-13] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-04]
CHR Extension: (Google Drive) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (SiteAdvisor) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-06]
CHR Extension: (Google Docs Offline) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Ghostery) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [595968 2016-06-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [254904 2016-03-18] (RaMMicHaeL)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [618880 2006-03-02] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1206560 2012-11-12] (Ralink Technology Corp.)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TarFltr; C:\Windows\System32\Drivers\UsbFltr.sys [45440 2007-04-11] (Razer USA Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-20 18:47 - 2016-06-20 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-06-20 18:45 - 2016-06-20 18:48 - 00016015 _____ C:\Users\Household\Downloads\FRST.txt
2016-06-20 18:45 - 2016-06-20 18:45 - 00000000 ____D C:\FRST
2016-06-20 18:38 - 2016-06-20 18:38 - 00140232 _____ C:\Windows\Minidump\Mini062016-01.dmp
2016-06-20 18:37 - 2016-06-20 18:41 - 00136884 _____ C:\Windows\ntbtlog.txt
2016-06-20 18:37 - 2016-06-20 18:37 - 197354194 _____ C:\Windows\MEMORY.DMP
2016-06-20 18:34 - 2016-06-20 18:34 - 01738240 _____ (Farbar) C:\Users\Household\Downloads\FRST.exe
2016-06-20 15:14 - 2016-06-20 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-06-20 09:53 - 2016-06-20 09:53 - 00646811 _____ C:\Users\Household\Downloads\wisdom teeth forms.pdf
2016-06-20 09:48 - 2016-06-20 09:48 - 00646811 _____ C:\Users\Household\Downloads\submission.pdf
2016-06-18 13:43 - 2016-06-18 14:43 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-06-12 08:29 - 2016-06-12 08:29 - 00496242 _____ C:\Users\Household\Downloads\sam.pdf
2016-05-30 23:56 - 2016-05-30 23:56 - 00040960 _____ C:\Users\Household\Documents\yw recipe card 5.pub
2016-05-30 23:55 - 2016-05-30 23:55 - 00043008 _____ C:\Users\Household\Documents\yw recipe card 3.pub
2016-05-30 23:55 - 2016-05-30 23:55 - 00040960 _____ C:\Users\Household\Documents\yw recipe card 4.pub
2016-05-30 23:55 - 2016-05-30 23:55 - 00038400 _____ C:\Users\Household\Documents\yw recipe card 2.pub
2016-05-30 23:54 - 2016-05-30 23:54 - 00040960 _____ C:\Users\Household\Documents\yw recipe card.pub
2016-05-30 11:17 - 2016-05-30 11:17 - 00546451 _____ C:\Users\Household\Documents\Dulcie's cookbook - Copy.pdf
2016-05-28 21:22 - 2016-05-28 21:22 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-28 21:22 - 2016-05-28 21:22 - 00000000 ___RD C:\Program Files\Skype
2016-05-28 21:22 - 2016-05-28 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-28 21:22 - 2016-05-28 21:22 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-20 18:43 - 2016-04-21 17:46 - 00000000 ____D C:\Users\Household\AppData\Roaming\Skype
2016-06-20 18:43 - 2015-02-28 13:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-20 18:43 - 2015-02-28 12:37 - 00000680 _____ C:\Users\Household\AppData\Local\d3d9caps.dat
2016-06-20 18:42 - 2015-02-28 13:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-20 18:42 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 18:42 - 2006-11-02 05:47 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-20 18:42 - 2006-11-02 05:47 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-20 18:41 - 2015-05-13 19:05 - 00000000 ____D C:\Program Files\CCleaner
2016-06-20 18:38 - 2015-12-15 10:50 - 00000000 ____D C:\Windows\Minidump
2016-06-20 18:28 - 2006-11-02 06:01 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-20 18:10 - 2016-02-01 14:57 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d3b9003404d.job
2016-06-20 18:03 - 2015-09-19 11:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f30d1c797ba8.job
2016-06-20 18:03 - 2015-07-19 16:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0c27ec7feb10b.job
2016-06-20 18:03 - 2015-05-15 12:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f48bd0bc09f.job
2016-06-20 18:02 - 2016-02-09 17:02 - 00000917 _____ C:\Windows\Tasks\EPSON XP-830 Series Update {B083E7F3-918A-4BDA-9290-2542E9357605}.job
2016-06-20 18:02 - 2015-12-06 11:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d130588c7d3ab.job
2016-06-20 17:57 - 2015-02-28 13:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-20 15:14 - 2015-05-13 19:39 - 00000000 ____D C:\ProgramData\Unchecky
2016-06-20 12:37 - 2015-05-13 17:12 - 00000000 ____D C:\Program Files\McAfee
2016-06-20 09:55 - 2015-08-03 20:58 - 00000000 ____D C:\Users\Household\Documents\CF
2016-06-18 14:43 - 2015-02-28 13:40 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-18 14:43 - 2015-02-28 13:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-18 13:48 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-06-15 15:22 - 2015-05-13 19:34 - 00000000 ____D C:\ProgramData\TEMP
2016-06-15 15:22 - 2015-05-13 19:34 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-06-15 15:21 - 2015-05-13 19:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-13 08:59 - 2015-05-14 21:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-12 15:43 - 2016-04-21 16:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-12 15:43 - 2015-07-10 05:28 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-12 15:43 - 2015-05-14 21:12 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-06 23:01 - 2015-05-13 19:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-06 22:54 - 2006-11-02 03:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-01 11:04 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\NDF
2016-05-30 11:17 - 2016-01-23 20:43 - 00000000 ____D C:\Users\Household\AppData\Local\CutePDF Writer
2016-05-29 08:04 - 2015-05-13 19:29 - 00000000 ____D C:\Program Files\7-Zip
2016-05-28 21:22 - 2016-04-21 17:46 - 00000000 ____D C:\Users\Household\AppData\Local\Skype
2016-05-28 21:22 - 2016-04-21 17:45 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-02-28 12:37 - 2016-06-20 18:43 - 0000680 _____ () C:\Users\Household\AppData\Local\d3d9caps.dat
2015-05-13 20:15 - 2015-05-13 20:15 - 0004608 _____ () C:\Users\Household\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-04 20:23 - 2015-03-04 20:23 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-20 18:48
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2016 01
Ran by Household (2016-06-20 18:49:02)
Running from C:\Users\Household\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2015-02-28 16:11:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3298834333-971083110-3924135021-500 - Administrator - Disabled)
Guest (S-1-5-21-3298834333-971083110-3924135021-501 - Limited - Enabled)
Household (S-1-5-21-3298834333-971083110-3924135021-1000 - Administrator - Enabled) => C:\Users\Household
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Easy Photo Scan (HKLM\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.43.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-830 Series Printer Uninstall (HKLM\...\EPSON XP-830 Series) (Version: - Seiko Epson Corporation)
Epson XP-830 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson XP-830 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Pro (HKLM\...\{5BAA8884-F661-464B-B5B2-5C6C632BFC21}) (Version: 7.1.4.1529 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® 537EP V9x DF PCI Modem (HKLM\...\Intel® 537EP V9x DF PCI Modem) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee All Access – Total Protection (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
NETGEAR WNDA4100 (Version: 1.2.0.10 - NETGEAR) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.1.7010 - Analog Devices)
SpywareBlaster 5.4 (HKLM\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Unchecky v0.4.3 (HKLM\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0988E42E-8ADE-4FCC-8894-66C9B4BC87A0} - System32\Tasks\EPSON XP-830 Series Update {B083E7F3-918A-4BDA-9290-2542E9357605} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSPKE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {1EEBDBD3-FE4B-43F0-99D6-97AA29A1A179} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d3b9003404d => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {494515F9-53DB-4B12-BB4E-73420787B83E} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f48bd0bc09f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {54BB4BBB-7F55-42F6-BA6A-4236C857ACAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {694EB21A-FA8E-4936-B6AF-144FF0DFEE1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8C569554-EF9E-463B-95A3-33796EBAE078} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {90A876AD-B256-4A9E-A5BF-444A5447FDAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-18] (Adobe Systems Incorporated)
Task: {B98A0101-7F9C-4601-8F69-5245766C30CC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0c27ec7feb10b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CBDCD817-D16A-4567-9A8B-A634ACEC7C9A} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f30d1c797ba8 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DCB8B20A-E0FC-4975-A7C5-5F243FAE8FA9} - System32\Tasks\GoogleUpdateTaskMachineUA1d130588c7d3ab => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DD982B3E-83DB-459E-99D1-33CCA7370DE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-830 Series Update {B083E7F3-918A-4BDA-9290-2542E9357605}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSPKE.EXE:/EXE:{B083E7F3-918A-4BDA-9290-2542E9357605} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f48bd0bc09f.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0c27ec7feb10b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f30d1c797ba8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d130588c7d3ab.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d3b9003404d.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-23 20:41 - 2016-01-22 17:56 - 00089008 _____ () C:\Windows\System32\cpwmon2k.dll
2015-02-28 19:45 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 03:23 - 2016-06-20 18:42 - 00001961 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 5 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img7.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{626759AC-27C3-4C21-89C2-F4004D7DC670}] => (Allow) LPort=80
FirewallRules: [{7641F1DC-E6C2-450C-B1BA-798034004E24}] => (Allow) LPort=80
FirewallRules: [{F8B55E44-442F-497A-B6A8-95DFC12B428A}] => (Allow) LPort=80
FirewallRules: [{79AF0892-0FB2-4AAC-B422-5C634173A917}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{89735289-0AD5-48D8-9D18-1B53A80A99D5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B99992E0-971F-43ED-8C4A-389AF3F5EDCE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{EE50801C-798A-481D-B78D-D0E8F81FAA95}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2840BA4C-B9E3-434A-85D9-8DBB20A46A53}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9C5B75DD-4FF5-4589-9697-91557E34B8FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3ACDCB2D-CD2A-44FF-8052-DF35C8E92A10}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0A985C31-1DD5-4F53-AAE8-7BF03DAA487D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{98059D22-4A0A-4B21-A684-BC434214D8DF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
==================== Restore Points =========================
06-04-2016 16:59:49 Scheduled Checkpoint
20-04-2016 10:22:22 Windows Update
21-04-2016 17:40:58 Windows Update
21-04-2016 17:52:36 Removed HP Officejet 6500 E710n-z Help
21-04-2016 17:54:15 Removed HP Update.
21-04-2016 18:18:20 Removed HP Update.
21-04-2016 18:21:11 Removed HP Officejet 6500 E710n-z Help
21-04-2016 18:37:23 Removed Skype™ 7.3
26-04-2016 15:51:39 McAfee Vulnerability Scanner
28-04-2016 17:36:53 Scheduled Checkpoint
28-04-2016 18:08:39 Installed Epson Event Manager
29-04-2016 13:30:56 Scheduled Checkpoint
30-04-2016 12:05:35 Scheduled Checkpoint
02-05-2016 17:40:05 Scheduled Checkpoint
03-05-2016 13:06:02 Scheduled Checkpoint
09-05-2016 11:36:41 Scheduled Checkpoint
15-05-2016 14:46:37 Installed Epson Print CD
15-05-2016 17:06:03 McAfee Vulnerability Scanner
15-05-2016 17:06:50 Windows Update
16-05-2016 16:47:15 Scheduled Checkpoint
17-05-2016 18:44:59 Scheduled Checkpoint
18-05-2016 10:27:06 Scheduled Checkpoint
23-05-2016 13:09:08 McAfee Vulnerability Scanner
28-05-2016 21:18:36 McAfee Vulnerability Scanner
29-05-2016 20:49:19 Scheduled Checkpoint
30-05-2016 11:58:07 Scheduled Checkpoint
31-05-2016 08:47:08 Scheduled Checkpoint
04-06-2016 10:33:44 Scheduled Checkpoint
06-06-2016 21:54:26 Scheduled Checkpoint
08-06-2016 00:00:05 Scheduled Checkpoint
12-06-2016 12:11:50 Scheduled Checkpoint
12-06-2016 15:42:34 McAfee Vulnerability Scanner
12-06-2016 15:44:06 Windows Update
13-06-2016 09:57:40 Scheduled Checkpoint
14-06-2016 00:00:02 Scheduled Checkpoint
18-06-2016 17:08:47 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/20/2016 06:44:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2016 06:43:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (06/20/2016 06:41:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application CCleaner.exe, version 5.10.0.5373, time stamp 0x55f9cdaf, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x72206469,
process id 0x464, application start time 0xCCleaner.exe0.
Error: (06/20/2016 06:39:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2016 06:39:44 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (06/20/2016 06:38:59 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (06/20/2016 06:31:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\HOUSEHOLD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\WIIUH2F4.DEFAULT-1461280926459\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (06/20/2016 06:31:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\HOUSEHOLD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\WIIUH2F4.DEFAULT-1461280926459\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (06/20/2016 06:30:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2016 06:29:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (06/20/2016 06:44:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (06/20/2016 06:40:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.
Error: (06/20/2016 06:40:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (06/20/2016 06:40:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.
Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.
Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.
Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: SAS Core Service110001Restart the service
Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.
Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.
Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
DfsC
i8042prt
mfehidk
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
SASDIFSV
SASKUTIL
Smb
spldr
tdx
Wanarpv6
CodeIntegrity:
===================================
Date: 2016-06-20 18:40:07.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:34.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:34.279
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:33.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:33.013
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:32.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:31.732
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:30.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:29.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-06-15 15:33:29.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 76%
Total physical RAM: 2046.35 MB
Available physical RAM: 489.68 MB
Total Virtual: 4325.88 MB
Available Virtual: 2639.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.75 GB) (Free:368.47 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 69205244)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================