Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DVD tray opening on its own. Settings changed before my eyes


  • This topic is locked This topic is locked
16 replies to this topic

#1 hopeymope

hopeymope

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 15 October 2015 - 08:31 AM

I will be on my laptop when all of a sudden the DVD tray opens. Another time the device manager opened and uninstalled something in front of me and I had to reinstall my whole computer.  Yesterday morning I turned on the computer and was presented with a black screen 2 minutes later the login screen appeared. After login it had asked me if I want to restore my last browsing history. I never turn off my computer improperly. I can be in the browser when the size of the font changes from 100% to 75%. I will take care of any errors in event viewer only to have loads more the next morning. It's as if someone else is using my computer but I keep it in my room and have a password so I think I've been hacked.  I'm getting constant DistributedCom errors as well. thank you

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
Ran by Lisa (administrator) on LAPTOP (15-10-2015 14:01:33)
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1C4C99DD-9FBC-44B8-87FE-CD33ACAE199C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1C4C99DD-9FBC-44B8-87FE-CD33ACAE199C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{2722F689-BC99-4A70-A5BB-490BB941F9FE}: [DhcpNameServer] 127.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-233948627-1933802057-1306454189-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
HKU\S-1-5-21-233948627-1933802057-1306454189-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> DefaultScope {79C75CE0-CAA4-4C9A-8669-A2DACA99C6A9} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {1A88B609-C730-4C43-919D-776EF16715D9} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {1F6E73DA-E017-4102-9EE5-4AD4C80B83B6} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {79C75CE0-CAA4-4C9A-8669-A2DACA99C6A9} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows ® Win 7 DDK provider) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2015-07-07] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-27] (Qualcomm Atheros Communications, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2015-07-07] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 14:01 - 2015-10-15 14:01 - 00009876 _____ C:\Users\Lisa\Desktop\FRST.txt
2015-10-15 14:00 - 2015-10-15 14:01 - 00000000 ____D C:\FRST
2015-10-15 13:59 - 2015-10-15 13:59 - 02196992 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2015-10-15 13:22 - 2015-09-30 00:42 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-15 13:22 - 2015-09-30 00:42 - 01519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-15 13:22 - 2015-09-30 00:42 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-15 13:22 - 2015-09-30 00:42 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 14:17 - 2015-10-14 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-10-14 14:17 - 2015-10-14 14:17 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2015-10-14 14:17 - 2015-10-14 14:17 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2015-10-14 14:17 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2015-10-14 14:16 - 2015-10-14 14:16 - 00000000 ____D C:\Users\Lisa\AppData\Local\AntiLogger Free
2015-10-14 12:00 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 12:00 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 11:59 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 11:59 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 11:59 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 11:59 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 11:59 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 11:59 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 11:59 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 11:59 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 11:59 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 11:59 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 11:59 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 11:59 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 11:59 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 11:59 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 11:59 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 11:59 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 11:59 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 11:59 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 11:59 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 11:59 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 11:59 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 11:59 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 11:59 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 11:59 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 11:59 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 11:59 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 11:59 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 11:59 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 11:59 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 11:59 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 11:59 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 11:59 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 11:59 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 11:59 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 11:59 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 11:59 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 11:59 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 11:59 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 11:59 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 11:59 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 11:59 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 11:59 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-11 09:24 - 2015-10-11 09:24 - 00000000 ____D C:\Users\Lisa\Downloads\TakeOwnership
2015-10-10 12:35 - 2015-10-10 12:35 - 00001400 _____ C:\Users\Lisa\Desktop\WindowsUpdate.Bat
2015-10-10 09:45 - 2015-10-10 09:45 - 02091520 _____ (Conner Bernhard) C:\Users\Lisa\Desktop\NetAdapterRepair1.2.exe
2015-10-10 09:11 - 2014-09-06 15:26 - 00009216 _____ C:\WINDOWS\system32\cpn64.dll
2015-10-10 09:11 - 2014-09-06 15:26 - 00007168 _____ C:\WINDOWS\SysWOW64\cpn32.dll
2015-10-09 17:40 - 2015-10-09 17:40 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Program Files\Synaptics
2015-10-09 17:34 - 2015-10-13 14:07 - 00000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2015-10-09 17:34 - 2015-10-09 17:34 - 00000517 _____ C:\WINDOWS\SynInst.log
2015-10-09 17:13 - 2015-10-09 17:13 - 00000000 ____D C:\Users\Lisa\AppData\Local\Microsoft_Corporation
2015-10-09 17:09 - 2015-10-09 17:09 - 00000000 _____ C:\WINDOWS\system32\””
2015-10-09 16:51 - 2015-10-09 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-09 16:50 - 2015-10-09 16:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-09 16:50 - 2015-10-09 16:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-09 16:06 - 2015-10-09 16:10 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Lisa\Desktop\iExplore64.exe
2015-10-09 16:00 - 2015-10-09 16:28 - 00000000 ____D C:\Program Files (x86)\Everything
2015-10-09 16:00 - 2015-10-09 16:00 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2015-10-09 15:58 - 2015-10-09 15:58 - 00000000 ____D C:\Users\Lisa\AppData\Local\Zemana
2015-10-09 15:52 - 2015-10-09 15:52 - 05078968 _____ ( ) C:\Users\Lisa\Desktop\Zemana.AntiMalware.Setup.exe
2015-10-09 15:50 - 2015-10-09 15:50 - 03480040 _____ (McAfee, Inc.) C:\Users\Lisa\Desktop\MCPR.exe
2015-10-09 15:22 - 2015-10-09 15:21 - 00000058 _____ C:\Users\Lisa\Desktop\RestoreAncillaryFunctionDriverforWinsockWindows8.bat
2015-10-09 15:21 - 2015-10-09 15:21 - 00000058 _____ C:\Users\Lisa\Downloads\RestoreAncillaryFunctionDriverforWinsockWindows8.bat
2015-10-07 12:18 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-07 12:18 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-07 12:18 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-07 12:18 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-07 12:18 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-07 12:18 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-07 12:18 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-07 12:18 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-07 12:18 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-07 12:18 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-07 12:18 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-07 12:18 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-07 12:18 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-07 12:18 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-07 12:18 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-07 12:18 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-07 12:18 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-07 12:18 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-07 12:18 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-04 08:35 - 2015-10-04 08:35 - 00000668 _____ C:\Users\Lisa\Downloads\{4FBAB242-3ED6-4A68-B5A5-3805FE9100ED}.reg
2015-10-04 08:33 - 2015-10-04 08:33 - 00000836 _____ C:\Users\Lisa\Documents\{4FBAB242-3ED6-4A68-B5A5-3805FE9100ED}.reg
2015-10-02 14:19 - 2015-10-02 14:19 - 00000000 _____ C:\WINDOWS\system32\dir
2015-09-29 16:04 - 2015-08-10 19:15 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-09-29 16:04 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-09-29 16:04 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-09-29 16:04 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-09-29 16:04 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-09-29 16:04 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-09-29 16:04 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-29 16:04 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-29 16:04 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-09-29 16:04 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-09-29 16:04 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-09-29 16:04 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-09-29 16:04 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-09-29 16:04 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-09-29 16:03 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-09-29 16:03 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-09-29 16:02 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-29 16:02 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-29 16:02 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-09-28 13:12 - 2015-09-29 15:58 - 00000000 ____D C:\Users\Lisa\AppData\LocalLow\Intel
2015-09-27 11:34 - 2015-10-14 11:49 - 00228268 _____ C:\WINDOWS\PFRO.log
2015-09-25 14:24 - 2015-09-25 14:24 - 00000000 ____D C:\Users\Lisa\Doctor Web
2015-09-23 14:40 - 2015-10-15 13:27 - 00004504 _____ C:\WINDOWS\setupact.log
2015-09-23 14:40 - 2015-09-23 14:40 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-23 14:36 - 2015-10-15 13:48 - 01727937 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-21 14:59 - 2015-09-29 15:31 - 00000000 ____D C:\Users\Lisa\AppData\Local\{3E4D1752-3F9C-4F68-B7D8-E5F32A7EEB8D}
2015-09-18 12:36 - 2015-09-18 12:36 - 00087077 _____ C:\Users\Lisa\Downloads\WindowsLiveMailDiagnostic.diagcab

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 14:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-15 13:51 - 2015-07-03 19:33 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233948627-1933802057-1306454189-1001
2015-10-15 13:27 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-15 13:26 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-15 13:07 - 2015-07-03 23:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-15 13:05 - 2015-07-03 23:15 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-14 14:06 - 2015-07-07 16:59 - 00000000 ____D C:\Users\Lisa\Downloads\regsearch
2015-10-14 12:20 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-14 12:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
2015-10-13 14:06 - 2015-07-03 20:58 - 00000000 ____D C:\Program Files\CCleaner
2015-10-12 12:46 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-11 17:09 - 2015-07-03 19:20 - 00000000 ____D C:\Users\Lisa
2015-10-11 16:37 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-11 15:12 - 2015-07-03 19:21 - 00000000 ____D C:\Users\Lisa\AppData\Local\Packages
2015-10-10 13:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-09 15:46 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-09 15:46 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-09 15:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-09 14:15 - 2013-08-22 12:32 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll
2015-10-07 12:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-07 12:19 - 2015-07-07 17:58 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-07 12:19 - 2015-07-07 17:57 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-04 14:25 - 2015-07-29 14:38 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-04 13:21 - 2015-07-26 11:43 - 00000000 ____D C:\AdwCleaner
2015-10-03 12:54 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-02 15:24 - 2015-07-04 07:42 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 15:24 - 2015-07-04 07:42 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-01 17:01 - 2013-09-09 17:17 - 00994356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-29 15:58 - 2013-12-02 09:28 - 00000000 ____D C:\Program Files\Intel
2015-09-29 15:58 - 2013-12-02 09:26 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-29 15:56 - 2015-07-03 20:58 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-29 15:33 - 2015-07-17 14:24 - 00000000 ____D C:\Users\DefaultAppPool
2015-09-29 15:33 - 2015-07-07 13:15 - 00000000 ____D C:\Users\.NET v4.5 Classic
2015-09-29 15:33 - 2015-07-07 13:15 - 00000000 ____D C:\Users\.NET v4.5
2015-09-29 15:33 - 2015-07-03 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-29 15:33 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-09-29 15:33 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2015-09-29 15:32 - 2015-08-23 12:50 - 00000000 ____D C:\Users\Lisa\Downloads\Icon Cache Rebuilder
2015-09-29 15:32 - 2015-08-23 09:27 - 00000000 ____D C:\Users\Lisa\Downloads\JavaRa-2.6.1
2015-09-29 15:32 - 2015-08-17 17:57 - 00000000 ____D C:\Users\Lisa\Downloads\ProcessMonitor
2015-09-29 15:32 - 2015-07-20 18:52 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Runscanner.net
2015-09-29 15:32 - 2015-07-04 07:57 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\QFX Software
2015-09-29 15:32 - 2015-07-04 07:57 - 00000000 ____D C:\ProgramData\QFX Software
2015-09-29 15:32 - 2013-12-02 09:36 - 00000000 ____D C:\Program Files (x86)\Atheros
2015-09-29 15:32 - 2013-09-09 17:21 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2015-09-29 15:32 - 2013-09-09 17:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-29 15:32 - 2013-09-09 17:20 - 00000000 ____D C:\Program Files\TOSHIBA
2015-09-29 15:32 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\servicing
2015-09-29 15:31 - 2015-09-13 12:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
2015-09-29 15:21 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-09-29 15:13 - 2013-09-09 17:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-09-25 13:39 - 2015-07-09 16:04 - 00000000 ____D C:\Users\Lisa\AppData\LocalLow\Adobe

==================== Files in the root of some directories =======

2015-09-13 16:44 - 2015-09-13 16:44 - 0007601 _____ () C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg
2015-08-16 18:04 - 2015-08-16 18:06 - 0001293 _____ () C:\Users\Lisa\AppData\Local\Temp1.html
2015-08-16 18:07 - 2015-08-16 18:07 - 0006640 _____ () C:\Users\Lisa\AppData\Local\Temp20.html

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-05 15:15

==================== End of FRST.txt ============================


Edited by hopeymope, 16 October 2015 - 04:42 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 18 October 2015 - 08:41 PM

Greetings hopeymope and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Is there an Addition.txt document on your Desktop? If so please copy and paste the information in your reply. If not, run a FRST scan again making sure to check Addition.txt and post both reports.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 hopeymope

hopeymope
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 19 October 2015 - 06:22 AM

Yes here is the Addition.txt for you. Thank you very much for your swift reply. I am sorry about the method I went about this. Copy and paste is new to me.

Edited by hopeymope, 19 October 2015 - 06:42 AM.


#4 hopeymope

hopeymope
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 19 October 2015 - 06:41 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by Lisa (2015-10-15 14:02:19)
Running from C:\Users\Lisa\Desktop
Windows 8.1 (X64) (2015-07-03 18:21:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233948627-1933802057-1306454189-500 - Administrator - Disabled)
Guest (S-1-5-21-233948627-1933802057-1306454189-501 - Limited - Disabled)
Lisa (S-1-5-21-233948627-1933802057-1306454189-1001 - Administrator - Enabled) => C:\Users\Lisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
EiaRepairTool (x32 Version: 1.00.0000 - ) Hidden
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-09-2015 15:59:14 McAfee Vulnerability Scanner
07-10-2015 12:18:19 Windows Update
09-10-2015 14:15:04 Windows Modules Installer
14-10-2015 12:00:26 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-07-29 14:52 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1F0EAB11-4580-44FD-8352-FBBC220886D5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\CompatTelRunner.exe [2015-09-19] (Microsoft Corporation)
Task: {3A30F296-5120-4831-9923-4034F3F4C3CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-15] (Microsoft Corporation)
Task: {5453252F-5B10-430A-AB8C-210D45754282} - System32\Tasks\{AA0E0D03-4B7E-4CF6-A70C-88973536FB9F} => pcalua.exe -a C:\Users\Lisa\Desktop\McafeeRootkitDetective\Rootkit_Detective.exe -d C:\Users\Lisa\Desktop\McafeeRootkitDetective
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {BCB0D565-B045-4E99-BD5E-257AB9B7E94D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {CDE4F543-6F42-42B6-B9B5-E3391CAC8DC1} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {EC16DD14-867C-432D-85C4-55BA56D323E0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-10-10 09:11 - 2014-09-06 15:26 - 00009216 _____ () C:\Windows\System32\cpn64.dll
2013-03-27 13:53 - 2013-03-27 13:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2013-09-10 13:54 - 2013-09-10 13:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Lisa\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99367588.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99367588.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\facebook.com -> hxxps://www.facebook.com
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\google.co.uk -> hxxp://www.google.co.uk
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\google.co.uk -> hxxps://www.google.co.uk
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\microsoft.com -> hxxp://*.update.microsoft.com
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\micrrosoft.com -> hxxps://*.windowsupdate.micrrosoft.com
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\tabs -> tabs
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\windowsupdate.com -> hxxp://*.download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\youtube.com -> hxxps://www.youtube.com

IE restricted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\libwww-perl -> libwww-perl

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233948627-1933802057-1306454189-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{4B08D61C-46A4-4A39-ABB8-A239E8BFB7BF}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{626A582C-E96F-46CE-AEA8-13947AE6ECD2}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{37774B06-B0FD-4E62-9BB5-74C98C64A0A5}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{5E7E4655-C405-4CD2-8077-7276C9771A42}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{6DF6E87C-5EB6-4AD7-9A1E-31CA77856AAF}] => (Allow) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
FirewallRules: [{22509699-1FB8-48F1-9578-96B93935BC13}] => (Allow) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
FirewallRules: [{A1BAE2A8-C6ED-4F9A-969D-451CE90DD67F}] => (Allow) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
FirewallRules: [{140AE4AB-BF04-4971-B0FD-9462572CEE95}] => (Allow) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
FirewallRules: [{C06380C5-F16F-445F-B252-B736ADBCAD23}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{CEA1E1BE-C2C2-448C-8522-E82BC0CB834D}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{A1102CF4-6B8C-4019-9E4F-BC8E9970B80D}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{D0BA8F4B-5F6C-42D1-A462-A60E9F53CB0C}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{2C773049-59B9-4B85-A65F-6D140F8E5566}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe
FirewallRules: [{F312D6C6-7818-4F57-BA96-44B641F65EFE}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe
FirewallRules: [{1DC153DD-1A05-442C-84B0-5DECA4F77A75}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe
FirewallRules: [{7DDE65EB-5BB3-4391-B4B9-339A0E4A660A}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe
FirewallRules: [{86A3C344-8421-479F-A5CD-0DEA7B1C6C91}] => (Allow) C:\Program Files\VoodooShield\VoodooShield.exe
FirewallRules: [{1D4DEB24-E960-4911-9022-BC04BEE64B74}] => (Allow) C:\Program Files\VoodooShield\VoodooShield.exe
FirewallRules: [{C9126030-77E5-41F0-B80B-F3C290188413}] => (Allow) C:\Program Files\VoodooShield\VoodooShield.exe
FirewallRules: [{70D523D8-77FF-4710-A0BD-C5D8382D45EB}] => (Allow) C:\Program Files\VoodooShield\VoodooShield.exe
FirewallRules: [{BC50E390-4D15-4C49-8AA2-0E75A95D1C14}] => (Allow) C:\Program Files\VoodooShield\VoodooShieldService.exe
FirewallRules: [{BBC20F9D-C1D3-4066-BA26-C0E97398ECF3}] => (Allow) C:\Program Files\VoodooShield\VoodooShieldService.exe
FirewallRules: [{A0088C28-D83D-4C10-8CA4-58B15CB0B144}] => (Allow) C:\Program Files\VoodooShield\VoodooShieldService.exe
FirewallRules: [{47D8C673-12D9-482E-A58F-20BB96FF70FF}] => (Allow) C:\Program Files\VoodooShield\VoodooShieldService.exe
FirewallRules: [{D5D90FF2-A438-406C-B9BB-333DF19C829F}] => (Allow) C:\Program Files\Internet Explorer\ielowutil.exe
FirewallRules: [{779BC9F2-F30D-48B2-9C11-4F76C49E4636}] => (Allow) C:\Program Files\Internet Explorer\ielowutil.exe
FirewallRules: [{643E99AE-F072-4808-B7BC-8D8E18CE9A5C}] => (Allow) C:\Program Files\Internet Explorer\ielowutil.exe
FirewallRules: [{467F69E8-7ACF-4BC6-88A0-6D04998EF316}] => (Allow) C:\Program Files\Internet Explorer\ielowutil.exe
FirewallRules: [{E5524AB9-7ED0-431A-A94D-6FF868EF4967}] => (Allow) C:\Program Files\Internet Explorer\ieinstal.exe
FirewallRules: [{AB7CC8CE-961A-4D2D-9C15-0FF2C5A9C5E0}] => (Allow) C:\Program Files\Internet Explorer\ieinstal.exe
FirewallRules: [{203A2B1E-81EC-49A4-86C6-8E2504CB29CB}] => (Allow) C:\Program Files\Internet Explorer\ieinstal.exe
FirewallRules: [{E47569A6-C7F6-45A8-8748-571D669DE246}] => (Allow) C:\Program Files\Internet Explorer\ieinstal.exe
FirewallRules: [{58F1844A-76CE-4FD6-B555-D6C2D1B62F1E}] => (Allow) C:\Program Files\Internet Explorer\iediagcmd.exe
FirewallRules: [{2F881513-AB6C-4E2E-BFA2-7A232A210DAD}] => (Allow) C:\Program Files\Internet Explorer\iediagcmd.exe
FirewallRules: [{ADAE6411-B791-40EA-ACC8-9E0C53A4DA53}] => (Allow) C:\Program Files\Internet Explorer\iediagcmd.exe
FirewallRules: [{649D3F14-C44D-4018-8CF0-B9D9DB3BD09E}] => (Allow) C:\Program Files\Internet Explorer\iediagcmd.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2015 01:58:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 92c

Start Time: 01d106734676d6ac

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 37a30249-7273-11e5-82d4-0c54a53d9447

Faulting package full name:

Faulting package-relative application ID:

Error: (10/13/2015 02:06:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.10.0.5373, time stamp: 0x55f9cece
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4c341
Exception code: 0xe06d7363
Fault offset: 0x000000000000871c
Faulting process ID: 0x76c
Faulting application start time: 0xCCleaner64.exe0
Faulting application path: CCleaner64.exe1
Faulting module path: CCleaner64.exe2
Report ID: CCleaner64.exe3
Faulting package full name: CCleaner64.exe4
Faulting package-relative application ID: CCleaner64.exe5

Error: (10/13/2015 11:45:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a00

Start Time: 01d1059e8ac45542

Termination Time: 124

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 8ab552d6-7197-11e5-82d2-0c54a53d9447

Faulting package full name:

Faulting package-relative application ID:

Error: (10/12/2015 12:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.10.0.5373, time stamp: 0x55f9cece
Faulting module name: CCleaner64.exe, version: 5.10.0.5373, time stamp: 0x55f9cece
Exception code: 0x40000015
Fault offset: 0x00000000001060bd
Faulting process ID: 0x12dc
Faulting application start time: 0xCCleaner64.exe0
Faulting application path: CCleaner64.exe1
Faulting module path: CCleaner64.exe2
Report ID: CCleaner64.exe3
Faulting package full name: CCleaner64.exe4
Faulting package-relative application ID: CCleaner64.exe5


System errors:
=============
Error: (10/15/2015 01:38:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VoodooShieldService service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2015 01:26:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/15/2015 07:44:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/14/2015 11:55:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service did not respond on starting.

Error: (10/14/2015 11:48:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/13/2015 04:29:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/13/2015 11:51:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/12/2015 01:03:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/11/2015 05:09:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/11/2015 04:23:28 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.


CodeIntegrity:
===================================
Date: 2015-10-15 13:27:28.851
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\services.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2015-10-15 13:27:28.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\services.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2015-10-15 12:57:57.764
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\cpn64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-15 12:57:57.530
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\SysWOW64\cpn32.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 14:19:45.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\services.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2015-10-14 14:19:45.525
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\services.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2015-10-14 13:13:38.573
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2015-10-14 13:13:37.667
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2015-10-14 12:23:23.509
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\services.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2015-10-14 12:23:23.337
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\services.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 3971.27 MB
Available physical RAM: 2260.82 MB
Total Virtual: 4739.27 MB
Available Virtual: 2313.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:920.8 GB) (Free:893.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 19 October 2015 - 10:06 AM

It is my pleasure to work with you on this. It is a team effort.

Thanks for posting the information. It takes a little bit to figure out how to navigate the site and posting.

Do your recognize this program? If so, can you tell me why it was downloaded?

EiaRepairTool

We are going to uninstall CCleaner because it is causing some issues. We can reinstall it later if you wish.

Please do these things.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
CCleaner
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {1A88B609-C730-4C43-919D-776EF16715D9} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {1F6E73DA-E017-4102-9EE5-4AD4C80B83B6} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {79C75CE0-CAA4-4C9A-8669-A2DACA99C6A9} URL = 
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
2015-10-02 14:19 - 2015-10-02 14:19 - 00000000 _____ C:\WINDOWS\system32\dir
2015-10-04 08:35 - 2015-10-04 08:35 - 00000668 _____ C:\Users\Lisa\Downloads\{4FBAB242-3ED6-4A68-B5A5-3805FE9100ED}.reg
2015-10-04 08:33 - 2015-10-04 08:33 - 00000836 _____ C:\Users\Lisa\Documents\{4FBAB242-3ED6-4A68-B5A5-3805FE9100ED}.reg
2015-09-21 14:59 - 2015-09-29 15:31 - 00000000 ____D C:\Users\Lisa\AppData\Local\{3E4D1752-3F9C-4F68-B7D8-E5F32A7EEB8D}
2015-08-16 18:04 - 2015-08-16 18:06 - 0001293 _____ () C:\Users\Lisa\AppData\Local\Temp1.html
2015-08-16 18:07 - 2015-08-16 18:07 - 0006640 _____ () C:\Users\Lisa\AppData\Local\Temp20.html
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {5453252F-5B10-430A-AB8C-210D45754282} - System32\Tasks\{AA0E0D03-4B7E-4CF6-A70C-88973536FB9F} => pcalua.exe -a C:\Users\Lisa\Desktop\McafeeRootkitDetective\Rootkit_Detective.exe -d C:\Users\Lisa\Desktop\McafeeRootkitDetective
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\tabs -> tabs
File: C:WINDOWS\System32\cpn64.dll
File: C:\WINDOWS\SysWOW64\cpn32.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the program?
  • Did CCleaner uninstall properly?
  • Fixlog
  • System Summary Information
  • Update on computer performance

Edited by Oh My!, 20 October 2015 - 02:47 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 hopeymope

hopeymope
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 20 October 2015 - 08:59 AM

EiaRepairTool I think is related to McAfee Virtual Technician. I did not see Ccleaner in Revo.  I have sent you the logs. The computer seems to be running smoother. I can tell right away. What were all those task that were removed? I had McAfee installed but it was taking up so much space I removed it. Thank you so much for the help.

Fix result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by Lisa (2015-10-20 14:40:52) Run:1
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic (Available Profiles: Lisa & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {1A88B609-C730-4C43-919D-776EF16715D9} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {1F6E73DA-E017-4102-9EE5-4AD4C80B83B6} URL =
SearchScopes: HKU\S-1-5-21-233948627-1933802057-1306454189-1001 -> {79C75CE0-CAA4-4C9A-8669-A2DACA99C6A9} URL =
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
2015-10-09 17:09 - 2015-10-09 17:09 - 00000000 _____ C:\WINDOWS\system32\
2015-10-02 14:19 - 2015-10-02 14:19 - 00000000 _____ C:\WINDOWS\system32\dir
2015-10-04 08:35 - 2015-10-04 08:35 - 00000668 _____ C:\Users\Lisa\Downloads\{4FBAB242-3ED6-4A68-B5A5-3805FE9100ED}.reg
2015-10-04 08:33 - 2015-10-04 08:33 - 00000836 _____ C:\Users\Lisa\Documents\{4FBAB242-3ED6-4A68-B5A5-3805FE9100ED}.reg
2015-09-21 14:59 - 2015-09-29 15:31 - 00000000 ____D C:\Users\Lisa\AppData\Local\{3E4D1752-3F9C-4F68-B7D8-E5F32A7EEB8D}
2015-08-16 18:04 - 2015-08-16 18:06 - 0001293 _____ () C:\Users\Lisa\AppData\Local\Temp1.html
2015-08-16 18:07 - 2015-08-16 18:07 - 0006640 _____ () C:\Users\Lisa\AppData\Local\Temp20.html
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {5453252F-5B10-430A-AB8C-210D45754282} - System32\Tasks\{AA0E0D03-4B7E-4CF6-A70C-88973536FB9F} => pcalua.exe -a C:\Users\Lisa\Desktop\McafeeRootkitDetective\Rootkit_Detective.exe -d C:\Users\Lisa\Desktop\McafeeRootkitDetective
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-233948627-1933802057-1306454189-1001\...\tabs -> tabs
File: C:WINDOWS\System32\cpn64.dll
File: C:\WINDOWS\SysWOW64\cpn32.dll
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-233948627-1933802057-1306454189-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-233948627-1933802057-1306454189-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A88B609-C730-4C43-919D-776EF16715D9}" => key removed successfully
HKCR\CLSID\{1A88B609-C730-4C43-919D-776EF16715D9} => key not found.
"HKU\S-1-5-21-233948627-1933802057-1306454189-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F6E73DA-E017-4102-9EE5-4AD4C80B83B6}" => key removed successfully
HKCR\CLSID\{1F6E73DA-E017-4102-9EE5-4AD4C80B83B6} => key not found.
"HKU\S-1-5-21-233948627-1933802057-1306454189-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79C75CE0-CAA4-4C9A-8669-A2DACA99C6A9}" => key removed successfully
HKCR\CLSID\{79C75CE0-CAA4-4C9A-8669-A2DACA99C6A9} => key not found.
ZAMSvc => service removed successfully
ZAM => service removed successfully
ZAM_Guard => service removed successfully
"C:\WINDOWS\system32" => Warning: FRST is scripted not to move this directory.
C:\WINDOWS\system32\dir => moved successfully
C:\Users\Lisa\Downloads\{4FBAB242-3ED6-4A68-B5A5-3805FE9100ED}.reg => moved successfully
C:\Users\Lisa\Documents\{4FBAB242-3ED6-4A68-B5A5-3805FE9100ED}.reg => moved successfully
C:\Users\Lisa\AppData\Local\{3E4D1752-3F9C-4F68-B7D8-E5F32A7EEB8D} => moved successfully
C:\Users\Lisa\AppData\Local\Temp1.html => moved successfully
C:\Users\Lisa\AppData\Local\Temp20.html => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5453252F-5B10-430A-AB8C-210D45754282}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5453252F-5B10-430A-AB8C-210D45754282}" => key removed successfully
C:\WINDOWS\System32\Tasks\{AA0E0D03-4B7E-4CF6-A70C-88973536FB9F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AA0E0D03-4B7E-4CF6-A70C-88973536FB9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
"HKU\S-1-5-21-233948627-1933802057-1306454189-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tabs" => key removed successfully

========================= File: C:WINDOWS\System32\cpn64.dll ========================

"C:WINDOWS\System32\cpn64.dll" => not found.
====== End of File: ======


========================= File: C:\WINDOWS\SysWOW64\cpn32.dll ========================

"C:\WINDOWS\SysWOW64\cpn32.dll" => not found.
====== End of File: ======



The system needed a reboot.

==== End of Fixlog 14:41:34 ====

Attached Files


Edited by Oh My!, 20 October 2015 - 02:45 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 20 October 2015 - 02:54 PM

Greetings,

The vast majority of the Tasks were orphaned entries, meaning the associated program had already been removed but those particular registry entries remained. We simply cleaned them up.

Since there is a noticeable improvement let's leave CCleaner alone for now.

Please do these things.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 hopeymope

hopeymope
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 21 October 2015 - 05:46 AM

ESET found nothing. Here is the security log. Right now its running fantastic. I'm wanting to ask what you think about the DVD tray opening on its own and the device manager too?

 

 Results of screen317's Security Check version 1.011 --- 10/21/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 60 
 Java version 32-bit out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Attached Files


Edited by Oh My!, 21 October 2015 - 11:17 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 21 October 2015 - 11:18 AM

Greetings,

 

I'm wanting to ask what you think about the DVD tray opening on its own and the device manager too?

 

Is this still the case? When you said your computer was running well I assumed these things were fixed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 hopeymope

hopeymope
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 October 2015 - 02:31 AM

Oh no, everything is running great, could not be better. I guess I just wanted to know why it was happening is all. In your opinion. Thank you ever so much for the help xx



#11 hopeymope

hopeymope
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 October 2015 - 07:21 AM

Ok I'm still having problems with Ccleaner. Also about an hour ago I was typing and if I pressed a letter on the keyboard like for example I press P I would get a B and so on. Ccleaner said something about C+ error. Thank you



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 22 October 2015 - 02:55 PM

If you could clarify for me just a bit.

When you say you are having problems with CCleaner is it the program itself or is the "problem" the C++ error CCleaner is telling you about?

I am assuming you are using the keyboard on the laptop itself. Do you have a USB keyboard you can test?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 hopeymope

hopeymope
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 October 2015 - 05:24 AM

Ccleaner is the problem, but not all the time. I have uninstalled Ccleaner and I'm using WiseDiskCleaner and the problem has subsided. I do not know what happened with the keyboard but after I cleaned it stopped. The C+ error pops up occasionally with Ccleaner. I am using Zemana antilogger right now. Perhaps it is that



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 23 October 2015 - 11:48 AM

Greetings,

We removed a lot of stuff so it is hard to pinpoint any one thing.

Whether it is CCleaner or any other tool, BleepingComputer does not recommend the use of any Registry cleaners. Other portions of tools are fine but manipulating the Registry can have significant consequences.

Are there any other issues? If not, we are all done and I will post some closing information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 hopeymope

hopeymope
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 24 October 2015 - 01:46 AM

No there are no other issues. I never did use the registry part of Ccleaner. I'm using something different now. I want to thank you so much for helping me. I really do appreciate it. The laptop is running fine now. All the best to you xx






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users