Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I hope this is the right place to post this..


  • This topic is locked This topic is locked
14 replies to this topic

#1 DD7725

DD7725

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 10 April 2016 - 06:34 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by RAN11 (administrator) on DESKTOP-4UP6D6N (10-04-2016 07:04:16)
Running from C:\Users\RAN11\Downloads
Loaded Profiles: RAN11 (Available Profiles: RAN11)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13895912 2015-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
Startup: C:\Users\RAN11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2016-04-10]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a52e0856-21db-44d2-b92b-872daf99523d}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-1211850489-824470670-3997010686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-07] (Google Inc.)
 
Chrome:
=======
CHR Profile: C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-07]
CHR Extension: (Google Docs) - C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-07]
CHR Extension: (Google Drive) - C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-07]
CHR Extension: (YouTube) - C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-07]
CHR Extension: (Google Sheets) - C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28736 2016-03-16] (Hewlett-Packard Company)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [313584 2015-08-07] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4320280 2015-09-21] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-10 07:04 - 2016-04-10 07:04 - 00008496 _____ C:\Users\RAN11\Downloads\FRST.txt
2016-04-10 07:04 - 2016-04-10 07:04 - 00000000 ____D C:\FRST
2016-04-10 07:02 - 2016-04-10 07:02 - 02374144 _____ (Farbar) C:\Users\RAN11\Downloads\FRST64.exe
2016-04-10 05:28 - 2016-04-10 05:28 - 00000000 ___HD C:\OneDriveTemp
2016-04-09 07:40 - 2016-04-09 07:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-04-08 18:28 - 2016-04-08 18:28 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRAN11
2016-04-08 18:28 - 2016-04-08 18:28 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRAN11.job
2016-04-07 18:00 - 2016-04-07 18:00 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-07 18:00 - 2016-04-07 18:00 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-07 17:59 - 2016-04-10 06:09 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-07 17:59 - 2016-04-10 05:28 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-07 17:59 - 2016-04-07 18:04 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-07 17:59 - 2016-04-07 18:04 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-07 17:59 - 2016-04-07 18:03 - 00002037 _____ C:\Users\RAN11\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-04-07 17:59 - 2016-04-07 18:00 - 00000000 ____D C:\Users\RAN11\AppData\Local\Google
2016-04-07 17:59 - 2016-04-07 18:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-07 17:59 - 2016-04-07 17:59 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\SUPERAntiSpyware.com
2016-04-07 17:59 - 2016-04-07 17:59 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-04-07 17:58 - 2016-04-07 17:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-07 17:58 - 2016-04-07 17:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-07 17:57 - 2016-04-07 17:58 - 25269208 _____ (SUPERAntiSpyware) C:\Users\RAN11\Downloads\SUPERAntiSpyware.exe
2016-04-07 17:37 - 2016-04-07 17:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-07 17:37 - 2016-04-07 17:37 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-07 17:37 - 2016-04-07 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-07 17:36 - 2016-04-07 17:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-07 17:36 - 2016-04-07 17:36 - 22851472 _____ (Malwarebytes ) C:\Users\RAN11\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-07 17:36 - 2016-04-07 17:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-07 17:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-07 17:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-07 17:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-07 17:26 - 2016-04-07 17:26 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2016-04-07 17:24 - 2016-04-07 17:24 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-04-07 17:24 - 2015-05-27 01:13 - 00402136 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-04-07 17:24 - 2014-10-20 04:50 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2016-04-07 17:24 - 2014-01-27 00:39 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2016-04-07 17:23 - 2016-04-07 17:23 - 00000000 _____ C:\Recovery.txt
2016-04-07 17:22 - 2016-04-07 17:22 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-04-07 17:22 - 2016-04-07 17:22 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\Intel
2016-04-07 17:22 - 2016-04-07 17:22 - 00000000 ____D C:\ProgramData\Intel
2016-04-07 17:22 - 2016-04-07 17:22 - 00000000 ____D C:\Program Files\Intel
2016-04-07 17:22 - 2016-04-07 17:22 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-04-07 17:22 - 2016-04-07 17:22 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-07 17:22 - 2016-04-07 17:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-04-07 17:16 - 2016-04-07 17:16 - 00000000 ____D C:\Intel
2016-04-07 17:13 - 2016-04-07 17:13 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\ATI
2016-04-07 17:13 - 2016-04-07 17:13 - 00000000 ____D C:\Users\RAN11\AppData\Local\ATI
2016-04-07 17:13 - 2016-04-07 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-04-07 17:13 - 2016-04-07 17:13 - 00000000 ____D C:\ProgramData\ATI
2016-04-07 17:11 - 2016-04-07 17:11 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-07 17:11 - 2016-04-07 17:11 - 00000000 ____D C:\Program Files (x86)\AMD
2016-04-07 17:00 - 2016-04-07 17:00 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\RAN11\Downloads\HPSupportSolutionsFramework-12.3.11.29 (1).exe
2016-04-07 16:56 - 2016-04-07 16:56 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-04-07 16:56 - 2016-04-07 16:56 - 00000000 ____D C:\Program Files\Realtek
2016-04-07 16:55 - 2015-06-05 02:59 - 02825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-04-07 16:52 - 2016-04-07 17:24 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-04-07 16:52 - 2016-04-07 16:57 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-04-07 16:51 - 2016-04-07 17:26 - 00000000 ____D C:\SWSETUP
2016-04-07 16:50 - 2016-04-07 17:33 - 00000000 ____D C:\Users\RAN11\AppData\Local\Hewlett-Packard
2016-04-07 16:50 - 2016-04-07 17:25 - 00000000 ____D C:\Users\RAN11\Downloads\HP Downloads
2016-04-07 16:47 - 2016-04-07 16:47 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\Hewlett-Packard
2016-04-07 16:37 - 2016-04-08 18:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-04-07 16:37 - 2016-04-07 17:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-07 16:37 - 2016-04-07 16:37 - 00002307 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-04-07 16:37 - 2016-04-07 16:37 - 00000000 ___HD C:\System.sav
2016-04-07 16:37 - 2016-04-07 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-04-07 16:36 - 2016-04-07 16:36 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\hpqLog
2016-04-07 16:35 - 2016-04-07 16:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-04-07 16:34 - 2016-04-09 07:41 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-07 16:33 - 2016-04-07 16:34 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\RAN11\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe
2016-04-07 16:31 - 2016-04-07 16:31 - 00000000 ____D C:\ProgramData\USOShared
2016-04-07 16:31 - 2015-10-30 03:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-04-07 16:29 - 2016-04-07 16:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Default\My Documents
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\Default User
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Users\All Users
2016-04-07 16:29 - 2016-04-07 16:29 - 00000000 _SHDL C:\Documents and Settings
2016-04-07 16:25 - 2016-04-07 17:12 - 00000000 ____D C:\Program Files\AMD
2016-04-07 16:25 - 2016-04-07 16:57 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-04-07 16:25 - 2016-04-07 16:25 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-04-07 16:25 - 2016-04-07 16:25 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-04-07 16:23 - 2016-04-07 16:54 - 00203176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-07 16:23 - 2016-04-07 16:37 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-04-07 16:23 - 2016-04-07 16:23 - 00002067 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-04-07 16:23 - 2016-04-07 16:23 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-04-07 16:23 - 2016-04-07 16:23 - 00000000 ____D C:\ProgramData\Visan
2016-04-07 16:23 - 2016-04-07 16:23 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-04-07 16:23 - 2016-04-07 16:23 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-04-07 16:22 - 2016-04-07 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-04-07 16:22 - 2016-04-07 16:22 - 00003780 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 1510 series
2016-04-07 16:22 - 2016-04-07 16:22 - 00002296 _____ C:\Users\Public\Desktop\HP Deskjet 1510 series.lnk
2016-04-07 16:22 - 2016-04-07 16:22 - 00001243 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1510 series.lnk
2016-04-07 16:22 - 2016-04-07 16:22 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\HpUpdate
2016-04-07 16:22 - 2016-04-07 16:22 - 00000000 ____D C:\Program Files\HP
2016-04-07 16:22 - 2016-04-07 16:22 - 00000000 ____D C:\Program Files (x86)\HP
2016-04-07 16:21 - 2016-04-07 16:21 - 00000057 _____ C:\ProgramData\Ament.ini
2016-04-07 16:20 - 2016-04-07 16:23 - 00000000 ____D C:\Users\RAN11\AppData\Local\HP
2016-04-07 16:20 - 2016-04-07 16:22 - 00000000 ____D C:\ProgramData\HP
2016-04-07 14:51 - 2016-04-07 14:52 - 00000000 ____D C:\Windows.old
2016-04-07 14:51 - 2016-04-07 14:51 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-04-07 14:51 - 2016-04-07 14:51 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-04-07 14:51 - 2016-04-07 13:38 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-07 14:48 - 2016-04-07 14:48 - 00000000 ____D C:\WINDOWS\Setup
2016-04-07 14:45 - 2016-04-07 14:45 - 00000000 ____D C:\WINDOWS\OCR
2016-04-07 14:45 - 2016-04-07 14:45 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-07 14:45 - 2016-04-07 14:45 - 00000000 ____D C:\Program Files\MSBuild
2016-04-07 14:45 - 2016-04-07 14:45 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-07 14:45 - 2016-04-07 14:45 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\0409
2016-04-07 14:44 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-04-07 14:39 - 2016-03-08 03:12 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-07 14:39 - 2016-03-08 03:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 14:36 - 2016-04-07 17:23 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-04-07 14:36 - 2016-04-07 14:31 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-04-07 14:36 - 2016-04-07 14:31 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-04-07 14:36 - 2016-04-07 14:31 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-04-07 14:36 - 2016-04-07 14:31 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-04-07 14:36 - 2016-04-07 14:31 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-04-07 14:36 - 2016-04-07 14:31 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-04-07 14:36 - 2016-04-07 14:31 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-04-07 14:36 - 2016-04-07 14:31 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-04-07 14:36 - 2016-04-07 14:31 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-04-07 14:36 - 2016-04-07 14:31 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-04-07 14:36 - 2016-04-07 14:31 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-04-07 14:36 - 2016-04-07 14:31 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-04-07 14:36 - 2016-04-07 14:31 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-04-07 14:36 - 2016-04-07 14:31 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-04-07 14:36 - 2016-04-07 14:31 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-04-07 14:36 - 2016-04-07 14:31 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-04-07 14:36 - 2016-04-07 14:31 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-04-07 14:36 - 2016-04-07 14:31 - 00000219 _____ C:\WINDOWS\system.ini
2016-04-07 14:36 - 2016-04-07 14:31 - 00000092 _____ C:\WINDOWS\win.ini
2016-04-07 14:35 - 2016-04-09 16:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-07 14:35 - 2016-04-08 13:52 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-07 14:35 - 2016-04-08 06:40 - 00000000 ____D C:\WINDOWS\appcompat
2016-04-07 14:35 - 2016-04-07 16:31 - 00000000 ____D C:\WINDOWS\system32\spool
2016-04-07 14:35 - 2016-04-07 16:31 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-04-07 14:35 - 2016-04-07 16:31 - 00000000 ____D C:\WINDOWS\rescache
2016-04-07 14:35 - 2016-04-07 16:31 - 00000000 ____D C:\ProgramData\USOPrivate
2016-04-07 14:35 - 2016-04-07 16:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\setup
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\system32\Com
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\IME
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\Help
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-07 14:35 - 2016-04-07 14:44 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\ias
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\ShellNew
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\Registration
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\Cursors
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\WINDOWS\addins
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-07 14:35 - 2016-04-07 14:36 - 00000000 ____D C:\Program Files\Common Files\Services
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\Web
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\Vss
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\tracing
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\TAPI
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SystemResources
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SystemApps
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\ras
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\IME
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\System
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SKB
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\security
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\schemas
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\SchCache
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\Resources
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\PLA
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\Performance
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\InputMethod
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\Globalization
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\Branding
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\ProgramData\Comms
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\Program Files\Windows NT
2016-04-07 14:35 - 2016-04-07 14:35 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-04-07 14:35 - 2016-04-07 14:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 __RSD C:\WINDOWS\Media
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\WINDOWS\Provisioning
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-07 14:35 - 2016-04-07 14:12 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-07 14:35 - 2016-04-07 14:00 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-04-07 14:35 - 2016-04-07 13:43 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-04-07 14:35 - 2016-04-07 13:43 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-04-07 14:35 - 2016-04-07 13:41 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-04-07 14:32 - 2016-04-10 05:38 - 00000000 ____D C:\WINDOWS\INF
2016-04-07 14:19 - 2016-04-07 14:19 - 00000000 ____D C:\Users\RAN11\AppData\Local\NetworkTiles
2016-04-07 14:19 - 2016-04-07 14:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-07 14:18 - 2016-04-07 14:18 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\Macromedia
2016-04-07 14:08 - 2016-04-07 16:57 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-07 14:08 - 2016-04-07 16:30 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-07 14:08 - 2016-04-07 14:44 - 00000000 ____D C:\WINDOWS\servicing
2016-04-07 14:08 - 2016-04-07 14:35 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-04-07 14:08 - 2015-10-30 02:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-04-07 14:07 - 2016-04-07 14:08 - 00000000 ___HD C:\$Windows.~BT
2016-04-07 14:04 - 2016-04-07 14:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-07 14:04 - 2016-04-07 14:04 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-07 14:01 - 2015-12-08 23:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\Users\RAN11\AppData\Local\MicrosoftEdge
2016-04-07 13:46 - 2016-04-10 05:28 - 00000000 ___RD C:\Users\RAN11\OneDrive
2016-04-07 13:46 - 2016-04-07 16:56 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-04-07 13:46 - 2016-04-07 13:47 - 00002370 _____ C:\Users\RAN11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-07 13:46 - 2016-04-07 13:46 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-04-07 13:46 - 2016-04-07 13:46 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-04-07 13:45 - 2016-04-07 13:45 - 00000000 ____D C:\Users\RAN11\AppData\Local\Comms
2016-04-07 13:45 - 2016-04-07 13:45 - 00000000 ____D C:\Users\RAN11\AppData\Local\ActiveSync
2016-04-07 13:44 - 2016-04-07 13:44 - 00000000 ____D C:\Users\RAN11\AppData\Local\Publishers
2016-04-07 13:43 - 2016-04-07 16:21 - 00000000 ____D C:\Users\RAN11\AppData\Local\Packages
2016-04-07 13:43 - 2016-04-07 14:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-07 13:43 - 2016-04-07 14:04 - 00000000 ____D C:\Users\RAN11\AppData\Local\PackageStaging
2016-04-07 13:43 - 2016-04-07 13:43 - 00000000 ____D C:\Users\RAN11\AppData\Roaming\Adobe
2016-04-07 13:43 - 2016-04-07 13:43 - 00000000 ____D C:\Users\RAN11\AppData\Local\VirtualStore
2016-04-07 13:43 - 2016-04-07 13:43 - 00000000 ____D C:\Users\RAN11\AppData\Local\TileDataLayer
2016-04-07 13:41 - 2016-04-07 17:22 - 00000000 ____D C:\Users\RAN11
2016-04-07 13:41 - 2016-04-07 13:41 - 00000020 ___SH C:\Users\RAN11\ntuser.ini
2016-04-07 13:41 - 2016-04-07 13:41 - 00000000 _SHDL C:\Users\RAN11\My Documents
2016-04-07 13:41 - 2016-04-07 13:41 - 00000000 _SHDL C:\Users\RAN11\Documents\My Videos
2016-04-07 13:41 - 2016-04-07 13:41 - 00000000 _SHDL C:\Users\RAN11\Documents\My Pictures
2016-04-07 13:41 - 2016-04-07 13:41 - 00000000 _SHDL C:\Users\RAN11\Documents\My Music
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-07 17:23 - 2016-02-21 08:33 - 00000000 ___HD C:\$SysReset
2016-04-07 14:31 - 2015-10-30 03:19 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2016-04-07 14:30 - 2015-10-30 03:19 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jnwmon.dll
2016-04-07 14:28 - 2015-10-30 03:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-04-07 14:28 - 2015-10-30 03:19 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2016-04-07 14:27 - 2015-10-30 03:18 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-04-07 14:27 - 2015-10-30 03:17 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
 
==================== Files in the root of some directories =======
 
2016-04-07 16:21 - 2016-04-07 16:21 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-04-07 16:23
 
==================== End of FRST.txt ============================
 
Above is the scan I ran with FRST I ran cause i've been getting pop-ups from pc keeper telling me to run a scan which I haven't done. Note this pop-up only happens when I visit the topix forums which I read a lot.

Edited by Queen-Evie, 10 April 2016 - 09:17 AM.
moved from Am I Infected, merged posts.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:01 AM

Posted 10 April 2016 - 08:39 PM

Greetings DD7725 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. When you ran FRST there should have been an Addition.txt document created. Please copy and paste that report in your reply.

Please run the following for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Addition.txt
  • AdwCleaner report
  • RogueKiller report
  • MTB.txt
  • Attached System Summary report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 DD7725

DD7725
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 11 April 2016 - 02:54 AM


# AdwCleaner v5.110 - Logfile created 11/04/2016 at 03:48:26
# Updated 10/04/2016 by Xplode
# Database : 2016-04-10.3 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : RAN11 - DESKTOP-4UP6D6N
# Running from : C:\Users\RAN11\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\RAN11\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [916 bytes] - [11/04/2016 03:48:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [965 bytes] - [11/04/2016 03:45:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1060 bytes] ##########

Edited by Oh My!, 11 April 2016 - 08:58 AM.


#4 DD7725

DD7725
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 11 April 2016 - 03:13 AM


RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : RAN11 [Administrator]
Started from : C:\Users\RAN11\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/11/2016 04:09:57
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++
--- User ---
[MBR] 0eae83023456598674f609d967f2209b
[BSP] 4c1b8dd1a745da116e2fd7f24d2a3afc : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 941678 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1931653120 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1932574720 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1933496320 | Size: 450 MB
7 - [SYSTEM] Basic data partition | Offset (sectors): 1934417920 | Size: 9322 MB
User = LL1 ... OK
User = LL2 ... OK

Edited by Oh My!, 11 April 2016 - 08:59 AM.


#5 DD7725

DD7725
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 11 April 2016 - 03:21 AM


MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by RAN11 (administrator) on 11-04-2016 at 04:18:48
Running from "C:\Users\RAN11\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 110-243w Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek PCIe FE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration
 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : DESKTOP-4UP6D6N
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wi-Fi:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : AC-B5-7D-C3-F5-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-B5-7D-C3-F5-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 64-51-06-2D-6D-2A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:780:8202:2320::1(Preferred)
   Lease Obtained. . . . . . . . . . : Monday, April 11, 2016 3:49:47 AM
   Lease Expires . . . . . . . . . . : Monday, April 11, 2016 6:09:23 AM
   IPv6 Address. . . . . . . . . . . : 2601:780:8202:2320:38a2:a92:e466:8bd7(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:780:8202:2320:dc84:ed75:d2be:f52c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::38a2:a92:e466:8bd7%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 11, 2016 3:49:47 AM
   Lease Expires . . . . . . . . . . : Monday, April 18, 2016 4:16:55 AM
   Default Gateway . . . . . . . . . : fe80::e288:5dff:fe74:3e25%14
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 90460422
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-98-7B-87-64-51-06-2D-6D-2A
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{A52E0856-21DB-44D2-B92B-872DAF99523D}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2823:1bd0:f5ff:fffc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2823:1bd0:f5ff:fffc%11(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-98-7B-87-64-51-06-2D-6D-2A
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
Name:    google.com
Addresses:  2607:f8b0:4002:801::200e
   74.125.196.139
   74.125.196.101
   74.125.196.102
   74.125.196.113
   74.125.196.138
   74.125.196.100
Pinging google.com [2607:f8b0:4002:c08::65] with 32 bytes of data:
Reply from 2607:f8b0:4002:c08::65: time=26ms
Reply from 2607:f8b0:4002:c08::65: time=25ms
Ping statistics for 2607:f8b0:4002:c08::65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 26ms, Average = 25ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   98.139.183.24
   206.190.36.45
   98.138.253.109
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=54ms
Reply from 2001:4998:58:c02::a9: time=55ms
Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 55ms, Average = 54ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...ac b5 7d c3 f5 8f ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
 10...1e b5 7d c3 f5 8f ......Microsoft Wi-Fi Direct Virtual Adapter
 14...64 51 06 2d 6d 2a ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  2...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.3     20
         10.0.0.0    255.255.255.0         On-link          10.0.0.3    276
         10.0.0.3  255.255.255.255         On-link          10.0.0.3    276
       10.0.0.255  255.255.255.255         On-link          10.0.0.3    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.3    276
===========================================================================
Persistent Routes:
  None
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14    276 ::/0                     fe80::e288:5dff:fe74:3e25
  1    306 ::1/128                  On-link
 11    306 2001::/32                On-link
 11    306 2001:0:9d38:6abd:2823:1bd0:f5ff:fffc/128
                                    On-link
 14    276 2601:780:8202:2320::/60  fe80::e288:5dff:fe74:3e25
 14    276 2601:780:8202:2320::/64  On-link
 14    276 2601:780:8202:2320::1/128
                                    On-link
 14    276 2601:780:8202:2320:38a2:a92:e466:8bd7/128
                                    On-link
 14    276 2601:780:8202:2320:dc84:ed75:d2be:f52c/128
                                    On-link
 14    276 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::2823:1bd0:f5ff:fffc/128
                                    On-link
 14    276 fe80::38a2:a92:e466:8bd7/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\system32\napinsp.dll [55808] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Catalog5 02 C:\WINDOWS\system32\pnrpnsp.dll [70656] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Catalog5 03 C:\WINDOWS\system32\pnrpnsp.dll [70656] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Catalog5 04 C:\WINDOWS\system32\NLAapi.dll [65024] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Catalog5 05 C:\WINDOWS\System32\mswsock.dll [312160] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Catalog5 06 C:\WINDOWS\System32\winrnr.dll [23552] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
**** End of log ****

Edited by Oh My!, 11 April 2016 - 09:00 AM.


#6 DD7725

DD7725
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 11 April 2016 - 03:40 AM

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by RAN11 (administrator) on 11-04-2016 at 04:18:48
Running from "C:\Users\RAN11\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 110-243w Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek PCIe FE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration
 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : DESKTOP-4UP6D6N
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wi-Fi:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : AC-B5-7D-C3-F5-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-B5-7D-C3-F5-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 64-51-06-2D-6D-2A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:780:8202:2320::1(Preferred)
   Lease Obtained. . . . . . . . . . : Monday, April 11, 2016 3:49:47 AM
   Lease Expires . . . . . . . . . . : Monday, April 11, 2016 6:09:23 AM
   IPv6 Address. . . . . . . . . . . : 2601:780:8202:2320:38a2:a92:e466:8bd7(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:780:8202:2320:dc84:ed75:d2be:f52c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::38a2:a92:e466:8bd7%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 11, 2016 3:49:47 AM
   Lease Expires . . . . . . . . . . : Monday, April 18, 2016 4:16:55 AM
   Default Gateway . . . . . . . . . : fe80::e288:5dff:fe74:3e25%14
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 90460422
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-98-7B-87-64-51-06-2D-6D-2A
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{A52E0856-21DB-44D2-B92B-872DAF99523D}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2823:1bd0:f5ff:fffc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2823:1bd0:f5ff:fffc%11(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-98-7B-87-64-51-06-2D-6D-2A
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
Name:    google.com
Addresses:  2607:f8b0:4002:801::200e
   74.125.196.139
   74.125.196.101
   74.125.196.102
   74.125.196.113
   74.125.196.138
   74.125.196.100
Pinging google.com [2607:f8b0:4002:c08::65] with 32 bytes of data:
Reply from 2607:f8b0:4002:c08::65: time=26ms
Reply from 2607:f8b0:4002:c08::65: time=25ms
Ping statistics for 2607:f8b0:4002:c08::65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 26ms, Average = 25ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   98.139.183.24
   206.190.36.45
   98.138.253.109
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=54ms
Reply from 2001:4998:58:c02::a9: time=55ms
Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 55ms, Average = 54ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...ac b5 7d c3 f5 8f ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
 10...1e b5 7d c3 f5 8f ......Microsoft Wi-Fi Direct Virtual Adapter
 14...64 51 06 2d 6d 2a ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  2...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.3     20
         10.0.0.0    255.255.255.0         On-link          10.0.0.3    276
         10.0.0.3  255.255.255.255         On-link          10.0.0.3    276
       10.0.0.255  255.255.255.255         On-link          10.0.0.3    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.3    276
===========================================================================
Persistent Routes:
  None
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14    276 ::/0                     fe80::e288:5dff:fe74:3e25
  1    306 ::1/128                  On-link
 11    306 2001::/32                On-link
 11    306 2001:0:9d38:6abd:2823:1bd0:f5ff:fffc/128
                                    On-link
 14    276 2601:780:8202:2320::/60  fe80::e288:5dff:fe74:3e25
 14    276 2601:780:8202:2320::/64  On-link
 14    276 2601:780:8202:2320::1/128
                                    On-link
 14    276 2601:780:8202:2320:38a2:a92:e466:8bd7/128
                                    On-link
 14    276 2601:780:8202:2320:dc84:ed75:d2be:f52c/128
                                    On-link
 14    276 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::2823:1bd0:f5ff:fffc/128
                                    On-link
 14    276 fe80::38a2:a92:e466:8bd7/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\system32\napinsp.dll [55808] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Catalog5 02 C:\WINDOWS\system32\pnrpnsp.dll [70656] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Catalog5 03 C:\WINDOWS\system32\pnrpnsp.dll [70656] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Catalog5 04 C:\WINDOWS\system32\NLAapi.dll [65024] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Catalog5 05 C:\WINDOWS\System32\mswsock.dll [312160] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Catalog5 06 C:\WINDOWS\System32\winrnr.dll [23552] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
**** End of log ****
 
Hey I've got the zip file ready but I don't see any option to attach to post?
Ran


Computer still the same last I checked lastnight haven't been to the site (topix) since running these scans
Ran

Edited by Oh My!, 11 April 2016 - 09:02 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:01 AM

Posted 11 April 2016 - 09:04 AM

Greetings,

There is no need to repost my instructions in any of your replies. Please put all of the requested information in one post.
 

When you ran FRST there should have been an Addition.txt document created. Please copy and paste that report in your reply.

If you don't have that report rerun a FRST scan and make sure you put a check mark in Addition.txt.

===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are ready to post your response hit Reply and the file will be automatically attached to your reply

Edited by Oh My!, 11 April 2016 - 09:06 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 DD7725

DD7725
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 11 April 2016 - 09:26 AM

Oki I attached the file and , i'll look at the FRST log again  putting everything in this ;post. Will rerun FRST.

 

BTW it seems you edited do you want those to stay the same or do you want to copy and paste all the results from all the scans in this post?

 

Ok got what I think you are looking for

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RAN11 (2016-04-10 07:05:50)
Running from C:\Users\RAN11\Downloads
Windows 10 Home Version 1511 (X64) (2016-04-07 17:39:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1211850489-824470670-3997010686-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1211850489-824470670-3997010686-503 - Limited - Disabled)
Guest (S-1-5-21-1211850489-824470670-3997010686-501 - Limited - Disabled)
RAN11 (S-1-5-21-1211850489-824470670-3997010686-1001 - Administrator - Enabled) => C:\Users\RAN11

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{CE8066BF-3EF7-35D4-0CC8-45DC93B20C87}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.3.11.29 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® PRO/Wireless Driver (HKLM\...\{4d4a045b-9761-43d2-811c-1c29cbdb7459}) (Version: 18.12.0000.3040 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1211850489-824470670-3997010686-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\RAN11\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {031B3EFB-253B-4FB3-B604-0C610524A672} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-07] (Google Inc.)
Task: {04FBC861-69DC-4EA4-ADCA-9784EAA7E1D3} - System32\Tasks\HPCeeScheduleForRAN11 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {09A6C8FB-F84C-4722-B5AD-F53E35E42B9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {1C3B2A41-BD57-431F-B02E-160B92697E1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {2FA8C9D5-C530-4DE3-B745-7A4A17EAA438} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {6D82306B-C6BD-4E7E-AECD-55A568C67E87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-07] (Google Inc.)
Task: {869A41DF-44A6-4C81-B029-DF7A14FAC81E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-16] (Hewlett-Packard)
Task: {C6D07F28-F0D9-4084-9E3E-1BF8A8A2A574} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {CDA3A88A-3F78-4F6F-9117-A384A27B6F99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {E558CE01-1CD1-424E-A2C8-33CDBE53295C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-03-24] (HP Inc.)
Task: {FFE7D125-8250-4B94-B832-94BAB2E61072} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRAN11.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-05 13:08 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-05 13:08 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-08 21:59 - 2016-01-04 21:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-08 21:57 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-05 13:08 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-09 08:44 - 2016-01-04 21:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-08 21:59 - 2016-01-04 21:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-02-09 08:43 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-09 08:45 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-07 16:35 - 2016-04-07 16:35 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-07 16:35 - 2016-04-07 16:35 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-07 16:35 - 2016-04-07 16:35 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-04-07 14:36 - 2016-04-07 14:31 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1211850489-824470670-3997010686-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RAN11\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hp_svinoya_norway_sunset.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{45D43AE2-668B-41B0-B6C0-C48B0D65E386}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{72730309-BA11-4683-8370-AF854FB3EE60}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CEF9A71A-ECF7-4876-B11A-00867598F10B}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C0FF8AD4-2A6C-48DC-8972-0A6699E4E2FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-04-2016 13:37:57 Windows Modules Installer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2016 05:54:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UP6D6N)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/10/2016 05:54:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UP6D6N)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/09/2016 05:53:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UP6D6N)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/08/2016 02:03:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UP6D6N)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/08/2016 12:24:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Faulting module name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Exception code: 0xc000041d
Fault offset: 0x000000000015e231
Faulting process id: 0x40c
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (04/08/2016 12:24:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Faulting module name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Exception code: 0xc0000005
Fault offset: 0x000000000015e231
Faulting process id: 0x40c
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (04/08/2016 09:45:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Faulting module name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Exception code: 0xc000041d
Fault offset: 0x000000000015e231
Faulting process id: 0x21a8
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (04/08/2016 09:45:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Faulting module name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Exception code: 0xc0000005
Fault offset: 0x000000000015e231
Faulting process id: 0x21a8
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (04/07/2016 04:27:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UP6D6N)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/07/2016 04:22:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UP6D6N)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (04/09/2016 06:35:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_65ae820 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2016 06:35:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_65ae820 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2016 06:35:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_65ae820 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2016 06:35:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_65ae820 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2016 06:35:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/09/2016 12:26:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_5b6199c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2016 12:26:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_5b6199c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2016 12:26:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_5b6199c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2016 12:26:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_5b6199c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/09/2016 12:26:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
  Date: 2016-04-07 14:16:32.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-07 14:07:05.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-07 13:38:45.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-07 16:24:27.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 7612.59 MB
Available physical RAM: 5381.07 MB
Total Virtual: 9468.59 MB
Available Virtual: 7153.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:919.61 GB) (Free:895.36 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:9.1 GB) (Free:1.11 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2FCD5957)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files

  • Attached File  SS.zip   60.78KB   2 downloads

Edited by DD7725, 11 April 2016 - 09:37 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:01 AM

Posted 12 April 2016 - 08:48 AM

Greetings,

I edited to remove duplicate information.

Can you clarify the below, is this the BleepingComputer topics forum?

Note this pop-up only happens when I visit the topix forums which I read a lot.


Please run these.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Pop up on BleepingComputer?
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 DD7725

DD7725
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 12 April 2016 - 10:43 AM

I don't see any pop-up for  mybleeping computer forum, I will run scan now



#11 DD7725

DD7725
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 12 April 2016 - 11:54 AM

ESET came back clean, didn't see a log

 

computer running the same

 

 

Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Windows Defender MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


Edited by DD7725, 12 April 2016 - 11:59 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:01 AM

Posted 12 April 2016 - 12:33 PM

Those reports are excellent. Any remaining concerns before I post some closing information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 DD7725

DD7725
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 12 April 2016 - 01:40 PM

No.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:01 AM

Posted 12 April 2016 - 08:10 PM

Great.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:01 AM

Posted 13 April 2016 - 08:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users