Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo and Google not loading; Zone Alarm message


  • This topic is locked This topic is locked
26 replies to this topic

#1 aabill

aabill

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:08:30 PM

Posted 20 April 2016 - 01:58 PM

In addition to the first problem, I had trouble with Eset Nod32 Antivirus 8 recently. I tried to uninstall and reinstall and cannot get it to work now. When I try to install it, I get a not communicating with kernel error.

 

 

 

 

I receive this message when I reboot my ATT Uverse Modem:

 

ZoneAlarm

Host Process for Windows Services was prevented

from changing the settings of ZoneAlarm Free Firewall

by modifying the registry key:

hkcs\services\vsdatant\parameters\adapters

 

 

I reset the modem a few times every day when sites like yahoo and google won't come up in Firefox or IE or Chrome.

 

Sometimes other sites work when these don't.

 

I worked with ATT twice. They convinced me that it was not the modem and did not want to sell me a new one. They were convinced the problem is with my computer.

 

Malwarebytes Anti Exploit runs when I am on a browser.

 

Zone Alarm Free Firewall 14.1.011.000

 

Firefox 45.0.1

Windows 7 Ultimate 32 bit Version 6.1.7601 Service Pack 1

AMD Athlon 64 X2 Dual Core Processor 3800+  2009 Mhz 3008 MB RAM

Eset Nod32 Antivirus 8

 

 

I refreshed Firefox and things ran okay for a day or two.

 

Then I uninstalled Firefox, deleted my profile, and reinstalled Firefox. Again things worked okay for a day or so.

 

Then it was back to rebooting the modem several times a day.

 

Device manager shows no problem with Network Adapters.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by Bill (administrator) on USER-PC (20-04-2016 14:31:53)
Running from C:\Users\Bill\Desktop
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boincmgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Google Inc.) C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boinc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sysinternals - www.sysinternals.com) C:\Users\Bill\Desktop\procexp.exe
(Krzysztof Kowalczyk) D:\OLD HARD DRIVE\Program Files\SumatraPDF\SumatraPDF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TkBellExe] => "D:\OLD HARD DRIVE\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [SDTray] => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
HKLM\...\Run: [boinctray] => D:\Program Files\BOINC\boinctray.exe [62760 2015-12-17] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => D:\Program Files\BOINC\boincmgr.exe [6999848 2015-12-17] (Space Sciences Laboratory)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-11-07] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-03-01] (SUPERAntiSpyware)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [Google Update] => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc.)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\MountPoints2: {3bb06430-8f99-11e5-9817-001d923b8f1d} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [1066280 2015-12-17] (Space Sciences Laboratory)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
IFEO\taskmgr.exe: [Debugger] "C:\USERS\BILL\DESKTOP\PROCEXP.EXE"
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2418160549-1670195301-1622969964-1002] => localhost:8080
AutoConfigURL: [S-1-5-21-2418160549-1670195301-1622969964-1002] => localhost:8080
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{045109CF-63E5-4646-9997-E79FA33A08E4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://att.yahoo.com/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
IE Session Restore: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default
FF Homepage: hxxps://att.yahoo.com/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-12-18] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.4.1.12\ma\bin\npMotive.dll [2014-08-27] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: @talk.google.com/O1DPlugin -> C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: jpl.nasa.gov/NASAEyes -> C:\Users\Bill\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2016-03-23] (Jet Propulsion Laboratory)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: tdameritrade.com/thinkorswim -> D:\Program Files\thinkorswim\npthinkorswim.dll [2015-11-10] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: tdameritrade.com/tossc -> D:\Program Files\thinkorswim\nptossc.dll [2015-11-10] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: ReminderFox - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2016-04-14]
FF Extension: NoScript - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-14]
FF Extension: ImTranslator - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2016-04-15]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (Rapport) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-14]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Google Search) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S4 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2372080 2016-03-23] (IBM Corp.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-11-07] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-05-27] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [24064 2014-07-07] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28672 2014-07-07] (LG Electronics Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-13] (ESET)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-01-29] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-04-19] (Malwarebytes)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 RapportCerberus_1609035; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609035.sys [752008 2016-04-03] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [307016 2016-03-23] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [98704 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [163576 2015-11-10] (Oracle Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [367064 2015-11-07] (Check Point Software Technologies Ltd.)
S3 eapihdrv; \??\C:\Users\Bill\AppData\Local\Temp\ehdrv.sys [X]
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 14:31 - 2016-04-20 14:32 - 00017520 _____ C:\Users\Bill\Desktop\FRST.txt
2016-04-20 14:31 - 2016-04-20 14:31 - 00000000 ____D C:\FRST
2016-04-20 14:29 - 2016-04-20 14:29 - 01726464 _____ (Farbar) C:\Users\Bill\Desktop\FRST.exe
2016-04-20 13:50 - 2016-04-20 13:50 - 00000000 ____D C:\Users\Bill\AppData\Roaming\LockAP
2016-04-20 12:52 - 2016-04-20 12:58 - 00000000 ___DC C:\Users\Bill\AppData\Local\MigWiz
2016-04-20 12:43 - 2016-04-20 12:47 - 570219192 _____ C:\Users\Bill\Documents\Thunderbird 38.7.2 (en-US) - 2016-04-20.pcv
2016-04-19 23:21 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-19 14:32 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-19 14:32 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-19 14:32 - 2016-03-17 18:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-19 14:32 - 2016-03-17 18:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-19 14:32 - 2016-03-17 18:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-19 14:32 - 2016-03-17 18:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-19 14:32 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-19 14:32 - 2016-03-17 18:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-19 14:32 - 2016-03-17 18:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-19 14:32 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-19 14:32 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-19 14:32 - 2016-03-17 18:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-19 14:32 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-19 14:32 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-19 14:32 - 2016-03-17 18:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-19 14:32 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-19 14:32 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-19 14:32 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-19 14:32 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-19 14:32 - 2016-03-17 18:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-19 14:32 - 2016-03-17 18:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-19 14:32 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-19 14:32 - 2016-03-17 18:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-19 14:32 - 2016-03-17 18:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-19 14:32 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 17:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-19 14:32 - 2016-03-17 17:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-19 14:32 - 2016-03-17 17:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-19 14:32 - 2016-03-17 17:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-19 14:32 - 2016-03-17 17:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-19 14:32 - 2016-03-17 17:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-19 14:32 - 2016-03-17 17:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-19 14:32 - 2016-03-17 17:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-19 14:32 - 2016-03-17 17:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-19 14:32 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-19 14:32 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-19 14:32 - 2016-03-17 17:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-19 14:32 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-19 14:32 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-19 14:31 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-19 14:31 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-19 14:31 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-19 14:31 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-19 14:31 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-19 14:31 - 2016-03-17 17:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-19 14:31 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-19 14:31 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-19 14:31 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-19 13:37 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-19 13:37 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-19 13:37 - 2016-03-15 19:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-19 13:37 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-19 13:36 - 2016-03-29 13:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-18 19:42 - 2016-04-18 19:42 - 00700104 _____ (ESET) C:\Users\Bill\Downloads\ESETUninstaller.exe
2016-04-18 19:29 - 2016-04-18 19:29 - 02993824 _____ (ESET) C:\Users\Bill\Downloads\eset_nod32_antivirus_live_installer(1).exe
2016-04-17 23:06 - 2016-04-17 23:06 - 00985600 _____ C:\Users\Bill\Downloads\MicrosoftFixit50123.msi
2016-04-17 19:19 - 2016-04-17 19:25 - 00000887 _____ C:\Users\Bill\Desktop\InDor.txt
2016-04-17 18:49 - 2016-04-17 18:49 - 00010587 _____ C:\Users\Bill\Documents\2015_Michigan_Form_4.pdf
2016-04-17 18:48 - 2016-04-17 18:48 - 00010587 _____ C:\Users\Bill\Downloads\2015_Michigan_Form_4.pdf
2016-04-17 18:34 - 2016-04-17 18:34 - 00012786 _____ C:\Users\Bill\Documents\2015_Federal_Form_4868.pdf
2016-04-17 18:33 - 2016-04-17 18:33 - 00012786 _____ C:\Users\Bill\Downloads\2015_Federal_Form_4868.pdf
2016-04-17 15:09 - 2016-04-17 15:10 - 00000075 _____ C:\Users\Bill\Desktop\TaxNotes.txt
2016-04-16 22:41 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-16 22:41 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-16 22:41 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-16 22:41 - 2016-03-30 20:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-16 22:41 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-16 22:41 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-16 22:41 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-16 22:41 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-16 22:41 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-16 22:41 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-16 22:41 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-16 22:41 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-16 22:41 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-16 22:41 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-16 22:41 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-16 22:41 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-16 22:41 - 2016-03-30 19:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-16 22:41 - 2016-03-30 19:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-16 22:41 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-16 22:41 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-16 22:41 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-16 22:41 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-16 22:41 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-16 22:41 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-16 22:41 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-16 22:41 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-16 22:41 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-16 22:41 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-16 22:41 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-16 22:41 - 2016-03-30 19:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-16 22:41 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-16 22:41 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-16 22:41 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-16 22:41 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-16 22:41 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-15 23:32 - 2016-04-15 23:32 - 00242144 _____ C:\Users\Bill\Downloads\Firefox Setup Stub 45.0.2 (3).exe
2016-04-15 11:19 - 2016-04-15 11:19 - 00000000 _____ C:\Users\Bill\Desktop\Gina.txt
2016-04-15 09:42 - 2016-04-15 09:42 - 00242144 _____ C:\Users\Bill\Downloads\Firefox Setup Stub 45.0.2 (2).exe
2016-04-14 16:47 - 2016-04-14 16:48 - 00029457 _____ C:\Users\Bill\Documents\2015_Federal_1040prelim.pdf
2016-04-14 09:32 - 2016-04-14 09:32 - 00242144 _____ C:\Users\Bill\Downloads\Firefox Setup Stub 45.0.2 (1).exe
2016-04-14 09:24 - 2016-04-14 09:24 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-14 09:24 - 2016-04-14 09:24 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-14 09:23 - 2016-04-14 09:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-14 09:19 - 2016-04-14 09:20 - 00242144 _____ C:\Users\Bill\Downloads\Firefox Setup Stub 45.0.2.exe
2016-04-14 08:30 - 2016-04-14 08:30 - 01592014 _____ C:\Users\Bill\Desktop\bookmarks.html
2016-04-13 17:36 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 17:36 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-10 11:08 - 2016-04-10 11:08 - 01926960 _____ (Dominik Reichl ) C:\Users\Bill\Downloads\KeePass-1.31-Setup.exe
2016-04-08 15:59 - 2016-04-08 15:59 - 03288231 _____ C:\Users\Bill\Documents\weather_weekly-04-05-2016.pdf
2016-04-08 15:59 - 2016-04-08 15:59 - 03221128 _____ C:\Users\Bill\Documents\weather_weekly-03-29-2016.pdf
2016-04-08 15:58 - 2016-04-18 11:28 - 06149974 _____ C:\Users\Bill\Documents\weather_weekly-03-15-2016.pdf
2016-04-08 15:58 - 2016-04-08 15:59 - 03433532 _____ C:\Users\Bill\Documents\weather_weekly-03-22-2016.pdf
2016-04-08 12:57 - 2016-04-08 12:57 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-08 12:57 - 2016-04-08 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-08 12:55 - 2016-04-08 12:57 - 00000000 ____D C:\Program Files\iTunes
2016-04-08 12:55 - 2016-04-08 12:55 - 00000000 ____D C:\Program Files\iPod
2016-04-06 14:24 - 2016-04-06 15:09 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-03-31 20:12 - 2016-03-31 20:15 - 04530024 _____ C:\Users\Bill\Downloads\dfsetup221.exe
2016-03-31 11:52 - 2016-03-31 11:52 - 03626165 _____ C:\Users\Bill\Downloads\PresidentialNominationCharts2016.pdf
2016-03-29 17:35 - 2016-03-29 17:35 - 00001102 _____ C:\Users\Bill\Desktop\reminderfox.ics - Shortcut.lnk
2016-03-29 11:28 - 2016-03-29 11:28 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-27 21:31 - 2016-03-27 21:31 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-03-27 21:04 - 2016-03-27 21:08 - 87260448 _____ C:\Users\Bill\Downloads\kodi-16.1-Jarvis_rc1.exe
2016-03-26 11:42 - 2016-03-26 11:42 - 01575094 _____ C:\Users\Bill\Downloads\100-jokes-shaped-modern-comedy-c-v-r.html
2016-03-25 15:05 - 2016-03-25 15:05 - 01411662 _____ C:\Users\Bill\Documents\FF45bookmarks.html
2016-03-24 17:52 - 2016-03-24 17:59 - 168879264 _____ (NVIDIA Corporation) C:\Users\Bill\Downloads\340.52-desktop-win8-win7-winvista-32bit-english-whql.exe
2016-03-24 17:31 - 2016-03-24 17:43 - 227056768 _____ (NVIDIA Corporation) C:\Users\Bill\Downloads\341.44-desktop-win8-win7-winvista-32bit-international-whql.exe
2016-03-24 17:08 - 2016-03-24 17:17 - 226992672 _____ (NVIDIA Corporation) C:\Users\Bill\Downloads\341.81-desktop-win8-win7-winvista-32bit-international.exe
2016-03-24 16:50 - 2016-03-24 17:01 - 226928696 _____ (NVIDIA Corporation) C:\Users\Bill\Downloads\341.92-desktop-win8-win7-winvista-32bit-international.exe
2016-03-24 16:31 - 2016-03-24 16:39 - 227389736 _____ (NVIDIA Corporation) C:\Users\Bill\Downloads\341.95-desktop-win8-win7-winvista-32bit-international.exe
2016-03-23 19:18 - 2016-03-23 19:18 - 00237544 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2016-03-23 14:21 - 2016-03-23 14:21 - 00000079 _____ C:\Windows\wininit.ini
2016-03-23 10:10 - 2016-03-23 10:10 - 00008702 _____ C:\Users\Bill\Documents\ccinstall.txt
2016-03-23 10:07 - 2016-03-23 10:07 - 00003426 _____ C:\Users\Bill\Documents\ccscheduledtasks.txt
2016-03-23 10:02 - 2016-03-23 10:02 - 00003178 _____ C:\Users\Bill\Documents\ccstartup.txt
2016-03-22 22:52 - 2016-03-27 02:36 - 00000000 ____D C:\AdwCleaner
2016-03-22 17:12 - 2016-03-22 17:12 - 00007016 _____ C:\Users\Bill\Documents\JRT.txt
2016-03-22 17:11 - 2016-03-22 17:12 - 00007016 _____ C:\Users\Bill\Desktop\JRT.txt
2016-03-22 17:04 - 2016-03-22 17:04 - 01610352 _____ (Malwarebytes) C:\Users\Bill\Desktop\JRT.exe
2016-03-22 16:21 - 2016-03-22 16:21 - 00002853 _____ C:\Users\Bill\Desktop\AdwCleaner.PIF
2016-03-22 16:16 - 2016-03-22 16:16 - 00000347 _____ C:\Users\Bill\Downloads\AdwCleaner.exe
2016-03-22 14:45 - 2016-03-22 14:45 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-22 14:45 - 2016-03-22 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-22 14:45 - 2016-03-22 14:45 - 00000000 ____D C:\Program Files\CCleaner
2016-03-22 14:41 - 2016-03-22 14:42 - 06868672 _____ (Piriform Ltd) C:\Users\Bill\Downloads\ccsetup516.exe
2016-03-22 14:17 - 2016-03-22 14:19 - 00001747 _____ C:\Users\Bill\Desktop\malwarebyte.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 13:06 - 2014-05-13 08:19 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-20 13:06 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-04-20 11:52 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-04-20 09:31 - 2009-07-14 00:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 09:31 - 2009-07-14 00:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 09:25 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-19 14:45 - 2014-05-17 02:42 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2016-04-19 13:51 - 2009-07-14 00:33 - 00287200 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-18 22:32 - 2014-05-13 19:27 - 00000000 ____D C:\Program Files\ESET
2016-04-18 14:53 - 2015-10-22 09:58 - 00004476 _____ C:\Users\Bill\Documents\Database.kdb
2016-04-18 11:31 - 2009-07-14 00:53 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-18 10:59 - 2014-05-13 08:37 - 00000000 ____D C:\Users\UpdatusUser
2016-04-17 13:06 - 2014-07-28 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-17 10:53 - 2014-05-15 16:36 - 00000000 ____D C:\Windows\Minidump
2016-04-17 09:46 - 2014-05-14 15:24 - 00000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2016-04-17 03:43 - 2014-05-13 08:35 - 00000000 ____D C:\Windows\system32\MRT
2016-04-17 03:31 - 2014-05-13 08:35 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-15 09:34 - 2014-05-13 20:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-14 09:24 - 2014-05-13 21:01 - 00000000 ____D C:\Users\Bill\AppData\Local\Mozilla
2016-04-14 09:24 - 2014-05-13 20:02 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Mozilla
2016-04-13 22:25 - 2014-05-14 16:25 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Kodi
2016-04-11 18:38 - 2014-05-13 13:35 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 18:38 - 2014-05-13 13:35 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-10 11:10 - 2015-08-09 13:29 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
2016-04-10 11:10 - 2015-08-09 13:29 - 00001053 _____ C:\Users\Bill\Desktop\KeePass.lnk
2016-04-10 11:10 - 2015-08-09 13:29 - 00000000 ____D C:\Program Files\KeePass Password Safe
2016-04-09 12:47 - 2014-05-13 16:19 - 00000000 ____D C:\Users\Bill\AppData\Local\Google
2016-04-08 15:17 - 2014-09-24 17:12 - 00000000 ____D C:\Users\Bill\AppData\Local\Adobe
2016-04-08 12:55 - 2014-05-16 09:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-08 12:02 - 2014-12-12 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-08 11:58 - 2014-05-14 10:52 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-08 11:58 - 2014-05-14 10:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-06 10:18 - 2014-05-13 08:30 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-04 22:20 - 2014-05-22 21:17 - 00003813 _____ C:\Users\Bill\.swfinfo
2016-04-03 20:55 - 2014-05-15 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-04-02 20:49 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
2016-04-01 11:05 - 2014-10-16 19:15 - 00000000 ____D C:\Users\Bill\Documents\Baseball
2016-03-29 11:31 - 2014-07-28 18:26 - 00000000 ____D C:\ProgramData\Oracle
2016-03-29 11:30 - 2014-10-17 17:41 - 00000000 ____D C:\Program Files\Java
2016-03-29 11:29 - 2014-10-17 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-29 11:28 - 2015-08-28 09:27 - 00000000 ____D C:\Users\Bill\.oracle_jre_usage
2016-03-29 11:27 - 2015-01-23 10:20 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-27 21:35 - 2015-02-03 16:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-27 21:31 - 2015-02-03 16:22 - 00000000 ____D C:\Program Files\Kodi
2016-03-24 14:07 - 2014-05-17 02:46 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-24 14:07 - 2014-05-17 02:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-24 14:07 - 2014-05-17 02:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-24 00:35 - 2014-05-13 08:37 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-23 14:24 - 2015-05-10 22:23 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418160549-1670195301-1622969964-1002UA.job
2016-03-23 14:24 - 2015-05-10 22:23 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418160549-1670195301-1622969964-1002Core.job
2016-03-23 14:24 - 2014-05-13 13:35 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-23 14:24 - 2014-05-13 13:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-23 14:23 - 2014-05-16 12:18 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-03-23 14:23 - 2014-05-13 13:35 - 00000000 ____D C:\Program Files\Google
2016-03-23 14:21 - 2014-05-16 12:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-23 14:15 - 2014-05-13 13:34 - 00000000 ____D C:\Program Files\Adobe
2016-03-22 14:48 - 2002-01-01 04:12 - 00000000 ____D C:\Windows\Panther

==================== Files in the root of some directories =======

2016-02-27 20:16 - 2016-02-27 20:16 - 0000000 ____H () C:\Users\Bill\AppData\Local\BITB7D9.tmp
2014-05-14 15:23 - 2014-05-14 15:23 - 0000017 _____ () C:\Users\Bill\AppData\Local\resmon.resmoncfg
2016-02-27 20:15 - 2016-02-27 20:15 - 0000000 _____ () C:\Users\Bill\AppData\Local\{6AD292FB-7766-47E2-B56A-B7D921753FFE}
2014-10-25 17:58 - 2014-10-25 19:09 - 0000000 _____ () C:\Users\Bill\AppData\Local\{6F1E7D97-373F-4F0D-8666-76E9027B7B02}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-19 16:31

==================== End of FRST.txt ============================

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 20 April 2016 - 09:54 PM

Greetings aabill and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

When you ran a FRST scan an Addition.txt file should have been created on your desktop. Please copy and paste that information in your reply. In addition, please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-2418160549-1670195301-1622969964-1002] => localhost:8080
AutoConfigURL: [S-1-5-21-2418160549-1670195301-1622969964-1002] => localhost:8080
Toolbar: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 eapihdrv; \??\C:\Users\Bill\AppData\Local\Temp\ehdrv.sys [X]
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-02-27 20:15 - 2016-02-27 20:15 - 0000000 _____ () C:\Users\Bill\AppData\Local\{6AD292FB-7766-47E2-B56A-B7D921753FFE}
2014-10-25 17:58 - 2014-10-25 19:09 - 0000000 _____ () C:\Users\Bill\AppData\Local\{6F1E7D97-373F-4F0D-8666-76E9027B7B02}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Addition.txt
  • RogueKiller log
  • MTB.txt
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 aabill

aabill
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:08:30 PM

Posted 21 April 2016 - 07:15 PM

Thank you for your help.

 

Sorry. I thought I attached it per these instructions:

 

You should now see the Addition.txt file. Click on it once to select it and then click on the Open button. You should now be back at the New Topic screen. Once there, click on the Attach This File button, as shown by the blue arrow in Figure 10 above.

Now that all the information has been entered into the post and the file has been attached, scroll down and click on the Post New Topic button to actually post your new topic to the forums.

I don't see it anywhere so I guess that didn't work.

 

Here is the copy:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by Bill (2016-04-20 14:33:17)
Running from C:\Users\Bill\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2002-01-01 08:29:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2418160549-1670195301-1622969964-500 - Administrator - Disabled)
Bill (S-1-5-21-2418160549-1670195301-1622969964-1002 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-2418160549-1670195301-1622969964-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2418160549-1670195301-1622969964-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AT&T Troubleshoot & Resolve (HKLM\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.4.1.12 - AT&T)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2008178128.48.56.3875682 - Audible, Inc.)
BOINC (HKLM\...\{DC6D5728-77CD-486F-A958-4229354913AC}) (Version: 7.6.22 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Emulator Starter (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\32bce9526e87661e) (Version: 1.0.0.141 - Free Game Empire)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FXCM Trading Station (HKLM\...\FXCM Trading Station) (Version: 111313 - )
FXCM Trading Station (Version: 111313 - FXCM) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
HostsMan 4.5.102 (HKLM\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{3079C5C8-325A-4354-A733-456BACA1E5FB}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
KeePass Password Safe 1.31 (HKLM\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)
Kodi (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Kodi) (Version:  - XBMC-Foundation)
LG United Mobile Drivers (HKLM\...\{F193D8D7-3D5E-4DB5-A74C-F8CD5378EE7B}) (Version: 3.12.3.0 - LG Electronics)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Node.js (HKLM\...\{C6249A36-0049-4492-9E4E-1DDD819ED0EA}) (Version: 0.10.32 - Joyent, Inc. and other Node contributors)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 5.0.10 (HKLM\...\{5EF918B8-5E04-4DB2-98CE-A0EAD834CD99}) (Version: 5.0.10 - Oracle Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (Version: 3.5.1609.47 - Trusteer) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1609.47 - Trusteer)
Visual MP3 Splitter & Joiner 9.0 (HKLM\...\Visual MP3 Splitter & Joiner_is1) (Version:  - ManiacTools.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
ZoneAlarm Firewall (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.1.011.000 - Check Point)
ZoneAlarm Security (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> D:\Program Files\thinkorswim\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll (Jet Propulsion Laboratory)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> D:\Program Files\thinkorswim\nptossc.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D6D764-20BD-451A-A9CC-6F998ABBB013} - System32\Tasks\{7885DD0E-5774-4C45-830E-4C1C0A82095D} => pcalua.exe -a "D:\Program Files\Candleworks\FXTS2\uninstall.exe" -d "D:\Program Files\Candleworks\FXTS2"
Task: {0C9530CA-470F-4FD8-A8FA-E6548937032F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {137F4BB2-F5E4-4190-9125-805B6877F9C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418160549-1670195301-1622969964-1002Core => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {163CFE70-6E7D-4AF7-A48F-6C844A81D901} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1A170C42-1087-4C4C-A830-5C98D1FC34CA} - System32\Tasks\{195763AC-E88D-438C-AC41-D8E4019922F5} => pcalua.exe -a "D:\Program Files\Candleworks\FXTS2\PackageInstaller.exe" -d "D:\Program Files\Candleworks\FXTS2"
Task: {3C845A57-6CB0-4070-BA5B-58AC308643F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3D7B50E8-B041-4D75-99A1-89C467D2336C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {5B5B78D7-F7CC-47F8-A9DA-5CA88C589F3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418160549-1670195301-1622969964-1002UA => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {669958E6-9BD7-4BA3-930B-44064394C2D3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {670B73DA-7476-43CA-8AC7-96AF7DBFD24F} - System32\Tasks\{8C91B3E4-ACDF-4D96-A31E-90640E226FAA} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {70B0F9D7-22A7-42C9-BD65-7F2C5DC97084} - System32\Tasks\{3D65C68E-B92D-4CDE-828D-D295FC1010EC} => pcalua.exe -a "D:\OLD HARD DRIVE\Canon\i5609x801us\SETUP.EXE"
Task: {8E6482E0-C5AC-4827-852C-D0416771016E} - System32\Tasks\Process Explorer-User-PC-Bill => C:\USERS\BILL\DESKTOP\PROCEXP.EXE [2014-10-24] (Sysinternals - www.sysinternals.com)
Task: {B92833B5-DE72-4858-841F-E54D8921AF60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CC697D85-1CDF-4C41-BA11-04EDCEC52432} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {CF6EA9BF-0CB5-43D8-A5B2-00E04501696F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {EE8D1B4E-1847-459B-90EA-F0C3CA141366} - System32\Tasks\{2AC29BEB-AD66-4753-A31F-4FFB1F4B78FE} => D:\OLD HARD DRIVE\Program Files\iTunes\iTunes.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418160549-1670195301-1622969964-1002Core.job => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418160549-1670195301-1622969964-1002UA.job => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Bill\Desktop\run_guiguts.bat - Shortcut.lnk -> D:\OLD HARD DRIVE\DP\guiguts-win-1.0.24\run_guiguts.bat ()

ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2014-05-13 08:37 - 2015-01-30 20:48 - 00078480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-15 13:23 - 2013-10-15 13:23 - 00190976 _____ () D:\Program Files\BOINC\zlib1.dll
2016-04-08 11:58 - 2016-04-08 11:58 - 19403968 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.

IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.

IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-04-16 12:06 - 2016-03-22 12:29 - 00450452 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15481 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ekrn => 2
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: ZoneAlarm => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEB43404-0826-4510-9A4E-D0CFE8B19568}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8489109D-937C-40A7-B434-951338F7BC36}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E49C742A-EACE-4D9A-BC41-1977E3FAF3FF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F91F8C79-A7E6-40F4-BA03-6AD8D15B4A5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CAD217DB-2040-44BA-A457-BDC36CCFFD54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5BEB976-7E5E-4EFA-AB05-899A2AD4DF3F}] => (Allow) D:\My Documents\Firefox\Mozilla Firefox\firefox.exe
FirewallRules: [{32028FDA-2124-44F4-872E-8046875A3526}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B11CA1B-6D6B-495A-AD84-A3563B3AF471}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CB12D84-C202-41E7-B66C-A3C92A2545D0}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EC3FCDFB-753C-4BEB-B1C9-95342AF03C8C}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{BED2AE65-3D37-4BD0-91BB-14712BC9210E}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{64AAC6A7-2C77-493F-B192-79D766C9D08F}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{CB4EF68D-A6B8-4E23-9DEA-65DB62DB088B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{20375D5B-D894-4C81-B356-421B111FC0CB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD04B4C4-44FA-4617-A9BA-6A68E3AB7FBA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8BAC6521-A14F-4C25-9EEB-941A2DD4142B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

16-04-2016 15:14:52 Scheduled Checkpoint
17-04-2016 03:30:38 Windows Update
17-04-2016 19:00:40 Windows Backup
17-04-2016 23:06:20 Windows Update
17-04-2016 23:06:34 Installed Microsoft Fix it 50123
17-04-2016 23:20:31 Windows Modules Installer
18-04-2016 00:58:56 Installed Microsoft Fix it 50123
18-04-2016 01:05:59 Installed Microsoft Fix it 50123
19-04-2016 13:38:11 Windows Update
19-04-2016 14:32:12 Windows Update
19-04-2016 23:21:28 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2016 10:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
Exception code: 0x80000003
Fault offset: 0x0000ec22
Faulting process id: 0x1690
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/18/2016 07:51:12 PM) (Source: MsiInstaller) (EventID: 11321) (User: User-PC)
Description: Product: ESET NOD32 Antivirus -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe.

Error: (04/18/2016 07:38:30 PM) (Source: MsiInstaller) (EventID: 11321) (User: User-PC)
Description: Product: ESET NOD32 Antivirus -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe.

Error: (04/18/2016 11:31:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: qmgr.dll, version: 7.5.7601.17514, time stamp: 0x4ce7b999
Exception code: 0xc0000005
Fault offset: 0x00065f77
Faulting process id: 0x460
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3

Error: (04/18/2016 11:15:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RapportService.exe, version: 3.5.1609.47, time stamp: 0x56f2ce58
Faulting module name: RapportUtil.dll, version: 3.5.1609.47, time stamp: 0x56f2cdb8
Exception code: 0xc0000005
Fault offset: 0x00004459
Faulting process id: 0x1f4
Faulting application start time: 0xRapportService.exe0
Faulting application path: RapportService.exe1
Faulting module path: RapportService.exe2
Report Id: RapportService.exe3

Error: (04/17/2016 10:05:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RapportService.exe, version: 3.5.1609.47, time stamp: 0x56f2ce58
Faulting module name: RapportUtil.dll, version: 3.5.1609.47, time stamp: 0x56f2cdb8
Exception code: 0xc0000005
Fault offset: 0x00004459
Faulting process id: 0x834
Faulting application start time: 0xRapportService.exe0
Faulting application path: RapportService.exe1
Faulting module path: RapportService.exe2
Report Id: RapportService.exe3

Error: (04/17/2016 01:13:56 PM) (Source: MsiInstaller) (EventID: 11321) (User: User-PC)
Description: Product: ESET NOD32 Antivirus -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe.

Error: (04/17/2016 12:58:38 PM) (Source: MsiInstaller) (EventID: 11321) (User: User-PC)
Description: Product: ESET NOD32 Antivirus -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe.

Error: (04/17/2016 12:37:44 PM) (Source: MsiInstaller) (EventID: 11404) (User: User-PC)
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (04/17/2016 12:37:36 PM) (Source: MsiInstaller) (EventID: 11404) (User: User-PC)
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.


System errors:
=============
Error: (04/20/2016 09:25:08 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/19/2016 07:19:22 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/19/2016 03:47:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/19/2016 03:46:38 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (04/19/2016 02:34:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/19/2016 01:50:47 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/19/2016 09:13:46 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/19/2016 12:29:20 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (04/19/2016 12:27:16 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/19/2016 12:26:35 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 69%
Total physical RAM: 3007.43 MB
Available physical RAM: 924.94 MB
Total Virtual: 6013.18 MB
Available Virtual: 3424.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:250.86 GB) (Free:194.85 GB) NTFS
Drive d: (DATA) (Fixed) (Total:214.8 GB) (Free:67.98 GB) NTFS
Drive f: (DATA DRIVE  (Remember to BACKUP)) (Fixed) (Total:396.22 GB) (Free:94.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6B4876E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=214.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 61D26694)
Partition 1: (Not Active) - (Size=396.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 21 April 2016 - 09:55 PM

Thank you,

Though I am still waiting for the results of the other steps I posted you can also run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
Task: {70B0F9D7-22A7-42C9-BD65-7F2C5DC97084} - System32\Tasks\{3D65C68E-B92D-4CDE-828D-D295FC1010EC} => pcalua.exe -a "D:\OLD HARD DRIVE\Canon\i5609x801us\SETUP.EXE"
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 aabill

aabill
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:08:30 PM

Posted 21 April 2016 - 11:02 PM

Here they are, Gary. I think I have them all here.

 

Thanks

 

Bill

 

Fix result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by Bill (2016-04-21 21:02:35) Run:1
Running from C:\Users\Bill\Desktop
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-2418160549-1670195301-1622969964-1002] => localhost:8080
AutoConfigURL: [S-1-5-21-2418160549-1670195301-1622969964-1002] => localhost:8080
Toolbar: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 eapihdrv; \??\C:\Users\Bill\AppData\Local\Temp\ehdrv.sys [X]
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-02-27 20:15 - 2016-02-27 20:15 - 0000000 _____ () C:\Users\Bill\AppData\Local\{6AD292FB-7766-47E2-B56A-B7D921753FFE}
2014-10-25 17:58 - 2014-10-25 19:09 - 0000000 _____ () C:\Users\Bill\AppData\Local\{6F1E7D97-373F-4F0D-8666-76E9027B7B02}
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
eapihdrv => service removed successfully.
ESETCleanersDriver => service removed successfully.
MREMPR5 => service removed successfully.
MRENDIS5 => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VBoxNetFlt => service removed successfully.
VGPU => service removed successfully.
C:\Users\Bill\AppData\Local\{6AD292FB-7766-47E2-B56A-B7D921753FFE} => moved successfully
C:\Users\Bill\AppData\Local\{6F1E7D97-373F-4F0D-8666-76E9027B7B02} => moved successfully


The system needed a reboot.

==== End of Fixlog 21:03:35 ====

 

 

RogueKiller V12.1.3.0 [Apr 18 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Bill [Administrator]
Started from : C:\Users\Bill\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/21/2016 22:22:09

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{3190E3EE-1276-4F20-AF37-5DE6E5E1F1F4} -> Found

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS 725050A7E630 SCSI Disk Device +++++
--- User ---
[MBR] 1e20e43fef3ab03e3658e2280ba6e93a
[BSP] fb550efd7b027bbba7c1e352e54e3cba : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 256884 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 526305280 | Size: 219953 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: WDC WD50 00BEVT-00A0RT0 USB Device +++++
--- User ---
[MBR] 0ac8219ba28cff3bd9b45b929637f7e2
[BSP] 0a3069e770d45c4b0c9e5ad7a57182c4 : Lenovo|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 145833984 | Size: 405730 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Bill (administrator) on 21-04-2016 at 22:38:50
Running from "C:\Users\Bill\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: MS-7309 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15481 entries.

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
   Physical Address. . . . . . . . . : 00-1D-92-3B-8F-1D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:304:ccc0:6530::3e8(Preferred)
   Lease Obtained. . . . . . . . . . : Thursday, April 21, 2016 9:26:15 PM
   Lease Expires . . . . . . . . . . : Saturday, May 21, 2016 9:26:14 PM
   IPv6 Address. . . . . . . . . . . : 2602:304:ccc0:6530:252b:b69:7ba7:2b2e(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:304:ccc0:6530:74ba:357f:c16b:ebde(Preferred)
   Link-local IPv6 Address . . . . . : fe80::252b:b69:7ba7:2b2e%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, April 21, 2016 9:14:57 PM
   Lease Expires . . . . . . . . . . : Friday, April 22, 2016 9:14:56 PM
   Default Gateway . . . . . . . . . : fe80::62c3:97ff:feec:c2a5%10
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 234888594
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-03-C3-29-47-00-1D-92-3B-8F-1D
   DNS Servers . . . . . . . . . . . : 2602:304:ccc0:6530::1
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ec27:6252:fecd:5ea0%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 403177511
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-03-C3-29-47-00-1D-92-3B-8F-1D
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.attlocal.net:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.64%11(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 2602:304:ccc0:6530::1
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D9145852-140C-46E9-8D68-FB12696737EF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2602:304:ccc0:6530::1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging google.com [2607:f8b0:4002:c09::8b] with 32 bytes of data:
General failure.
Reply from 2607:f8b0:4002:c09::8b: time=79ms

Ping statistics for 2607:f8b0:4002:c09::8b:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 79ms, Maximum = 79ms, Average = 79ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2602:304:ccc0:6530::1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
Reply from 2001:4998:c:a06::2:4008: time=116ms
Reply from 2001:4998:c:a06::2:4008: time=115ms

Ping statistics for 2001:4998:c:a06::2:4008:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 115ms, Maximum = 116ms, Average = 115ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms
===========================================================================
Interface List
 10...00 1d 92 3b 8f 1d ......NVIDIA nForce 10/100 Mbps Ethernet
 15...0a 00 27 00 00 00 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.64     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.64    276
     192.168.1.64  255.255.255.255         On-link      192.168.1.64    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.64    276
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    266
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    266
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.64    276
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.64    276
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::62c3:97ff:feec:c2a5
  1    306 ::1/128                  On-link
 10     28 2602:304:ccc0:6530::/64  On-link
 10    276 2602:304:ccc0:6530::3e8/128
                                    On-link
 10    276 2602:304:ccc0:6530:252b:b69:7ba7:2b2e/128
                                    On-link
 10    276 2602:304:ccc0:6530:74ba:357f:c16b:ebde/128
                                    On-link
 10    276 fe80::/64                On-link
 15    266 fe80::/64                On-link
 11    281 fe80::5efe:192.168.1.64/128
                                    On-link
 10    276 fe80::252b:b69:7ba7:2b2e/128
                                    On-link
 15    266 fe80::ec27:6252:fecd:5ea0/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 15    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****
 

 

 

Attached Files



#6 aabill

aabill
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:08:30 PM

Posted 21 April 2016 - 11:03 PM

And I just had to reboot the modem in order to get microsoft to come up and read the zip instructions.



#7 aabill

aabill
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:08:30 PM

Posted 22 April 2016 - 10:53 AM

Second fixlog

 

Bill

 

Fix result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by Bill (2016-04-22 11:50:56) Run:2
Running from C:\Users\Bill\Desktop
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
Task: {70B0F9D7-22A7-42C9-BD65-7F2C5DC97084} - System32\Tasks\{3D65C68E-B92D-4CDE-828D-D295FC1010EC} => pcalua.exe -a "D:\OLD HARD DRIVE\Canon\i5609x801us\SETUP.EXE"
*****************

"HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully.
"HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70B0F9D7-22A7-42C9-BD65-7F2C5DC97084}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70B0F9D7-22A7-42C9-BD65-7F2C5DC97084}" => key removed successfully.
C:\Windows\System32\Tasks\{3D65C68E-B92D-4CDE-828D-D295FC1010EC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D65C68E-B92D-4CDE-828D-D295FC1010EC}" => key removed successfully.

==== End of Fixlog 11:50:57 ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 22 April 2016 - 01:47 PM

Greetings,

Thank you for the information. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Folder: C:\ProgramData\{3190E3EE-1276-4F20-AF37-5DE6E5E1F1F4}
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Troubleshooting Possible IPv6 Connectivity Issues

--------------------
  • Navigate to this Microsoft site
  • Download Disable IPv6 and save it to your Desktop - Note: This file will be called MicrosoftEasyFix20160.mini.diagcab
  • Download Re-enable IPv6 and save it to your Desktop - Note: This file will be called MicrosoftEasyFix20164.mini.diagcab
  • Double click MicrosoftEasyFix20160.mini.diagcab and follow the Instructions.
  • Check your Internet
  • If your Internet works properly stop and let me know
  • If there is no change or you don't have Internet access, double MicrosoftEasyFix20164.mini.diagcab and follow the Instructions
  • Report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • IPv6 results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 aabill

aabill
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:08:30 PM

Posted 22 April 2016 - 07:45 PM

IPv6 results:   indefinite. This is an intermittent problem. Sometimes I have to reset the modem several times a day. All I know to do is wait and see if problems crop up again tonight and Saturday.

 

For now, I have run Disable IPv6. I will leave it like that and then re-enable IPv6 if problems return unless you tell me differently.

 

I vaguely remember testing something similar under ATT supervision on a Dos screen several weeks ago and returning to the original setting. They went through this to show that the modem still worked fine and that I did not need a new one.

 

 

I have not reinstalled Eset Antivirus 8.0 yet. I couldn't get it to go again due to not communicating with kernel. Should I wait till all this is done before retrying. I am running Windows Defender for now.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by Bill (2016-04-22 19:45:01) Run:3
Running from C:\Users\Bill\Desktop
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Folder: C:\ProgramData\{3190E3EE-1276-4F20-AF37-5DE6E5E1F1F4}
*****************


========================= Folder: C:\ProgramData\{3190E3EE-1276-4F20-AF37-5DE6E5E1F1F4} ========================

2014-07-16 10:30 - 2014-07-16 10:30 - 0000102 ____C () C:\ProgramData\{3190E3EE-1276-4F20-AF37-

5DE6E5E1F1F4}\instance.dat
2014-07-16 10:30 - 2013-11-13 12:47 - 0575060 ____C () C:\ProgramData\{3190E3EE-1276-4F20-AF37-

5DE6E5E1F1F4}\mia.lib
2014-07-16 10:30 - 2014-07-16 10:31 - 0000295 ____C () C:\ProgramData\{3190E3EE-1276-4F20-AF37-

5DE6E5E1F1F4}\TS2Install.dat
2014-07-16 10:30 - 2013-11-13 12:47 - 3367131 ____C (FXCM                                                          

                                                                                                                   

                                                                                                                   

        ) C:\ProgramData\{3190E3EE-1276-4F20-AF37-5DE6E5E1F1F4}\TS2Install.exe
2014-07-16 10:30 - 2014-07-16 10:30 - 0000009 ____C () C:\ProgramData\{3190E3EE-1276-4F20-AF37-

5DE6E5E1F1F4}\TS2Install.lan
2014-07-16 10:30 - 2014-07-16 10:30 - 0000000 ____C () C:\ProgramData\{3190E3EE-1276-4F20-AF37-

5DE6E5E1F1F4}\TS2Install.lnk
2014-07-16 10:30 - 2013-11-13 12:47 - 0331776 ____C () C:\ProgramData\{3190E3EE-1276-4F20-AF37-

5DE6E5E1F1F4}\TS2Install.msi
2014-07-16 10:30 - 2014-07-16 10:30 - 0012831 ____C () C:\ProgramData\{3190E3EE-1276-4F20-AF37-

5DE6E5E1F1F4}\TS2Install.par
2014-07-16 10:30 - 2013-11-13 12:47 - 10136952 ____C () C:\ProgramData\{3190E3EE-1276-4F20-AF37-

5DE6E5E1F1F4}\TS2Install.res

====== End of Folder: ======


==== End of Fixlog 19:45:02 ====



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 22 April 2016 - 08:19 PM

Hi Bill,

I figured it would some time to monitor your Internet. There seems to be some degraded performance related to IPv6 so I want to at least address that as a possible cause. I am not a Networking expert but I don't recall seeing this type of situation with IPv6.

Let's stay with Windows Defender while we monitor your Internet.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 24 April 2016 - 03:53 PM

Greetings,

How are things going?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 aabill

aabill
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:08:30 PM

Posted 25 April 2016 - 06:09 PM

No problems with ipv4 this weekend.  I will test Ipv6 more tonight and tomorrow. I thought I saw a slight problem with ipv6 but that could have been an unrelated glitch. It was a microsoft link that would not load but just kept spinning.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 25 April 2016 - 06:17 PM

OK, let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 aabill

aabill
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:08:30 PM

Posted 26 April 2016 - 02:31 PM

Gary, ipv6 produces minor annoyances at times, such as an article loading enough to read but tab spinner keeps going. I haven't noticed missing anything that I want (probably an ad didn't download).

 

Ipv4 works perfectly for me.

 

I will keep MicrosoftEasyFix20160.mini.diagcab and MicrosoftEasyFix20164.mini.diagcab on my desktop for a while in case I ever want to go back to ipv4.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 26 April 2016 - 08:50 PM

Sounds like a good plan.

Is there anything else you need help with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users