Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Junk Mail Scan~Trouble opening shortcuts


  • This topic is locked This topic is locked
6 replies to this topic

#1 Bestfree

Bestfree

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 11 July 2016 - 05:28 PM

Hi,

 

    BC Adviser suggested that I seek additional help. He has provided great assistance with my software problems on my Dell inspiron 1720 notebook. Although the system is better, I am still having a great deal of trouble opening shortcuts.(This does not constantly happen though.) I also get this message that I am unable to remove: (Here are my junk mail scans:)

 

 

               

                                               "Warning Unresponsive script

 

    "A script on this page may be busy or it may have stopped responding. You can stop the script now

open the script in the debugger or let the script continue."

 

 

 

wait                           continue                            stop                    close

                          

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 PM

Posted 12 July 2016 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
S3 HitmanPro37Crusader; "C:\Users\Ferrari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKCSY73B\HitmanPro.exe" /crusader [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Ferrari\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 eapihdrv; \??\C:\Users\Ferrari\AppData\Local\Temp\ehdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If your error persists try the fixes on this page.
https://support.mozilla.org/en-US/kb/warning-unresponsive-script

Please post the log and let me know if the problem persists.

#3 Bestfree

Bestfree
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 13 July 2016 - 02:50 PM

Hi nasdaq,

                I appreciate the help that you have offered. I did have a difficult time following the process. I don't think I did it right. I never restarted

the computer. I never reset the registry. I did run FRST. It told me I created a log. I did hit fix also. Computer's running hot, when I go into the FRST area.  Thanks again!

 

  

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01
Ran by Ferrari (2016-07-11 08:16:37)
Running from C:\Users\Ferrari\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-03-27 04:12:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3691750864-3552412768-4150566929-500 - Administrator - Disabled)
Ferrari (S-1-5-21-3691750864-3552412768-4150566929-1000 - Administrator - Enabled) => C:\Users\Ferrari
Guest (S-1-5-21-3691750864-3552412768-4150566929-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Symantec Endpoint Protection (Disabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Dell AIO Printer 946 (HKLM\...\Dell AIO Printer 946) (Version:  - Dell, Inc.)
Dell PC Fax (HKLM\...\Dell Fax Solutions) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mDriver (Version: 11.02.0000 - Intel) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
mWMI (Version: 11.02.0000 - Intel Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Print to Fax (HKLM\...\{5BF2B19D-9C79-492A-8969-F059F06A627F}) (Version: 1.00 - BVRP Software)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {85682520-FFDB-469B-87B0-9FB03DE08B31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {C49FC7C7-5568-41D0-A3DA-FEA8DAEC28B9} - System32\Tasks\{E43AE3A5-F5D7-4A59-AE6A-A3C500EFCCC0} => pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {DC8D3653-A159-4756-9F67-F660F4B203C6} - \Test TimeTrigger -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-05-17 14:42 - 2007-05-17 14:42 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-10-08 14:03 - 2007-10-08 14:03 - 00245760 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2012-01-18 21:16 - 2006-10-06 08:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2012-01-18 21:16 - 2006-10-06 08:24 - 00016384 _____ () C:\Program Files\Dell Fax Solutions\DlCtrStr.dll
2012-01-18 21:16 - 2006-10-06 08:04 - 00032768 _____ () C:\Program Files\Dell Fax Solutions\ipcmt.dll
2011-03-27 17:00 - 2006-12-08 00:17 - 00062344 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCIserv.exe
2011-03-27 17:10 - 2006-09-06 05:26 - 00069632 _____ () C:\Program Files\Dell AIO Printer 946\DLCIcfg.dll
2011-03-27 17:10 - 2005-12-20 14:26 - 00118784 _____ () C:\Program Files\Dell AIO Printer 946\DLCIdrec.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [109]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\...\2o7.net -> hxxps://www.2o7.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ferrari\Pictures\Fluffy 090.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ccEvtMgr => 2
MSCONFIG\Services: ccSetMgr => 2
MSCONFIG\Services: SmcService => 2
MSCONFIG\Services: Symantec AntiVirus => 2
MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{5534F561-5E81-482E-8755-6A96F2D8C0A0}] => (Allow) C:\Windows\System32\dlcjcoms.exe
FirewallRules: [{56E23A3F-AB34-418B-8EC3-4B9553C541AC}] => (Allow) C:\Windows\System32\dlcjcoms.exe
FirewallRules: [{F9285697-498A-40A2-8410-DB97B17FFEC0}] => (Allow) LPort=80
FirewallRules: [{21EEB43C-6B3D-40B5-A11B-3095246E9FDA}] => (Allow) LPort=80
FirewallRules: [{4928EAC1-7A6A-4E97-9284-3FADC90718AB}] => (Allow) LPort=80
FirewallRules: [{3801FF53-4161-4F43-A63B-C745EB1A0766}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{1C4B3445-0131-4D13-A50C-0BB2ABE1B64F}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{8CC03136-AABC-488F-A0AE-8F2E7D34E5BA}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{F606114A-CA4C-48EA-9E0C-2EFDC9157BF7}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{946A13E0-159A-4933-A861-48577EAAA463}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{20301AEF-5723-454F-BC77-1E573A4DD117}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{9136EEE3-9224-4D6D-A532-7E2E37FA7F4E}] => (Allow) C:\Windows\System32\dlcicoms.exe
FirewallRules: [{CE006234-0B49-451C-AA39-03F736811109}] => (Allow) C:\Windows\System32\dlcicoms.exe
FirewallRules: [{FF31DB85-ABC4-4F68-BDA2-E7DE6483ADB9}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlcipswx.exe
FirewallRules: [{75B65F31-E6A9-47FD-9599-A02C8ABFF2A5}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlcipswx.exe
FirewallRules: [{2EB73150-9794-4FFC-AC20-1A9B8EFB8851}] => (Allow) C:\Program Files\Dell AIO Printer 946\DLCImon.exe
FirewallRules: [{3D8D1849-9DB9-427C-9EC8-68B1E893DB78}] => (Allow) C:\Program Files\Dell AIO Printer 946\DLCImon.exe
FirewallRules: [{AC37ADD6-F373-4070-BA00-6B1A95CCA8CF}] => (Allow) C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe
FirewallRules: [{CC2661AB-A6EE-4645-8B46-1F76666A669C}] => (Allow) C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe
FirewallRules: [{B424BF2F-1401-4DB8-9972-C2B290E28335}] => (Allow) C:\Program Files\ABBYY FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{BB8B3A2B-9D6D-4B44-8061-C19196FAAA8E}] => (Allow) C:\Program Files\ABBYY FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{A04CF9A6-690C-40FA-8FDA-0D5793DB2716}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{F3A6CEA3-D080-4FB0-B5CD-B5D9629349B1}C:\users\ferrari\appdata\local\microsoft\windows\temporary internet files\content.ie5\keam433p\kis14.0.0.4651abcden_5705.exe] => (Block) C:\users\ferrari\appdata\local\microsoft\windows\temporary internet files\content.ie5\keam433p\kis14.0.0.4651abcden_5705.exe
FirewallRules: [UDP Query User{CA1FB97B-1284-4765-B32D-F17CC55B32E1}C:\users\ferrari\appdata\local\microsoft\windows\temporary internet files\content.ie5\keam433p\kis14.0.0.4651abcden_5705.exe] => (Block) C:\users\ferrari\appdata\local\microsoft\windows\temporary internet files\content.ie5\keam433p\kis14.0.0.4651abcden_5705.exe
FirewallRules: [{B6B17F4D-BCF5-4E05-BC73-035FB6F6BC63}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A594E4BD-3158-4DBA-8DF5-B0AD144DB4EA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D8D9B75F-46AC-408F-B49A-93AEBCBB1C7F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{030B884C-F8A2-4E3C-BC83-A95406DCE97E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{0D6F4575-3114-4AD5-965D-A46D406BD411}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{92EEEA7C-CB90-4B7B-8235-A4EDF77DF25B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

02-06-2016 12:35:49 Scheduled Checkpoint
03-06-2016 12:00:32 Scheduled Checkpoint
04-06-2016 09:38:00 Scheduled Checkpoint
04-06-2016 20:35:03 Windows Update
05-06-2016 11:05:12 Scheduled Checkpoint
06-06-2016 08:01:42 Scheduled Checkpoint
08-06-2016 12:10:49 Windows Update
09-06-2016 20:36:55 Scheduled Checkpoint
12-06-2016 10:08:16 Windows Update
15-06-2016 17:05:47 Windows Update
16-06-2016 08:33:15 Scheduled Checkpoint
17-06-2016 13:33:24 Scheduled Checkpoint
19-06-2016 10:32:22 Windows Update
20-06-2016 07:31:13 Scheduled Checkpoint
23-06-2016 15:29:55 Windows Update
26-06-2016 23:58:40 Windows Update
30-06-2016 18:29:14 Scheduled Checkpoint
30-06-2016 19:57:28 Windows Update
01-07-2016 10:39:30 Scheduled Checkpoint
04-07-2016 11:05:54 Scheduled Checkpoint
04-07-2016 18:51:09 Windows Update
06-07-2016 14:42:26 JRT Pre-Junkware Removal
07-07-2016 10:34:46 JRT Pre-Junkware Removal
08-07-2016 17:06:56 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dell AIO Printer 946 #2
Description: Dell AIO Printer 946
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2016 08:13:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dlcicoms.exe, version 99.99.99.99, time stamp 0x452d66c3, faulting module NetApi32.dll_unloaded, version 0.0.0.0, time stamp 0x4fedd180, exception code 0xc0000005, fault offset 0x7583f3c1,
process id 0x328, application start time 0xdlcicoms.exe0.

Error: (07/08/2016 10:56:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\FERRARI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\4KY3Z1UZ.DEFAULT-1467505053506\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/08/2016 10:56:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\FERRARI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\4KY3Z1UZ.DEFAULT-1467505053506\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/08/2016 10:33:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\FERRARI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\4KY3Z1UZ.DEFAULT-1467505053506\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/08/2016 08:08:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dlcicoms.exe, version 99.99.99.99, time stamp 0x452d66c3, faulting module NetApi32.dll_unloaded, version 0.0.0.0, time stamp 0x4fedd180, exception code 0xc0000005, fault offset 0x758bf3c1,
process id 0x404, application start time 0xdlcicoms.exe0.

Error: (07/06/2016 02:12:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dlcicoms.exe, version 99.99.99.99, time stamp 0x452d66c3, faulting module NetApi32.dll_unloaded, version 0.0.0.0, time stamp 0x4fedd180, exception code 0xc0000005, fault offset 0x754ff3c1,
process id 0x250, application start time 0xdlcicoms.exe0.

Error: (07/06/2016 05:43:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dlcicoms.exe, version 99.99.99.99, time stamp 0x452d66c3, faulting module NetApi32.dll_unloaded, version 0.0.0.0, time stamp 0x4fedd180, exception code 0xc0000005, fault offset 0x7529f3c1,
process id 0x2ac, application start time 0xdlcicoms.exe0.

Error: (07/05/2016 12:01:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\FERRARI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\4KY3Z1UZ.DEFAULT-1467505053506\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/05/2016 12:01:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\FERRARI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\4KY3Z1UZ.DEFAULT-1467505053506\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/05/2016 12:01:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\FERRARI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\4KY3Z1UZ.DEFAULT-1467505053506\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (07/11/2016 08:06:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (07/11/2016 05:33:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MsMpSvc

Error: (07/10/2016 10:49:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.1092.0){02412AF0-3489-403D-9B5D-EEFE24B89929}200

Error: (07/10/2016 10:45:26 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 11.159.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2016 10:44:30 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

    New Engine Version:

    Previous Engine Version: 2.0.8001.0

    Engine Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Error Code: %NT AUTHORITY601

    Error description: %NT AUTHORITY602

Error: (07/10/2016 10:44:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 11.159.0.0

    Update Source: %NT AUTHORITY15

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2016 10:43:22 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version:

    Update Source: %NT AUTHORITY15

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2016 10:42:19 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.225.674.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2016 10:42:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.225.674.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/10/2016 10:41:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version:

    Update Source: %NT AUTHORITY15

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


CodeIntegrity:
===================================
  Date: 2016-07-11 08:15:28.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 08:15:28.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 08:15:28.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 08:15:27.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-19 18:21:42.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-19 18:21:42.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-19 18:21:41.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-19 18:21:41.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-19 18:21:41.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-19 18:21:40.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 90%
Total physical RAM: 1021.31 MB
Available physical RAM: 93.86 MB
Total Virtual: 2707.94 MB
Available Virtual: 1502.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:98.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 3BD593E4)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 01
Ran by Ferrari (administrator) on FERRARI-PC (13-07-2016 13:06:38)
Running from C:\Users\Ferrari\Downloads
Loaded Profiles: Ferrari (Available Profiles: Ferrari)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dlciserv.exe
( ) C:\Windows\System32\dlcicoms.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Dell) C:\Program Files\Dell AIO Printer 946\DLCImon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [dlcimon.exe] => C:\Program Files\Dell AIO Printer 946\dlcimon.exe [435696 2007-01-12] (Dell)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell Fax Solutions\fm3032.exe [312200 2006-12-08] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [DLCICATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\...\Run: [CollaborationHost] => C:\Windows\system32\p2phost.exe [192000 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Windows\System32\ctfmon.exe ctfmon.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2DBB5007-D171-4775-BEEF-7AFA9E6C0B24}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C04E4F9D-D212-4463-AC01-E8F1AB582498}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131088645079758000&GUID=34248476-1087-417E-84FD-83BE067237A9
HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://downloads.yahoo.com/internetexplorer/welcome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> DefaultScope {01A4A0EF-813E-4347-81AC-61C3019204CC} URL =
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> {17E2E38B-7A42-4202-A538-CCE9B14D7639} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> {3F931ABB-D0D7-4ECF-AF50-359BD31C89AD} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> {70044C67-6652-426A-A75E-DC2456F0069D} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> {922B3AA5-AD34-43C7-842D-3F5803AEF9CA} URL = hxxp://delicious.com/search?p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} hxxp://images.fotki.com/activex/FotkiUploader.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Ferrari\AppData\Roaming\Mozilla\Firefox\Profiles\4ky3z1uz.default-1467505053506
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-29] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Ferrari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google) - C:\Users\Ferrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-18]
CHR Extension: (Google) - C:\Users\Ferrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-18]
CHR Extension: (Google) - C:\Users\Ferrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-10-15] (Symantec Corporation)
S4 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-10-15] (Symantec Corporation)
R2 DLCICustomerConnect; C:\Windows\system32\spool\DRIVERS\W32X86\3\\DLCIserv.exe [62344 2006-12-08] ()
R2 dlci_device; C:\Windows\system32\dlcicoms.exe [537480 2006-12-08] ( )
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S4 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-10-15] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-10-15] (Symantec Corporation)
S4 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-10-15] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 HitmanPro37Crusader; "C:\Users\Ferrari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKCSY73B\HitmanPro.exe" /crusader [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2009-10-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-20] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20131126.016\NAVENG.SYS [93272 2013-09-07] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20131126.016\NAVEX15.SYS [1612376 2013-09-07] (Symantec Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-10-15] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [281648 2009-10-15] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320560 2009-10-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2009-10-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2014-01-17] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-10-15] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-10-15] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [92488 2009-10-15] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [50064 2009-10-15] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [42312 2009-10-15] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-10-03] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Ferrari\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 eapihdrv; \??\C:\Users\Ferrari\AppData\Local\Temp\ehdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-13 12:43 - 2016-07-13 13:03 - 00000000 ____D C:\Users\Ferrari\Downloads\FRST-OlderVersion
2016-07-13 08:36 - 2016-07-13 12:43 - 01741312 _____ (Farbar) C:\Users\Ferrari\Downloads\FRST.exe
2016-07-11 08:16 - 2016-07-11 08:19 - 00028440 _____ C:\Users\Ferrari\Downloads\Addition.txt
2016-07-11 08:13 - 2016-07-13 13:06 - 00012108 _____ C:\Users\Ferrari\Downloads\FRST.txt
2016-07-11 08:12 - 2016-07-13 13:06 - 00000000 ____D C:\FRST
2016-07-08 17:08 - 2016-07-08 17:08 - 00000000 ____D C:\Users\Ferrari\Documents\7-8-16
2016-07-07 22:29 - 2016-07-07 22:29 - 03131958 _____ C:\ProgramData\SPLFF00.tmp
2016-07-07 10:33 - 2016-07-07 10:33 - 01610816 _____ (Malwarebytes) C:\Users\Ferrari\Downloads\JRT(6).exe
2016-07-06 14:41 - 2016-07-06 14:41 - 01610816 _____ (Malwarebytes) C:\Users\Ferrari\Downloads\JRT(5).exe
2016-07-06 14:40 - 2016-07-06 14:40 - 00000000 _____ C:\Users\Ferrari\Downloads\JRT(4).exe
2016-07-06 13:03 - 2016-07-06 13:03 - 00000000 ____D C:\Users\Ferrari\Documents\7-6-16
2016-07-06 11:05 - 2016-07-06 11:40 - 00000552 _____ C:\Users\Ferrari\Documents\Untitled 2.lnk
2016-07-06 10:06 - 2016-07-06 10:09 - 03712064 _____ C:\Users\Ferrari\Downloads\AdwCleaner(4).exe
2016-06-15 17:25 - 2016-05-18 11:33 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 17:24 - 2016-05-12 10:21 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 17:24 - 2016-05-10 11:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 17:24 - 2016-05-10 11:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 17:24 - 2016-05-10 11:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 17:24 - 2016-05-10 10:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 17:24 - 2016-05-10 10:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 17:15 - 2016-05-12 11:34 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 17:15 - 2016-05-12 11:34 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 17:15 - 2016-05-12 11:34 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 17:15 - 2016-05-12 11:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 17:15 - 2016-05-12 11:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 17:15 - 2016-05-12 11:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 17:14 - 2016-05-12 10:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 17:12 - 2016-05-14 11:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-06-15 17:08 - 2016-05-14 11:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 17:08 - 2016-05-14 10:19 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 17:08 - 2016-05-14 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 17:08 - 2016-05-14 10:18 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 17:08 - 2016-05-11 09:09 - 00440552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 17:07 - 2016-05-14 11:47 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 17:07 - 2016-05-14 11:41 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 17:05 - 2016-05-12 15:11 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 17:05 - 2016-05-12 15:10 - 12840960 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 17:05 - 2016-05-12 15:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 17:05 - 2016-05-12 15:06 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 17:05 - 2016-05-12 15:06 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 17:05 - 2016-05-12 15:05 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 17:05 - 2016-05-12 15:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 17:05 - 2016-05-12 15:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 17:05 - 2016-05-12 15:03 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-06-15 17:05 - 2016-05-12 15:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-13 12:40 - 2011-03-27 17:09 - 00000000 ____D C:\Program Files\Dl_cats
2016-07-13 12:40 - 2011-03-27 12:13 - 00032061 _____ C:\ProgramData\nvModes.001
2016-07-13 12:32 - 2011-03-27 12:13 - 00032061 _____ C:\ProgramData\nvModes.dat
2016-07-13 12:20 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-13 12:20 - 2006-11-02 08:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-13 12:20 - 2006-11-02 08:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-13 06:47 - 2011-03-26 21:17 - 00000000 ____D C:\Users\Ferrari
2016-07-13 05:03 - 2006-11-02 06:22 - 46661632 _____ C:\Windows\system32\config\components_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 38273024 _____ C:\Windows\system32\config\software_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 18612224 _____ C:\Windows\system32\config\system_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 01572864 _____ C:\Windows\system32\config\default_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 00053248 _____ C:\Windows\system32\config\sam_previous
2016-07-13 05:02 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2016-07-13 05:02 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2016-07-13 05:02 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-07-06 20:39 - 2011-03-28 17:57 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-06 10:50 - 2006-11-02 09:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-19 18:11 - 2016-02-23 03:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-15 18:22 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-06-15 17:46 - 2006-11-02 08:47 - 00256328 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 17:24 - 2013-07-18 12:16 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 17:16 - 2006-11-02 06:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-13 22:17 - 2015-04-21 16:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2013-02-13 07:23 - 2014-03-11 14:24 - 0024206 _____ () C:\Users\Ferrari\AppData\Roaming\UserTile.png
2011-03-26 21:17 - 2016-01-24 13:13 - 0007808 _____ () C:\Users\Ferrari\AppData\Local\d3d9caps.dat
2011-04-02 12:03 - 2016-01-01 12:20 - 0013824 _____ () C:\Users\Ferrari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-23 19:25 - 2013-04-23 19:25 - 0000000 _____ () C:\ProgramData\2e2c21262e2030453930_c
2011-03-27 12:13 - 2016-07-13 12:40 - 0032061 _____ () C:\ProgramData\nvModes.001
2011-03-27 12:13 - 2016-07-13 12:32 - 0032061 _____ () C:\ProgramData\nvModes.dat
2016-07-07 22:29 - 2016-07-07 22:29 - 3131958 _____ () C:\ProgramData\SPLFF00.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-13 12:41

==================== End of FRST.txt ============================

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 01
Ran by Ferrari (administrator) on FERRARI-PC (13-07-2016 13:06:38)
Running from C:\Users\Ferrari\Downloads
Loaded Profiles: Ferrari (Available Profiles: Ferrari)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dlciserv.exe
( ) C:\Windows\System32\dlcicoms.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Dell) C:\Program Files\Dell AIO Printer 946\DLCImon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [dlcimon.exe] => C:\Program Files\Dell AIO Printer 946\dlcimon.exe [435696 2007-01-12] (Dell)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell Fax Solutions\fm3032.exe [312200 2006-12-08] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [DLCICATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\...\Run: [CollaborationHost] => C:\Windows\system32\p2phost.exe [192000 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Windows\System32\ctfmon.exe ctfmon.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2DBB5007-D171-4775-BEEF-7AFA9E6C0B24}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C04E4F9D-D212-4463-AC01-E8F1AB582498}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131088645079758000&GUID=34248476-1087-417E-84FD-83BE067237A9
HKU\S-1-5-21-3691750864-3552412768-4150566929-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://downloads.yahoo.com/internetexplorer/welcome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> DefaultScope {01A4A0EF-813E-4347-81AC-61C3019204CC} URL =
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> {17E2E38B-7A42-4202-A538-CCE9B14D7639} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> {3F931ABB-D0D7-4ECF-AF50-359BD31C89AD} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> {70044C67-6652-426A-A75E-DC2456F0069D} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> {922B3AA5-AD34-43C7-842D-3F5803AEF9CA} URL = hxxp://delicious.com/search?p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} hxxp://images.fotki.com/activex/FotkiUploader.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Ferrari\AppData\Roaming\Mozilla\Firefox\Profiles\4ky3z1uz.default-1467505053506
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-29] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Ferrari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google) - C:\Users\Ferrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-18]
CHR Extension: (Google) - C:\Users\Ferrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-18]
CHR Extension: (Google) - C:\Users\Ferrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-10-15] (Symantec Corporation)
S4 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-10-15] (Symantec Corporation)
R2 DLCICustomerConnect; C:\Windows\system32\spool\DRIVERS\W32X86\3\\DLCIserv.exe [62344 2006-12-08] ()
R2 dlci_device; C:\Windows\system32\dlcicoms.exe [537480 2006-12-08] ( )
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S4 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-10-15] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-10-15] (Symantec Corporation)
S4 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-10-15] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 HitmanPro37Crusader; "C:\Users\Ferrari\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKCSY73B\HitmanPro.exe" /crusader [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2009-10-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-20] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20131126.016\NAVENG.SYS [93272 2013-09-07] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20131126.016\NAVEX15.SYS [1612376 2013-09-07] (Symantec Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-10-15] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [281648 2009-10-15] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320560 2009-10-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2009-10-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2014-01-17] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-10-15] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-10-15] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [92488 2009-10-15] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [50064 2009-10-15] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [42312 2009-10-15] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-10-03] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Ferrari\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 eapihdrv; \??\C:\Users\Ferrari\AppData\Local\Temp\ehdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-13 12:43 - 2016-07-13 13:03 - 00000000 ____D C:\Users\Ferrari\Downloads\FRST-OlderVersion
2016-07-13 08:36 - 2016-07-13 12:43 - 01741312 _____ (Farbar) C:\Users\Ferrari\Downloads\FRST.exe
2016-07-11 08:16 - 2016-07-11 08:19 - 00028440 _____ C:\Users\Ferrari\Downloads\Addition.txt
2016-07-11 08:13 - 2016-07-13 13:06 - 00012108 _____ C:\Users\Ferrari\Downloads\FRST.txt
2016-07-11 08:12 - 2016-07-13 13:06 - 00000000 ____D C:\FRST
2016-07-08 17:08 - 2016-07-08 17:08 - 00000000 ____D C:\Users\Ferrari\Documents\7-8-16
2016-07-07 22:29 - 2016-07-07 22:29 - 03131958 _____ C:\ProgramData\SPLFF00.tmp
2016-07-07 10:33 - 2016-07-07 10:33 - 01610816 _____ (Malwarebytes) C:\Users\Ferrari\Downloads\JRT(6).exe
2016-07-06 14:41 - 2016-07-06 14:41 - 01610816 _____ (Malwarebytes) C:\Users\Ferrari\Downloads\JRT(5).exe
2016-07-06 14:40 - 2016-07-06 14:40 - 00000000 _____ C:\Users\Ferrari\Downloads\JRT(4).exe
2016-07-06 13:03 - 2016-07-06 13:03 - 00000000 ____D C:\Users\Ferrari\Documents\7-6-16
2016-07-06 11:05 - 2016-07-06 11:40 - 00000552 _____ C:\Users\Ferrari\Documents\Untitled 2.lnk
2016-07-06 10:06 - 2016-07-06 10:09 - 03712064 _____ C:\Users\Ferrari\Downloads\AdwCleaner(4).exe
2016-06-15 17:25 - 2016-05-18 11:33 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 17:24 - 2016-05-12 10:21 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 17:24 - 2016-05-10 11:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 17:24 - 2016-05-10 11:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 17:24 - 2016-05-10 11:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 17:24 - 2016-05-10 10:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 17:24 - 2016-05-10 10:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 17:15 - 2016-05-12 11:34 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 17:15 - 2016-05-12 11:34 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 17:15 - 2016-05-12 11:34 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 17:15 - 2016-05-12 11:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 17:15 - 2016-05-12 11:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 17:15 - 2016-05-12 11:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 17:14 - 2016-05-12 10:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 17:12 - 2016-05-14 11:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-06-15 17:08 - 2016-05-14 11:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 17:08 - 2016-05-14 10:19 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 17:08 - 2016-05-14 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 17:08 - 2016-05-14 10:18 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 17:08 - 2016-05-11 09:09 - 00440552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 17:07 - 2016-05-14 11:47 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 17:07 - 2016-05-14 11:41 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 17:05 - 2016-05-12 15:11 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 17:05 - 2016-05-12 15:10 - 12840960 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 17:05 - 2016-05-12 15:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 17:05 - 2016-05-12 15:06 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 17:05 - 2016-05-12 15:06 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 17:05 - 2016-05-12 15:05 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 17:05 - 2016-05-12 15:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 17:05 - 2016-05-12 15:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 17:05 - 2016-05-12 15:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 17:05 - 2016-05-12 15:03 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 17:05 - 2016-05-12 15:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-06-15 17:05 - 2016-05-12 15:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-13 12:40 - 2011-03-27 17:09 - 00000000 ____D C:\Program Files\Dl_cats
2016-07-13 12:40 - 2011-03-27 12:13 - 00032061 _____ C:\ProgramData\nvModes.001
2016-07-13 12:32 - 2011-03-27 12:13 - 00032061 _____ C:\ProgramData\nvModes.dat
2016-07-13 12:20 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-13 12:20 - 2006-11-02 08:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-13 12:20 - 2006-11-02 08:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-13 06:47 - 2011-03-26 21:17 - 00000000 ____D C:\Users\Ferrari
2016-07-13 05:03 - 2006-11-02 06:22 - 46661632 _____ C:\Windows\system32\config\components_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 38273024 _____ C:\Windows\system32\config\software_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 18612224 _____ C:\Windows\system32\config\system_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 01572864 _____ C:\Windows\system32\config\default_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-07-13 05:03 - 2006-11-02 06:22 - 00053248 _____ C:\Windows\system32\config\sam_previous
2016-07-13 05:02 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2016-07-13 05:02 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2016-07-13 05:02 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-07-06 20:39 - 2011-03-28 17:57 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-06 10:50 - 2006-11-02 09:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-19 18:11 - 2016-02-23 03:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-15 18:22 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-06-15 17:46 - 2006-11-02 08:47 - 00256328 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 17:24 - 2013-07-18 12:16 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 17:16 - 2006-11-02 06:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-13 22:17 - 2015-04-21 16:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2013-02-13 07:23 - 2014-03-11 14:24 - 0024206 _____ () C:\Users\Ferrari\AppData\Roaming\UserTile.png
2011-03-26 21:17 - 2016-01-24 13:13 - 0007808 _____ () C:\Users\Ferrari\AppData\Local\d3d9caps.dat
2011-04-02 12:03 - 2016-01-01 12:20 - 0013824 _____ () C:\Users\Ferrari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-23 19:25 - 2013-04-23 19:25 - 0000000 _____ () C:\ProgramData\2e2c21262e2030453930_c
2011-03-27 12:13 - 2016-07-13 12:40 - 0032061 _____ () C:\ProgramData\nvModes.001
2011-03-27 12:13 - 2016-07-13 12:32 - 0032061 _____ () C:\ProgramData\nvModes.dat
2016-07-07 22:29 - 2016-07-07 22:29 - 3131958 _____ () C:\ProgramData\SPLFF00.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-13 12:41

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 PM

Posted 14 July 2016 - 07:58 AM

Download the FixList.txt file attached.
Place the file in the folder in bold C:\Users\Ferrari\Downloads



Run FRST from the Download folder and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this

Attached Files



#5 Bestfree

Bestfree
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 18 July 2016 - 07:11 PM

Hi nasdaq,

 

                Thanks for your continued help. I have not been able to use the computer much. It runs real hot now . But here are the results. Still not sure if I did it correctly.

 

 

                          Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Ferrari\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 eapihdrv; \??\C:\Users\Ferrari\AppData\Local\Temp\ehdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Windows\system32\services.exe => File is digitally signed
HKLM\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-3691750864-3552412768-4150566929-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {DC8D3653-A159-4756-9F67-F660F4B203C6} - \Test TimeTrigger -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [109]

End

 

 

Any suggestions on why it's running so hot.

 

Best.

 

Ron

 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 PM

Posted 19 July 2016 - 07:46 AM

Many things can cause a computer to run HOT.
Hardware, wrong version of drivers, missing Windows security updates, etc..

I suggest for not that you remove Symantec Endpoint Protection

Follow the instructions on this page.
https://support.symantec.com/en_US/article.TECH184988.html

They also provide a Cleanwipe tool. Not sure if you qualify to get that tool.
https://support.symantec.com/en_US/article.HOWTO74877.html

Keep me posted.

#7 Bestfree

Bestfree
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 20 July 2016 - 10:28 AM

Hi Hasdaq,

 

               I checked my Microsoft security, I have all the latest updates--so that's not the problem,My Virus and Spyware definitions:up to date, Malwarebytes ant-Malwarescan completed. My concern is finding what program is using all my CPU units.

 

               I going to start a new topic in Vista Forum.

 

               Thanks for all your help.

Best,

Ron

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users