Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove CBL blacklist pc2 Requested by, and for Oh My!


  • This topic is locked This topic is locked
8 replies to this topic

#1 m618

m618

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 18 October 2016 - 07:59 AM

Dear Gary,

 

This topic is for pc2, where I found the virus word file that caused the blacklist on 10/12/2016 at 9am.

 

FRST.txt 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by 608a (administrator) on 608-PC (18-10-2016 20:00:24)
Running from C:\Users\608a\Desktop
Loaded Profiles: 608a (Available Profiles: 608a & 608)
Platform: Microsoft Windows 7 專業版  Service Pack 1 (X86) Language: 中文 (繁體台灣)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe
(Symantec Corporation) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
() D:\SmartERP\DSCPatchAgent.exe
(Symantec Corporation) C:\Program Files\Symantec\pcAnywhere\awhprobe.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avpui.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Borland Software Corporation) D:\SmartERP\s_dsbin\scktsrvr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\608a\Desktop\frstenglish.exe.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-11-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-11-15] (Adobe Systems Inc.)
Winlogon\Notify\PCANotify: C:\Windows\system32\PCANotify.dll [2007-04-27] (Symantec Corporation)
HKU\S-1-5-21-793592983-989196123-2685349833-1124\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-08-25] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Borland Socket Server.lnk [2016-08-24]
ShortcutTarget: Borland Socket Server.lnk -> D:\SmartERP\s_dsbin\scktsrvr.exe (Borland Software Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.1.3 172.16.1.2
Tcpip\..\Interfaces\{3994C591-5720-4476-AC2C-A42B132BDA45}: [DhcpNameServer] 172.16.1.3 172.16.1.2
 
Internet Explorer:
==================
HKU\S-1-5-21-793592983-989196123-2685349833-1124\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://my.tnt.com/myTNT/login/LoginInitial.do
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll [2016-04-01] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll [2016-04-01] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll [2016-04-01] (Kaspersky Lab ZAO)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-793592983-989196123-2685349833-1124 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-08-25] [not signed]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE8@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: (Dangerous Websites Blocker) - C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-09-08]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_074028@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: (Virtual Keyboard) - C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-09-08]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: (Safe Money) - C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-09-08]
FF Plugin: @kaspersky.com/content_blocker_663BE8 -> C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-09-08] ()
FF Plugin: @kaspersky.com/online_banking_08806E -> C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-09-08] ()
FF Plugin: @kaspersky.com/virtual_keyboard_074028 -> C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-09-08] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin HKU\S-1-5-21-793592983-989196123-2685349833-1124: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
 
Chrome: 
=======
CHR Profile: C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default [2016-10-18]
CHR Extension: (Google Slides) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-24]
CHR Extension: (Google Docs) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-24]
CHR Extension: (Google Drive) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-24]
CHR Extension: (YouTube) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-24]
CHR Extension: (Google Sheets) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-24]
CHR Extension: (Google Docs Offline) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-24]
CHR Extension: (Gmail) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-24]
CHR Extension: (Chrome Media Router) - C:\Users\608a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe [194000 2016-04-01] (Kaspersky Lab ZAO)
R2 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [136568 2009-02-10] (Symantec Corporation)
R2 DSCPatchService; D:\SmartERP\DSCPatchAgent.exe [694656 2009-07-03] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-04-28] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-04-28] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 awecho; C:\Windows\System32\drivers\awechomd.sys [13368 2007-03-30] (Symantec Corporation)
R1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [17848 2007-03-30] (Symantec Corporation)
R1 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [18232 2007-03-30] (Symantec Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [197864 2016-04-01] (Kaspersky Lab UK Ltd)
R1 Gernuwa; C:\Windows\system32\Drivers\Gernuwa.sys [20536 2007-03-30] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2016-04-01] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [54640 2016-04-01] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [128728 2016-04-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2016-09-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [704432 2016-09-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2016-09-08] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [44920 2016-04-01] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [44408 2016-04-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [23920 2016-04-01] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2016-04-01] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [76472 2016-04-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [157240 2016-04-01] (Kaspersky Lab ZAO)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-18 20:00 - 2016-10-18 20:00 - 00013835 _____ C:\Users\608a\Desktop\FRST.txt
2016-10-18 20:00 - 2016-10-18 20:00 - 00000000 ____D C:\FRST
2016-10-18 19:59 - 2016-10-18 19:59 - 01756672 _____ (Farbar) C:\Users\608a\Desktop\frstenglish.exe.exe
2016-10-18 16:22 - 2016-10-18 16:22 - 00189458 _____ C:\Users\608a\Desktop\Videology_2089_4E5_20161006.rar
2016-10-17 09:03 - 2016-10-17 09:03 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-10-16 22:26 - 2016-10-16 22:26 - 00000000 ____D C:\Users\608a\AppData\Roaming\FastStone
2016-10-14 14:11 - 2016-10-14 14:11 - 00227593 _____ C:\Users\608a\Desktop\OV6946(1).pdf
2016-10-12 09:03 - 2016-10-01 03:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 09:03 - 2016-09-30 23:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-10-12 09:03 - 2016-09-30 23:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 09:03 - 2016-09-30 13:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 09:03 - 2016-09-30 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 09:03 - 2016-09-30 13:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 09:03 - 2016-09-30 13:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 09:03 - 2016-09-30 13:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 09:03 - 2016-09-30 13:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 09:03 - 2016-09-30 13:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 09:03 - 2016-09-30 13:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 09:03 - 2016-09-30 13:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 09:03 - 2016-09-30 13:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 09:03 - 2016-09-30 13:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 09:03 - 2016-09-30 13:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 09:03 - 2016-09-30 13:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 09:03 - 2016-09-30 13:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 09:03 - 2016-09-30 13:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 09:03 - 2016-09-30 13:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 09:03 - 2016-09-30 13:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 09:03 - 2016-09-30 13:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 09:03 - 2016-09-30 13:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 09:03 - 2016-09-30 13:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 09:03 - 2016-09-30 13:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 09:03 - 2016-09-30 13:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 09:03 - 2016-09-30 13:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 09:03 - 2016-09-30 13:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 09:03 - 2016-09-30 13:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 09:03 - 2016-09-30 13:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 09:03 - 2016-09-30 13:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 09:03 - 2016-09-30 13:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 09:03 - 2016-09-30 13:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 09:03 - 2016-09-30 13:05 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 09:03 - 2016-09-30 13:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 09:03 - 2016-09-30 12:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 09:03 - 2016-09-30 12:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 09:03 - 2016-09-30 12:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 09:03 - 2016-09-15 23:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 09:03 - 2016-09-15 23:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 09:03 - 2016-09-13 04:53 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 09:03 - 2016-09-13 04:53 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 09:03 - 2016-09-13 04:49 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 09:03 - 2016-09-13 04:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 09:03 - 2016-09-13 04:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 09:03 - 2016-09-13 04:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 09:03 - 2016-09-13 04:26 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 09:03 - 2016-09-13 04:26 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 09:03 - 2016-09-13 04:26 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 09:03 - 2016-09-13 04:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 09:03 - 2016-09-13 04:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 09:03 - 2016-09-13 04:25 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 09:03 - 2016-09-13 03:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 09:03 - 2016-09-13 03:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 09:03 - 2016-09-10 23:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 09:03 - 2016-09-10 02:01 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 09:03 - 2016-09-10 02:00 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 09:03 - 2016-09-10 02:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 09:03 - 2016-09-10 01:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 09:03 - 2016-09-10 01:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 09:03 - 2016-09-10 01:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 09:03 - 2016-09-10 01:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 09:03 - 2016-09-10 01:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 09:03 - 2016-09-10 01:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 09:03 - 2016-09-10 01:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 09:03 - 2016-09-10 01:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 09:03 - 2016-09-10 01:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 09:03 - 2016-09-10 01:39 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 09:03 - 2016-09-10 01:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 09:03 - 2016-09-09 04:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 09:03 - 2016-09-09 04:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 09:03 - 2016-09-08 22:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 09:03 - 2016-09-08 22:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 09:03 - 2016-08-17 02:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-12 09:03 - 2016-08-13 00:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 09:03 - 2016-08-13 00:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 09:03 - 2016-08-13 00:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 09:03 - 2016-08-13 00:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 09:03 - 2016-08-13 00:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 09:03 - 2016-08-13 00:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 09:03 - 2016-08-06 23:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 09:03 - 2016-08-06 23:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 09:03 - 2016-08-06 23:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 09:03 - 2016-08-06 23:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 09:03 - 2016-08-06 23:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 09:03 - 2016-08-06 22:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 09:03 - 2016-08-06 22:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 09:03 - 2016-08-06 22:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 09:03 - 2016-07-22 22:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 09:03 - 2016-06-14 23:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 09:03 - 2016-06-14 23:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 09:03 - 2016-06-14 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 09:03 - 2016-06-14 23:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 09:03 - 2016-06-14 23:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 09:03 - 2016-06-14 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 09:03 - 2016-06-14 23:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 09:03 - 2016-06-14 23:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 09:03 - 2016-06-14 22:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 09:03 - 2016-06-14 22:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 09:03 - 2016-06-14 22:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 15:46 - 2016-10-11 15:46 - 00281058 _____ C:\Users\608a\Desktop\OV6946.pdf
2016-10-11 15:44 - 2016-10-11 15:44 - 00074438 _____ C:\Users\608a\Desktop\iRobot PayPal_ Transaction Details.pdf
2016-10-03 18:15 - 2016-10-03 18:20 - 00001409 _____ C:\Users\608a\Desktop\TE-PM-05-01 MISUMI 產品 Q&A 總表 - 捷徑.lnk
2016-10-03 17:25 - 2016-10-03 17:25 - 00053639 _____ C:\Users\608a\Desktop\WiFi camera DVR spec.pdf
2016-09-30 15:13 - 2016-09-30 15:13 - 00000000 ____D C:\Users\608a\AppData\LocalLow\Adobe
2016-09-29 18:38 - 2016-09-29 18:38 - 00124080 _____ C:\Users\608a\Desktop\MO-R5510SC-3D.pdf
2016-09-29 18:37 - 2016-09-29 18:37 - 00096113 _____ C:\Users\608a\Desktop\MO-B7588W-P.pdf
2016-09-29 17:17 - 2016-09-29 17:17 - 03325007 _____ C:\Users\608a\Desktop\VF GEIS HD Module Temperature Test Report.xlsx
2016-09-29 17:17 - 2016-09-29 17:17 - 00417969 _____ C:\Users\608a\Desktop\VF GEIS HD Firmware update-20160929.rar
2016-09-29 09:01 - 2016-10-18 13:19 - 00000000 ____D C:\Users\608a\AppData\Local\CrashDumps
2016-09-26 14:23 - 2016-10-16 22:22 - 00002048 _____ C:\Users\608a\Desktop\PI訂單號碼登記.lnk
2016-09-24 21:17 - 2016-09-24 23:18 - 00000000 ____D C:\Users\608a\AppData\Local\NPE
2016-09-24 21:17 - 2016-09-24 21:17 - 00000000 ____D C:\ProgramData\Norton
2016-09-24 20:27 - 2016-09-16 17:30 - 03436280 _____ (Symantec Corporation) C:\Users\608a\Desktop\NPE諾頓強力清除器.exe
2016-09-22 18:59 - 2016-09-22 18:59 - 00231750 _____ C:\Users\608a\Desktop\Misumi Certification.pdf
2016-09-22 18:27 - 2016-09-22 18:27 - 00109824 _____ C:\Users\608a\Desktop\PCB-MO-1026-00.pdf
2016-09-22 18:27 - 2016-09-22 18:27 - 00054708 _____ C:\Users\608a\Desktop\PCB-MO-1016-00.pdf
2016-09-22 09:20 - 2016-09-22 09:20 - 00262144 _____ C:\Windows\system32\config\elam
2016-09-21 08:58 - 2016-08-05 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-20 13:52 - 2016-09-20 13:53 - 00120409 _____ C:\Users\608a\Desktop\Price inquiry Misumi (2).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-18 20:00 - 2016-08-24 13:45 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2016-10-18 19:56 - 2016-08-24 13:53 - 00000000 ____D C:\Users\608a\AppData\Roaming\Skype
2016-10-18 19:56 - 2016-08-24 13:50 - 01304906 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-18 19:56 - 2009-07-14 16:44 - 00400390 _____ C:\Windows\system32\prfh0404.dat
2016-10-18 19:56 - 2009-07-14 16:44 - 00122126 _____ C:\Windows\system32\prfc0404.dat
2016-10-18 19:56 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2016-10-18 19:52 - 2016-09-08 13:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-18 19:52 - 2016-08-24 15:15 - 00000526 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-18 19:50 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-18 19:09 - 2009-07-14 12:34 - 00010128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-18 19:09 - 2009-07-14 12:34 - 00010128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-18 18:26 - 2016-08-24 15:15 - 00000530 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-17 09:03 - 2016-08-24 13:53 - 00000000 ____D C:\ProgramData\Skype
2016-10-16 22:45 - 2016-08-24 16:36 - 00000000 ____D C:\Users\608a\Desktop\software
2016-10-13 12:29 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\rescache
2016-10-13 08:55 - 2009-07-14 12:33 - 00414488 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 08:54 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-12 19:01 - 2016-08-24 15:53 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 18:55 - 2016-08-24 15:53 - 141042968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-09 15:32 - 2016-08-24 18:11 - 00002032 ____H C:\Users\608a\Documents\Default.rdp
2016-10-04 09:27 - 2016-08-24 15:15 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 15:13 - 2016-08-25 11:22 - 00000000 ____D C:\Users\608a\AppData\Local\Adobe
2016-09-22 09:07 - 2016-08-24 13:42 - 00000000 ____D C:\Users\608
2016-09-19 09:01 - 2016-08-24 14:59 - 00000000 ___RD C:\Program Files\Skype
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-17 09:17
 
==================== End of FRST.txt ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by 608a (18-10-2016 20:00:58)
Running from C:\Users\608a\Desktop
Microsoft Windows 7 專業版  Service Pack 1 (X86) (2016-08-24 05:41:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
608 (S-1-5-21-87222082-4152704850-2939311033-1000 - Administrator - Enabled) => C:\Users\608
Administrator (S-1-5-21-87222082-4152704850-2939311033-500 - Administrator - Disabled)
Guest (S-1-5-21-87222082-4152704850-2939311033-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Small Office Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Small Office Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Small Office Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 17.1.1 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - ChineseT (HKLM\...\{AC76BA86-1028-0000-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DSC Smart ERP Systems (HKLM\...\{D55CA3A1-A7B8-4F8E-A6AC-3AC69C169117}) (Version: 8.2.0.0 - Data Systems Consulting Co., Ltd.)
EPSON AL-M2410 Advanced Printer Driver (HKLM\...\EPSON AL-M2410 Advanced) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Small Office Security (HKLM\...\InstallWIX_{33F9240D-1887-4FF9-8A6E-35F32A05A277}) (Version: 15.0.2.396 - 卡巴斯基實驗室)
Kaspersky Small Office Security (Version: 15.0.2.361 - 卡巴斯基實驗室) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help 更新程式 (KB963678) (HKLM\...\{90120000-0016-0404-0000-0000000FF1CE}_ENTERPRISE_{15EEA099-97F0-4952-8597-88472FF062D2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help 更新程式 (KB963669) (HKLM\...\{90120000-0018-0404-0000-0000000FF1CE}_ENTERPRISE_{A7688131-70CB-4945-BAFA-11053AC34D75}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help 更新程式 (KB963665) (HKLM\...\{90120000-001B-0404-0000-0000000FF1CE}_ENTERPRISE_{AD30F628-2AAE-43E0-A0D8-CDFA976E6A9E}) (Version:  - Microsoft)
PDF-XChange Editor (HKLM\...\{409547a1-9967-40ff-b7f1-502446025668}) (Version: 5.5.312.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.312.1 - Tracker Software Products (Canada) Ltd.) Hidden
Potplayer (HKLM\...\PotPlayer) (Version:  - Daum Communications Corp.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek)
Skype™ 7.28 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Symantec pcAnywhere (HKLM\...\{12518183-866A-11D3-97DF-0000F8D8F2E9}) (Version: 12.5.0 - Symantec Corporation)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live 程式集 (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 壓縮工具 (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4E6D3FEC-4D19-4861-B7E5-967E72ECB848} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {60E20D7C-2915-4C85-AE48-C234FB6FE0D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {BF21EB8A-0AAF-4C5F-AFA6-0C80F6DFC335} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {F0307416-087B-4782-B925-C51DADC5C184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-07-03 10:56 - 2009-07-03 10:56 - 00694656 _____ () D:\SmartERP\DSCPatchAgent.exe
2016-08-24 13:56 - 2010-03-15 18:53 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-15 21:04 - 2010-11-15 21:04 - 00019456 _____ () C:\Program Files\Adobe\Acrobat 10.0\Acrobat\locale\zh_tw\acrotray.cht
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-793592983-989196123-2685349833-1124\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-87222082-4152704850-2939311033-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\608\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.1.3 - 172.16.1.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{58D653E5-5E77-44B9-8640-080B9FE58596}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1C9FE30A-7217-45CD-88B6-5D0F7E395F1F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{68232B1D-5B02-4A50-B3BA-6245A3EBFCD1}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6149A995-2392-46C8-81EA-506010893F0D}] => (Allow) LPort=2869
FirewallRules: [{2C9E4D77-EF28-48D5-A708-953E0AE5BB83}] => (Allow) LPort=1900
FirewallRules: [Daum PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{9BA0BDFE-C8DF-4E11-A9C0-973CC4428C60}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [TCP Query User{8492C3C5-3766-4B1F-BAA4-35A7E53697CF}D:\smarterp\s_dsbin\scktsrvr.exe] => (Allow) D:\smarterp\s_dsbin\scktsrvr.exe
FirewallRules: [UDP Query User{AFBE7C3F-5A75-4A0D-A5B4-F9F490778E5B}D:\smarterp\s_dsbin\scktsrvr.exe] => (Allow) D:\smarterp\s_dsbin\scktsrvr.exe
FirewallRules: [{E420ECFE-9A5C-4214-A3BB-94C09B549447}] => (Allow) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
FirewallRules: [{408E2A21-4D10-49B3-B6A4-C77656EA540C}] => (Allow) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
FirewallRules: [{9492F5B0-98FD-45D0-BA1D-8C07DD816ECE}] => (Allow) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
FirewallRules: [{0EF533EB-C507-4D37-B509-88D9F61DFD3A}] => (Allow) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
FirewallRules: [{35E40177-E47F-461E-A35E-0AC35870AF15}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9D6D48B5-2C88-4A5E-86EA-4A7616F83B25}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B77869AF-AC68-4A9B-8720-AA07F37E0150}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{B158AFC9-6A4A-4FBD-BFC3-3F0213FF8ADD}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{80BE5BCE-DC4F-4251-8B58-C69CBE094D85}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
19-09-2016 09:03:51 Windows Update
21-09-2016 19:21:44 Windows Update
26-09-2016 08:59:02 Windows Update
03-10-2016 12:29:23 排定的檢查點
11-10-2016 12:29:19 排定的檢查點
12-10-2016 18:55:12 Windows Update
13-10-2016 08:59:51 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/18/2016 07:09:38 PM) (Source: DSCPatchService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/18/2016 07:09:38 PM) (Source: DSCPatchService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/18/2016 12:40:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: LeaderWorkCenter.exe版本: 8.2.10.2時間戳記: 0x2a425e19
失敗的模組名稱: EPSMR19C.DLL_unloaded版本: 0.0.0.0時間戳記: 0x2a425e19
例外狀況碼: 0xc0000005
錯誤位移: 0x0248fc66
失敗的處理程序識別碼: 0x15d0
失敗的應用程式開始時間: 0x01d228d973bdd6fb
失敗的應用程式路徑: D:\SmartERP\c_dsbin\LeaderWorkCenter.exe
失敗的模組路徑: EPSMR19C.DLL
報告識別碼: f54a26aa-94ec-11e6-932a-6c626d00e9e5
 
Error: (10/18/2016 11:39:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: LeaderWorkCenter.exe版本: 8.2.10.2時間戳記: 0x2a425e19
失敗的模組名稱: unknown版本: 0.0.0.0時間戳記: 0x00000000
例外狀況碼: 0xc0000005
錯誤位移: 0x0e00fcb1
失敗的處理程序識別碼: 0x15d0
失敗的應用程式開始時間: 0x01d228d973bdd6fb
失敗的應用程式路徑: D:\SmartERP\c_dsbin\LeaderWorkCenter.exe
失敗的模組路徑: unknown
報告識別碼: 84efb2df-94e4-11e6-932a-6c626d00e9e5
 
Error: (10/17/2016 07:15:46 PM) (Source: DSCPatchService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/17/2016 07:15:46 PM) (Source: DSCPatchService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/14/2016 05:27:53 PM) (Source: DSCPatchService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/14/2016 05:27:52 PM) (Source: DSCPatchService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/14/2016 10:03:47 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: 由於下列其中一個原因Windows 無法存取檔案 :
網路連線、儲存檔案的磁碟、這部電腦上安裝的
存放驅動程式發生問題; 或遺失磁碟。
因為此錯誤Windows 已關閉程式 LeaderWorkCenter.exe。
 
程式: LeaderWorkCenter.exe
檔案: 
 
錯誤值會列在「其他資料」區段中。
使用者動作
1. 重新開啟檔案。
此情況可能只是暫時的問題會在程式重新執行時自行更正。
2. 
如果仍然無法存取檔案而且
- 檔案位於網路上
您的網路管理員應確認網路沒有問題且伺服器可供連線。
- 檔案位於卸除式磁碟 (例如磁片或 CD-ROM) 上請確認磁碟已完全插入電腦。
3. 執行 CHKDSK 來檢查並修復檔案系統。若要執行 CHKDSK請依序按一下 [開始]、[執行]輸入 CMD然後按一下 [確定]。在命令提示字元輸入 CHKDSK /F然後按 ENTER。
4. 如果問題持續發生請從備份副本還原檔案。
5. 判斷同一磁碟上的其他檔案是否可開啟。如果無法開啟表示磁碟可能已損壞。如果是硬碟請連絡您的管理員或電腦硬體廠商
以取得進一步的協助。
 
其他資料
錯誤值: 00000000
磁碟類型:  0
 
Error: (10/14/2016 10:03:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: LeaderWorkCenter.exe版本: 8.2.10.2時間戳記: 0x2a425e19
失敗的模組名稱: unknown版本: 0.0.0.0時間戳記: 0x00000000
例外狀況碼: 0xc000001d
錯誤位移: 0x0a75fcb1
失敗的處理程序識別碼: 0x1298
失敗的應用程式開始時間: 0x01d225b13dc380b8
失敗的應用程式路徑: D:\SmartERP\c_dsbin\LeaderWorkCenter.exe
失敗的模組路徑: unknown
報告識別碼: 70bb4277-91b2-11e6-9e9a-6c626d00e9e5
 
 
System errors:
=============
Error: (10/18/2016 08:00:44 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1006) (User: MISUMI)
Description: 群組原則處理失敗。Windows 無法驗證網域控制站中的 Active Directory 服務 (LDAP Bind 函數呼叫失敗)。請參閱 [詳細資料] 索引標籤以取得錯誤碼和描述。
 
Error: (10/18/2016 08:00:43 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: 由於無法連線到網域控制站導致群組原則處理失敗。這可能是暫時性情況。一旦電腦順利連線到網域控制站並順利處理群組原則會產生成功訊息。若數個小時之後還是沒有看到成功訊息請連絡您的系統管理員。
 
Error: (10/18/2016 07:51:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 應用程式特定 權限設定無法將含有 CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 與 APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 之 COM 伺服器應用程式的 本機 啟動 權限授與來自位址 LocalHost (使用 LRPC) 的使用者 NT AUTHORITY\SYSTEM SID (S-1-5-18)。您可以使用元件服務系統管理工具修改此安全性權限。
 
Error: (10/18/2016 07:50:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入: 
cdrom
 
Error: (10/18/2016 07:09:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: 伺服器 {F9717507-6651-4EDB-BFF7-AE615179BCCF} 沒有在指定的等候逾時內登錄 DCOM。
 
Error: (10/18/2016 05:27:42 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1006) (User: MISUMI)
Description: 群組原則處理失敗。Windows 無法驗證網域控制站中的 Active Directory 服務 (LDAP Bind 函數呼叫失敗)。請參閱 [詳細資料] 索引標籤以取得錯誤碼和描述。
 
Error: (10/18/2016 03:57:51 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1006) (User: MISUMI)
Description: 群組原則處理失敗。Windows 無法驗證網域控制站中的 Active Directory 服務 (LDAP Bind 函數呼叫失敗)。請參閱 [詳細資料] 索引標籤以取得錯誤碼和描述。
 
Error: (10/18/2016 02:01:56 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1006) (User: MISUMI)
Description: 群組原則處理失敗。Windows 無法驗證網域控制站中的 Active Directory 服務 (LDAP Bind 函數呼叫失敗)。請參閱 [詳細資料] 索引標籤以取得錯誤碼和描述。
 
Error: (10/18/2016 12:24:57 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1006) (User: MISUMI)
Description: 群組原則處理失敗。Windows 無法驗證網域控制站中的 Active Directory 服務 (LDAP Bind 函數呼叫失敗)。請參閱 [詳細資料] 索引標籤以取得錯誤碼和描述。
 
Error: (10/18/2016 10:31:00 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1006) (User: MISUMI)
Description: 群組原則處理失敗。Windows 無法驗證網域控制站中的 Active Directory 服務 (LDAP Bind 函數呼叫失敗)。請參閱 [詳細資料] 索引標籤以取得錯誤碼和描述。
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E6500 @ 2.93GHz
Percentage of memory in use: 54%
Total physical RAM: 3318.24 MB
Available physical RAM: 1519.28 MB
Total Virtual: 6632.75 MB
Available Virtual: 4758.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:499.9 GB) (Free:455.1 GB) NTFS
Drive d: (新增磁碟區) (Fixed) (Total:1363.01 GB) (Free:1361.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 8AF28AF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=499.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1363 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
RK.txt
 
R o g u e K i l l e r   V 1 2 . 7 . 3 . 0   [ O c t   1 7   2 0 1 6 ]   ( MQ?Hr)   b y   A d l i c e   S o f t w a r e 
 
 ?譸  :   h t t p : / / w w w . a d l i c e . c o m / c o n t a c t / 
 
 a?炓气  :   h t t p : / / f o r u m . a d l i c e . c o m 
 
 瓠斝  :   h t t p : / / w w w . a d l i c e . c o m / d o w n l o a d / r o g u e k i l l e r / 
 
 ?=?h  :   h t t p : / / w w w . a d l i c e . c o m 
 
 
 
 \Omiq}  :   W i n d o w s   7   ( 6 . 1 . 7 6 0 1   S e r v i c e   P a c k   1 )   3 2   b i t s   v e r s i o n 
 
 ?汦寬  :   j!j_
 
 O(u  :   6 0 8 a   [ q}t嗿] 
 
 ?汦  :   C : \ P r o g r a m   F i l e s \ R o g u e K i l l e r \ R o g u e K i l l e r . e x e 
 
 !j_  :   柋  - -   嶒g  :   1 0 / 1 8 / 2 0 1 6   2 0 : 0 4 : 0 4   ( D u r a t i o n   :   0 0 : 4 8 : 0 5 ) 
 
 
 
 ? ? ?   2?z  :   0   ? ? ? 
 
 
 
 ? ? ?   q}{v? :   6   ? ? ? 
 
 [ P U M . H o m e P a g e ]   H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 7 9 3 5 9 2 9 8 3 - 9 8 9 1 9 6 1 2 3 - 2 6 8 5 3 4 9 8 3 3 - 1 1 2 4 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n   |   S t a r t   P a g e   :   h t t p s : / / m y . t n t . c o m / m y T N T / l o g i n / L o g i n I n i t i a l . d o     - >   ~b0R
 
 [ P U M . D n s ]   H K E Y _ L O C A L _ M A C H I N E \ S y s t e m \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ T c p i p \ P a r a m e t e r s   |   D h c p N a m e S e r v e r   :   1 7 2 . 1 6 . 1 . 3   1 7 2 . 1 6 . 1 . 2   ( [ ] [ ] )     - >   ~b0R
 
 [ P U M . D n s ]   H K E Y _ L O C A L _ M A C H I N E \ S y s t e m \ C o n t r o l S e t 0 0 2 \ S e r v i c e s \ T c p i p \ P a r a m e t e r s   |   D h c p N a m e S e r v e r   :   1 7 2 . 1 6 . 1 . 3   1 7 2 . 1 6 . 1 . 2   ( [ ] [ ] )     - >   ~b0R
 
 [ P U M . D n s ]   H K E Y _ L O C A L _ M A C H I N E \ S y s t e m \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ T c p i p \ P a r a m e t e r s \ I n t e r f a c e s \ { 3 9 9 4 C 5 9 1 - 5 7 2 0 - 4 4 7 6 - A C 2 C - A 4 2 B 1 3 2 B D A 4 5 }   |   D h c p N a m e S e r v e r   :   1 7 2 . 1 6 . 1 . 3   1 7 2 . 1 6 . 1 . 2   ( [ ] [ ] )     - >   ~b0R
 
 [ P U M . D n s ]   H K E Y _ L O C A L _ M A C H I N E \ S y s t e m \ C o n t r o l S e t 0 0 2 \ S e r v i c e s \ T c p i p \ P a r a m e t e r s \ I n t e r f a c e s \ { 3 9 9 4 C 5 9 1 - 5 7 2 0 - 4 4 7 6 - A C 2 C - A 4 2 B 1 3 2 B D A 4 5 }   |   D h c p N a m e S e r v e r   :   1 7 2 . 1 6 . 1 . 3   1 7 2 . 1 6 . 1 . 2   ( [ ] [ ] )     - >   ~b0R
 
 [ P U M . S t a r t M e n u ]   H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 7 9 3 5 9 2 9 8 3 - 9 8 9 1 9 6 1 2 3 - 2 6 8 5 3 4 9 8 3 3 - 1 1 2 4 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A d v a n c e d   |   S t a r t _ S h o w M y G a m e s   :   0     - >   ~b0R
 
 
 
 ? ? ?   嬁\O  :   0   ? ? ? 
 
 
 
 ? ? ?   Hh  :   0   ? ? ? 
 
 
 
 ? ? ?   W M I   :   0   ? ? ? 
 
 
 
 ? ? ?   ;N_jHh  :   0   ? ? ? 
 
 
 
 ? ? ?   A n t i r o o t k i t   :   0   ( D r i v e r :   瀧 Q)   ? ? ? 
 
 
 
 ? ? ?   瓠?p?hV  :   0   ? ? ? 
 
 
 
 ? ? ?   M B R   ▏嶓  :   ? ? ? 
 
 + + + + +   P h y s i c a l D r i v e 0 :   T O S H I B A   D T 0 1 A C A 2 0 0   A T A   D e v i c e   + + + + + 
 
 - - -   U s e r   - - - 
 
 [ M B R ]   2 a 2 e c 1 2 2 3 6 f 7 5 9 b b 4 7 1 1 c a 4 5 8 8 d 7 9 7 4 4 
 
 [ B S P ]   9 f 3 9 6 0 e b 0 a 5 7 6 c 6 e b b b 4 e c 8 6 c 2 8 b 7 0 4 8   :   W i n d o w s   V i s t a / 7 / 8   M B R   C o d e 
 
 P a r t i t i o n   t a b l e : 
 
 0   -   [ A C T I V E ]   N T F S   ( 0 x 7 )   [ V I S I B L E ]   O f f s e t   ( s e c t o r s ) :   2 0 4 8   |   S i z e :   1 0 0   M B   [ W i n d o w s   V i s t a / 7 / 8   B o o t s t r a p   |   W i n d o w s   V i s t a / 7 / 8   B o o t l o a d e r ] 
 
 1   -   [ X X X X X X ]   N T F S   ( 0 x 7 )   [ V I S I B L E ]   O f f s e t   ( s e c t o r s ) :   2 0 6 8 4 8   |   S i z e :   5 1 1 9 0 0   M B   [ W i n d o w s   V i s t a / 7 / 8   B o o t s t r a p   |   W i n d o w s   V i s t a / 7 / 8   B o o t l o a d e r ] 
 
 2   -   [ X X X X X X ]   N T F S   ( 0 x 7 )   [ V I S I B L E ]   O f f s e t   ( s e c t o r s ) :   1 0 4 8 5 7 8 0 4 8   |   S i z e :   1 3 9 5 7 2 6   M B   [ W i n d o w s   V i s t a / 7 / 8   B o o t s t r a p   |   W i n d o w s   V i s t a / 7 / 8   B o o t l o a d e r ] 
 
 U s e r   =   L L 1   . . .   O K 
 
 U s e r   =   L L 2   . . .   O K 
 
 
 
 
 
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 PM

Posted 18 October 2016 - 08:19 AM

Got it, thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 PM

Posted 18 October 2016 - 03:04 PM

Hi Hetty,

This computer is clean. My only suggestion would be to uninstall Symantec pcAnywhere.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 PM

Posted 20 October 2016 - 08:19 AM

Hi Hetty,

Just want to make sure you saw my post.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 m618

m618
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 20 October 2016 - 09:41 PM

Dear Gary,

 

Yes, I uninstalled Symantec pcAnywhere on pc2 and I will uninstall that on all other computers as well.

 

 

Kind regards,

Hetty



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 PM

Posted 20 October 2016 - 10:03 PM

Are we good to close this topic?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 m618

m618
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 20 October 2016 - 10:06 PM

Yes, we can close the topic. Thank you.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 PM

Posted 20 October 2016 - 10:08 PM

OK thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 PM

Posted 20 October 2016 - 10:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users