Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNSChanger- Invalid WiFi IPconfig, could this have been the problem all along?


  • This topic is locked This topic is locked
5 replies to this topic

#1 FuchsiaIce

FuchsiaIce

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:07:19 PM

Posted 18 January 2017 - 05:16 AM

Acer Aspire 5251
Supposed to be Wireless connection, currently on Ethernet
AT&T uVerse Gateway: Pace Model 5268AC FXN
In same room and right next to Gateway
I have AT&T uVerse DSL

 

Last August something very weird happened with this machine that appeared to be wholly unconnected to what this forum is for, and so I took the strangeness to the Networking forums - https://www.bleepingcomputer.com/forums/t/625024/laptop-connects-everywhere-but-home-now/

 

The problem got resolved, though I and the two people helping me couldn't actually figure out what fixed it or what caused the original problem in the first place.

 

A little over a month a later in November more weird badness happened - When I say "weird", I mean it never seemed like a typical (whatever that means) infection - that defined infection for me but the way it came about was very odd and contained a very similar element to my previous networking problem.  So, I posted in this forum - https://www.bleepingcomputer.com/forums/t/631208/seafaring-bertha-or-possible-sort-of-repeat-of-previously-solved-problem/ - and everything got resolved well.

 

Fast forward to a week ago and the original problem (without all the added strange sound-only advertisements and endlessly cycling cursor and tons of other crap added in, thank the gods) crops up after I'd done a system restore.

 

Posting once again to the Networking forums (https://www.bleepingcomputer.com/forums/t/637045/invalid-wifi-ip-configuration-again/), Trikein and Wand3r3r helped me again and I did everything they instructed.

 

When we couldn't get me back on wifi connection Trikein pointed out something and directed me to the DNSUnlocker page (https://www.bleepingcomputer.com/virus-removal/remove-dnsunlocker-advertisements) where I followed the removal guide.

 

So, this is where I am now:  (And so you're aware, I have five phones, three console game systems, two more laptops and a tablet which all are connecting fine to my home wireless.)

 

I think something happened that never got fully cleaned back last summer (the second time I had the problem whatever was infecting me [which downloaded a bunch of nasty buggers onto my machine when no one was home to be on the computer but it was on and wirelessly connected] deleted system restore points I'd had and only left me one from that past June, which I found odd).  There have been these little “hiccups” that are seemingly unobtrusive and I was just sloughing off as glitches (this machine is going on seven years old).  Things like pop ups that blink in and then are gone on sites where I had not encountered such before but passed off as site owners trying to make more money with more ads and I was assuming (bad, I know) my ad blocker was taking care of them; the command prompt window blinking up and then out on rare occasions; signing into an app on my phone when here at home and its proximity map telling me I’m somewhere overseas (it’s never been Israel, though, and all of these things I’m relaying only happened on rare occasions, not often), but when I would close the app and sign back in it would indicate the proper place of my phone (the phone isn't my computer, I know, it just relates to something Trikein pointed out about the DNS Servers).

 

Following the removal guide on the DNSUnlocker page I wasn’t able to complete some of the steps because I was missing the item to delete from my Certificate Manager as it’s probably labeled something else due to me not having DNSUnlocker but something that came up in the MalwareBytes log as DNSChanger.  When I ran MalwareBytes I kept getting a pop up telling me MWB was blocking Outbound with the DNS Server address from Israel Trikein pointed out that I was getting.  I was also unable to run the Hitman Pro step, as Hitman Pro wouldn’t remove anything unless I bought it, the license says it’s expired and won’t perform that action (got the download from the DNSUnlocker page, too).

 

Besides pasting the FRST log requested and attaching the Addition log file, I am attaching the screenshots of a piece of the MWB log showing the name and of the pop up with the DNS Server address.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by Julie (administrator) on JUBILATIONLEE (17-01-2017 23:17:54)
Running from C:\Users\Julie\Desktop
Loaded Profiles: Julie (Available Profiles: Julie & Mcx1-JUBILATIONLEE & Mcx2-JUBILATIONLEE)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Dropbox, Inc.) C:\Users\Julie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\Run: [Epson Stylus NX420(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\Run: [Dropbox Update] => C:\Users\Julie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\MountPoints2: {3e06af2b-2116-11e6-888f-88ae1d611511} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\MountPoints2: {3e06af34-2116-11e6-888f-88ae1d611511} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\MountPoints2: {4e7d26e2-7040-11e4-b129-88ae1d611511} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\...\MountPoints2: {b2522f8a-0e7c-11e2-b8f5-88ae1d04156e} - F:\PMCsetup.exe
ShellIconOverlayIdentifiers: [000BoxDesktopFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSyncedCollabs] -> {337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSyncedCollab] -> {9E48C232-F601-4E41-BB3E-16CBAF317AA4} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julie\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julie\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julie\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julie\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julie\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julie\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julie\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-01-13]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-01-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Julie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{205253D9-B0F2-46BE-B8C1-00D0A94B7D06}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{22622142-FCAB-4270-AD57-A77EF2BCC417}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-658284135-3662055118-2884648652-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111a\bin\ssv.dll [2016-11-05] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111a\bin\jp2ssv.dll [2016-11-05] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2011-08-10] (Belarc, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Julie\AppData\Roaming\Philips-Songbird\Profiles\9p1ya3nl.default [2012-11-18]
FF SelectedSearchEngine: Philips-Songbird\Profiles\9p1ya3nl.default -> Philips Songbird
FF SearchPlugin: C:\Users\Julie\AppData\Roaming\Philips-Songbird\Profiles\9p1ya3nl.default\searchplugins\7digital.xml [2012-11-03]
FF ProfilePath: C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\74xmzvwr.default-1484472233330 [2017-01-17]
FF Homepage: Mozilla\Firefox\Profiles\74xmzvwr.default-1484472233330 -> www.aol.com/
FF Extension: (Nimbus Screen Capture - editable screenshots.) - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\74xmzvwr.default-1484472233330\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2017-01-17]
FF Extension: (Status-4-Evar) - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\74xmzvwr.default-1484472233330\Extensions\status4evar@caligonstudios.com.xpi [2017-01-17]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\74xmzvwr.default-1484472233330\Extensions\tineye@ideeinc.com.xpi [2017-01-17]
FF Extension: (Adblock Plus) - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\74xmzvwr.default-1484472233330\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111a\bin\dtplugin\npDeployJava1.dll [2016-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111a\bin\plugin2\npjp2.dll [2016-11-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2012-02-18] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-12-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-12-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-12-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-12-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-12-14] (Apple Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-07-17] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [24832 2010-04-01] (NewTech Infosystems, Inc.)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2016-06-15] (Kingsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StatusAgent4; C:\Windows\SysWOW64\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-19] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-09-28] (Advanced Micro Devices Inc.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 FAMv4; C:\Windows\System32\DRIVERS\FAMv4.sys [155160 2009-10-26] (VisionWorks Solutions, Inc)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-28] (REALiX™)
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-06-15] (Kingsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-17] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2015-09-28] (Windows ® Win 7 DDK provider)
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 23:17 - 2017-01-17 23:21 - 00023103 _____ C:\Users\Julie\Desktop\FRST.txt
2017-01-17 22:51 - 2017-01-17 22:51 - 02419200 _____ (Farbar) C:\Users\Julie\Desktop\FRST64.exe
2017-01-15 03:24 - 2017-01-15 03:24 - 00000000 ____D C:\Users\Julie\Desktop\Old Firefox Data
2017-01-15 02:48 - 2017-01-15 03:06 - 00000000 ____D C:\AdwCleaner
2017-01-14 18:46 - 2017-01-14 18:46 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-14 18:44 - 2017-01-17 21:57 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-14 18:44 - 2017-01-15 04:37 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-14 18:44 - 2017-01-15 04:36 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-14 18:44 - 2017-01-15 04:36 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-14 18:43 - 2017-01-14 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-14 18:43 - 2017-01-14 18:43 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-14 18:43 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-14 18:31 - 2017-01-14 18:38 - 00011680 _____ C:\Users\Julie\Desktop\Rkill.txt
2017-01-14 18:19 - 2017-01-14 18:20 - 03988944 _____ C:\Users\Julie\Desktop\AdwCleaner.exe
2017-01-14 18:12 - 2017-01-14 18:13 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Julie\Desktop\rkill.exe
2017-01-14 15:20 - 2017-01-14 15:20 - 00003818 _____ C:\Windows\System32\Tasks\{C24EF494-75E5-433F-5EB9-17B51C930DD9}
2017-01-14 15:20 - 2017-01-14 15:20 - 00003818 _____ C:\Windows\System32\Tasks\{172572AE-A08E-C505-AE3D-3975821EBDE4}
2017-01-14 09:20 - 2017-01-14 09:20 - 00003818 _____ C:\Windows\System32\Tasks\{9868813B-2FC3-3690-3EB3-AC4462C442EB}
2017-01-14 09:20 - 2017-01-14 09:20 - 00003818 _____ C:\Windows\System32\Tasks\{0CB78BFA-BB1C-3C51-189C-9A11D1CFBB97}
2017-01-14 03:20 - 2017-01-14 03:20 - 00003818 _____ C:\Windows\System32\Tasks\{C4D5029A-737E-B531-DC66-BA02773894CD}
2017-01-14 03:20 - 2017-01-14 03:20 - 00003818 _____ C:\Windows\System32\Tasks\{300F7ED6-87A4-C97D-8F74-EFFFB0BC246E}
2017-01-13 21:20 - 2017-01-13 21:20 - 00003818 _____ C:\Windows\System32\Tasks\{35F1E434-825A-539F-5DCD-321613ADE1CF}
2017-01-13 21:20 - 2017-01-13 21:20 - 00003818 _____ C:\Windows\System32\Tasks\{0E8559D8-B92E-EE73-21CD-FA7E221F8791}
2017-01-13 15:20 - 2017-01-13 15:20 - 00003818 _____ C:\Windows\System32\Tasks\{3898ABAC-8F33-1C07-F1AB-FB09EED30C11}
2017-01-13 15:20 - 2017-01-13 15:20 - 00003818 _____ C:\Windows\System32\Tasks\{30E34557-8748-F2FC-7374-DDFD321F2182}
2017-01-13 09:21 - 2017-01-13 09:21 - 00003818 _____ C:\Windows\System32\Tasks\{CF41AB61-78EA-1CCA-564C-BFD5F7C2F835}
2017-01-13 09:21 - 2017-01-13 09:21 - 00003818 _____ C:\Windows\System32\Tasks\{416B323D-F6C0-8596-55E5-0AE35E3F5048}
2017-01-13 03:59 - 2017-01-15 18:30 - 00022683 _____ C:\Users\Julie\Desktop\MTB.txt
2017-01-13 03:20 - 2017-01-13 03:20 - 00003818 _____ C:\Windows\System32\Tasks\{D1EC1045-6647-A7EE-7743-E7D3743FD033}
2017-01-13 03:20 - 2017-01-13 03:20 - 00003818 _____ C:\Windows\System32\Tasks\{48BF5808-FF14-EFA3-1007-FA0C2F2A116D}
2017-01-12 21:20 - 2017-01-12 21:20 - 00003818 _____ C:\Windows\System32\Tasks\{30236CF7-8788-DB5C-1FA6-92583FF92472}
2017-01-12 21:20 - 2017-01-12 21:20 - 00003818 _____ C:\Windows\System32\Tasks\{291BAC74-9EB0-1BDF-6611-D279515D79CD}
2017-01-12 15:20 - 2017-01-12 15:20 - 00003818 _____ C:\Windows\System32\Tasks\{1B76A525-ACDD-128E-79C5-9483A1B43ADB}
2017-01-12 15:20 - 2017-01-12 15:20 - 00003818 _____ C:\Windows\System32\Tasks\{074B5343-B0E0-E4E8-2C72-49E2C6B999F2}
2017-01-12 09:20 - 2017-01-12 09:20 - 00003818 _____ C:\Windows\System32\Tasks\{0BBF794A-BC14-CEE1-C0D8-13E64010A609}
2017-01-12 09:20 - 2017-01-12 09:20 - 00003818 _____ C:\Windows\System32\Tasks\{041CCB44-B3B7-7CEF-9220-209D6673C907}
2017-01-12 03:20 - 2017-01-12 03:20 - 00003818 _____ C:\Windows\System32\Tasks\{B3E4284D-044F-9FE6-A413-2C6822CA3344}
2017-01-12 03:20 - 2017-01-12 03:20 - 00003818 _____ C:\Windows\System32\Tasks\{3163F9A6-86C8-4E0D-DDA7-94E92CA7A2CD}
2017-01-11 21:20 - 2017-01-11 21:20 - 00003818 _____ C:\Windows\System32\Tasks\{7145781B-C6EE-CFB0-AA8F-5B925AC73E0E}
2017-01-11 21:20 - 2017-01-11 21:20 - 00003818 _____ C:\Windows\System32\Tasks\{50269BB5-E78D-2C1E-2EDF-3FA12C35228D}
2017-01-11 20:36 - 2017-01-11 20:36 - 00003013 _____ C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-Fi Inspector.lnk
2017-01-11 20:17 - 2017-01-11 20:17 - 00000000 ____D C:\Users\Julie\Desktop\Wi_Fi_Inspector_Windows_11NOV2016
2017-01-11 18:06 - 2017-01-11 18:06 - 00000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-11 15:20 - 2017-01-11 15:20 - 00003818 _____ C:\Windows\System32\Tasks\{A5A454A9-120F-E302-5173-3B1AA673BA9C}
2017-01-11 15:20 - 2017-01-11 15:20 - 00003818 _____ C:\Windows\System32\Tasks\{778FE9D4-C024-5E7F-E604-12B365730275}
2017-01-11 09:20 - 2017-01-11 09:20 - 00003818 _____ C:\Windows\System32\Tasks\{DD89A159-6A22-16F2-3192-4B748C89E066}
2017-01-11 09:20 - 2017-01-11 09:20 - 00003818 _____ C:\Windows\System32\Tasks\{9B26CA5B-2C8D-7DF0-8B7E-A6C58A547D6B}
2017-01-11 09:16 - 2017-01-11 09:16 - 00003818 _____ C:\Windows\System32\Tasks\{9B23798D-2C88-CE26-7062-958EAAE4A8F7}
2017-01-11 09:14 - 2017-01-11 09:14 - 00003818 _____ C:\Windows\System32\Tasks\{C166A24E-76CD-15E5-42A8-814FD7673AD0}
2017-01-11 09:14 - 2017-01-11 09:14 - 00003818 _____ C:\Windows\System32\Tasks\{8162E81A-36C9-5FB1-187B-AFB590F28574}
2017-01-11 09:14 - 2017-01-11 09:14 - 00003728 _____ C:\Windows\System32\Tasks\{B090F4BA-F7EE-D581-AB53-A0968CD5592C}
2017-01-10 19:31 - 2017-01-05 12:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 19:31 - 2017-01-05 12:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 19:31 - 2017-01-05 12:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 19:31 - 2017-01-05 12:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 19:31 - 2017-01-05 11:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 19:31 - 2017-01-05 11:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 19:31 - 2017-01-05 11:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 19:31 - 2017-01-05 11:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 19:31 - 2017-01-05 11:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 19:31 - 2017-01-05 11:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 19:31 - 2017-01-05 11:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 19:31 - 2017-01-05 11:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 19:31 - 2017-01-05 11:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 19:23 - 2017-01-10 19:24 - 00892416 _____ (Farbar) C:\Users\Julie\Desktop\MiniToolBox.exe
2017-01-10 19:16 - 2017-01-10 19:16 - 00002914 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Julie
2016-12-31 19:44 - 2017-01-17 22:29 - 00524288 ___SH C:\Windows\system32\config\components{00c69c84-cfc2-11e6-a975-88ae1d611511}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 19:44 - 2017-01-17 22:29 - 00065536 ___SH C:\Windows\system32\config\components{00c69c84-cfc2-11e6-a975-88ae1d611511}.TM.blf
2016-12-31 19:44 - 2016-12-31 20:00 - 00524288 ___SH C:\Windows\system32\config\components{00c69c84-cfc2-11e6-a975-88ae1d611511}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 19:32 - 2016-12-31 23:55 - 00524288 ___SH C:\Users\Julie\ntuser.dat{3a93a5db-cfba-11e6-b20b-88ae1d611511}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 19:32 - 2016-12-31 23:55 - 00524288 ___SH C:\Users\Julie\ntuser.dat{3a93a5db-cfba-11e6-b20b-88ae1d611511}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 19:32 - 2016-12-31 23:55 - 00065536 ___SH C:\Users\Julie\ntuser.dat{3a93a5db-cfba-11e6-b20b-88ae1d611511}.TM.blf
2016-12-31 18:32 - 2016-12-31 18:32 - 00000000 ____D C:\Windows\system32\sstmp
2016-12-30 23:06 - 2017-01-14 21:13 - 00000000 ____D C:\Program Files\COMODO
2016-12-30 23:06 - 2016-12-31 19:30 - 00000000 ___HD C:\Program Files (x86)\fluent
2016-12-30 23:06 - 2016-12-30 23:06 - 00000000 ____D C:\ProgramData\COMODO
2016-12-30 22:57 - 2016-12-31 19:30 - 00000000 ____D C:\Program Files\1321760f2e0e72bfe9747dfdbd0949e1
2016-12-27 16:58 - 2016-12-27 17:26 - 00000000 ____D C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daring Development Inc
2016-12-27 16:58 - 2016-12-27 16:58 - 00000000 ____D C:\Users\Julie\AppData\Roaming\Daring Development
2016-12-27 16:57 - 2016-12-27 16:58 - 00000000 ____D C:\Users\Julie\AppData\Local\SquirrelTemp
2016-12-27 16:54 - 2016-12-27 16:54 - 00000000 ____D C:\Program Files (x86)\Daring Development
2016-12-20 14:20 - 2016-12-20 14:20 - 00001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-20 14:20 - 2016-12-20 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-20 14:19 - 2016-12-20 14:20 - 00000000 ____D C:\Program Files\iTunes
2016-12-20 14:19 - 2016-12-20 14:19 - 00000000 ____D C:\Program Files\iPod
2016-12-20 14:13 - 2016-12-20 14:13 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-12-20 14:13 - 2016-12-20 14:13 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 23:17 - 2016-11-17 22:56 - 00000000 ____D C:\Users\Julie\AppData\LocalLow\Mozilla
2017-01-17 23:17 - 2016-11-02 19:24 - 00000000 ____D C:\FRST
2017-01-17 22:44 - 2015-06-16 14:12 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-658284135-3662055118-2884648652-1000UA.job
2017-01-17 22:35 - 2014-11-08 21:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-17 16:44 - 2015-06-16 14:12 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-658284135-3662055118-2884648652-1000Core.job
2017-01-17 04:07 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-17 04:07 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-15 04:51 - 2014-05-21 01:13 - 00000000 ___RD C:\Users\Julie\Dropbox
2017-01-15 04:36 - 2016-11-06 16:41 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-01-15 04:35 - 2016-05-28 17:04 - 00000000 ____D C:\Users\Julie\AppData\Local\HTC MediaHub
2017-01-15 04:35 - 2011-01-15 05:21 - 00000000 ____D C:\Users\Julie\.rainlendar2
2017-01-15 04:31 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-15 03:51 - 2014-03-01 04:32 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-14 21:11 - 2016-02-28 15:37 - 00518144 ___SH C:\Users\Julie\Desktop\Thumbs.db
2017-01-14 18:43 - 2014-03-01 03:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-13 08:12 - 2015-11-02 00:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-13 03:51 - 2014-12-26 16:16 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-13 01:00 - 2011-01-14 19:29 - 00000000 ___RD C:\Users\Julie\Desktop\Recipes
2017-01-11 21:28 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-11 21:28 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2017-01-11 21:24 - 2014-11-10 00:38 - 00000786 _____ C:\Users\Julie\Desktop\MoviesToWatch.txt
2017-01-11 21:20 - 2015-04-04 18:05 - 00000000 ____D C:\Users\Julie\Documents\Cody's Shtuff
2017-01-11 20:35 - 2016-08-30 23:53 - 00000000 ____D C:\Program Files (x86)\Xirrus
2017-01-11 18:06 - 2014-05-21 01:09 - 00000000 ____D C:\Users\Julie\AppData\Roaming\Dropbox
2017-01-10 21:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2017-01-10 20:29 - 2014-11-08 21:43 - 00000000 ____D C:\ProgramData\ProductData
2017-01-10 20:12 - 2013-08-15 02:03 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 20:00 - 2011-01-11 19:46 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 05:35 - 2014-11-08 21:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 05:35 - 2014-11-08 21:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 05:35 - 2014-11-08 21:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 05:35 - 2011-11-14 06:08 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 05:35 - 2010-05-28 04:45 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-31 22:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-31 20:07 - 2011-01-11 16:37 - 00000000 ____D C:\Users\Julie\AppData\Local\Diagnostics
2016-12-31 19:44 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\config\TxR
2016-12-31 19:32 - 2011-01-11 15:24 - 00000000 ____D C:\Users\Julie
2016-12-31 19:31 - 2013-01-21 20:09 - 00000000 ____D C:\Users\Julie\Desktop\Modio
2016-12-31 19:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Tasks
2016-12-31 19:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\wfp
2016-12-31 19:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\wbem
2016-12-31 19:30 - 2016-11-17 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-31 19:30 - 2014-11-08 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-31 19:30 - 2014-11-08 21:44 - 00000000 ____D C:\Users\Julie\AppData\Roaming\ProductData
2016-12-31 19:30 - 2014-11-08 21:43 - 00000000 ____D C:\Users\Julie\AppData\Roaming\IObit
2016-12-31 19:30 - 2013-05-25 05:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-31 19:30 - 2013-03-09 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modio
2016-12-31 19:30 - 2013-03-09 18:55 - 00000000 ____D C:\Program Files (x86)\Modio
2016-12-31 19:30 - 2011-04-14 01:54 - 00000000 ____D C:\Users\Mcx2-JUBILATIONLEE
2016-12-31 19:30 - 2011-01-29 05:59 - 00000000 ____D C:\Users\Mcx1-JUBILATIONLEE
2016-12-31 19:30 - 2011-01-15 05:56 - 00000000 ____D C:\Program Files (x86)\UHS
2016-12-31 19:30 - 2011-01-15 05:21 - 00000000 ____D C:\Program Files (x86)\Rainlendar2
2016-12-31 19:30 - 2011-01-14 19:27 - 00000000 ___RD C:\Users\Julie\Desktop\Mail&VidClips
2016-12-31 19:30 - 2011-01-11 15:24 - 00000000 ___RD C:\Users\Julie\Videos
2016-12-31 19:30 - 2011-01-11 15:24 - 00000000 ___RD C:\Users\Julie\Music
2016-12-31 19:30 - 2011-01-11 15:24 - 00000000 ___RD C:\Users\Julie\Favorites
2016-12-31 19:30 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-31 19:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\Tasks\Microsoft
2016-12-31 19:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Drivers\etc
2016-12-31 19:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\config\systemprofile
2016-12-31 19:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-12-31 19:06 - 2016-10-24 06:07 - 00524288 ___SH C:\Windows\system32\config\components{dc56aeb6-99d9-11e6-b453-88ae1d611511}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 19:06 - 2016-10-24 06:07 - 00065536 ___SH C:\Windows\system32\config\components{dc56aeb6-99d9-11e6-b453-88ae1d611511}.TM.blf
2016-12-20 14:19 - 2012-10-06 22:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-20 14:17 - 2013-12-14 14:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-12-20 14:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\catroot
2016-12-20 14:13 - 2015-07-16 23:52 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-18 02:58 - 2016-10-24 06:07 - 00524288 ___SH C:\Windows\system32\config\components{dc56aeb6-99d9-11e6-b453-88ae1d611511}.TMContainer00000000000000000002.regtrans-ms

==================== Files in the root of some directories =======

2014-06-09 01:38 - 2014-06-09 01:50 - 0000985 _____ () C:\Users\Julie\AppData\Roaming\freepdftowordexceljpgtiffhtmlconverterSystem.dat
2016-10-23 17:16 - 2016-10-23 17:16 - 0140288 _____ () C:\Users\Julie\AppData\Roaming\Installer.dat
2011-01-18 22:59 - 2015-01-03 21:39 - 0008192 _____ () C:\Users\Julie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-17 08:19 - 2011-11-17 08:19 - 0002587 _____ () C:\Users\Julie\AppData\Local\MyWinLockerInstaller.txt-20111117.log
2013-09-06 22:07 - 2015-05-21 21:27 - 0007670 _____ () C:\Users\Julie\AppData\Local\Resmon.ResmonCfg
2016-10-23 17:16 - 2016-10-23 17:19 - 0000003 _____ () C:\Users\Julie\AppData\Local\run1.txt
2015-09-28 17:44 - 2015-09-28 17:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Julie\AppData\Local\Temp\2250760.t.exe
C:\Users\Julie\AppData\Local\Temp\2995168.t.exe
C:\Users\Julie\AppData\Local\Temp\34775960.t.exe
C:\Users\Julie\AppData\Local\Temp\60813995.t.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\NTIOFM4.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 02:08

==================== End of FRST.txt ============================

Attached Files


Fuchsia Ice

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 19 January 2017 - 11:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {08E245AF-BD4D-4DAB-A39E-D2B9D54585EB} - System32\Tasks\{7145781B-C6EE-CFB0-AA8F-5B925AC73E0E} => C:\ProgramData\{F545ED39-42EE-5A92-552D-92895B7603CB}\871750D4-30BC-E77F-7C0C-3576345ABAEE.exe <==== ATTENTION
Task: {19DC2523-25B0-46ED-8169-4D58F571FD26} - System32\Tasks\{0E8559D8-B92E-EE73-21CD-FA7E221F8791} => C:\ProgramData\{7B9C110E-CC37-A6A5-ADDA-44C80CA1B300}\6D3078D6-DA9B-CF7D-5A95-C2762445159D.exe <==== ATTENTION
Task: {2766BEB7-1172-454A-BAA5-1A24F902CF0B} - System32\Tasks\{D1EC1045-6647-A7EE-7743-E7D3743FD033} => C:\ProgramData\{654736C6-D2EC-816D-F6FE-9951E2EACBE5}\78607BBE-CFCB-CC15-A6C6-32537F0A2F2C.exe <==== ATTENTION
Task: {2B8919A8-402D-4C6A-BEB2-1CB7638FA174} - System32\Tasks\{A5A454A9-120F-E302-5173-3B1AA673BA9C} => C:\ProgramData\{6FC71012-D86C-A7B9-C9C2-BB8E40866C69}\93A8F772-2403-40D9-5900-6197A0F5A1B1.exe <==== ATTENTION
Task: {2D9D85A4-B627-4423-B8C8-938FC7B1A7E8} - System32\Tasks\{48BF5808-FF14-EFA3-1007-FA0C2F2A116D} => C:\ProgramData\{947D5F03-23D6-E8A8-A5D5-450BC7B11D75}\50FCC2E9-E757-7542-37C0-7EC212E5F9BB.exe <==== ATTENTION
Task: {33876DCC-95C2-42EF-8D8F-83473BE3158E} - System32\Tasks\{9B26CA5B-2C8D-7DF0-8B7E-A6C58A547D6B} => C:\ProgramData\{4CE4ED55-FB4F-5AFE-12DA-3223A6643F4A}\2C7E0B26-9BD5-BC8D-4774-1677F0660E78.exe <==== ATTENTION
Task: {34ABDDFA-8435-4817-AA0C-6DC6F5A061B0} - System32\Tasks\{3898ABAC-8F33-1C07-F1AB-FB09EED30C11} => C:\ProgramData\{BA74F400-0DDF-43AB-5731-FF3BA13CAE59}\C036D9AD-779D-6E06-CAD5-A7B38DE1AD63.exe <==== ATTENTION
Task: {38AB0D67-5DBA-479D-8E1F-8D0EE181D298} - System32\Tasks\{041CCB44-B3B7-7CEF-9220-209D6673C907} => C:\ProgramData\{FD6784CC-4ACC-3367-E77C-472FC7570B4A}\A4DC494B-1377-FEE0-2E2C-62FB054D7D6A.exe <==== ATTENTION
Task: {3984DBA2-55D7-471C-8A1C-DF08A3D93961} - System32\Tasks\{074B5343-B0E0-E4E8-2C72-49E2C6B999F2} => C:\ProgramData\{DA82A375-6D29-14DE-6BC0-77D62B66A57F}\BD51AA14-0AFA-1DBF-E3D3-92D04BD4037E.exe <==== ATTENTION
Task: {3A9C296F-8903-446C-9712-F7E0865D9769} - System32\Tasks\{C24EF494-75E5-433F-5EB9-17B51C930DD9} => C:\ProgramData\{FA18728E-4DB3-C525-8B60-A9F8FAF0656E}\48C9A86D-FF62-1FC6-8DA2-DEA362D5DE5C.exe <==== ATTENTION
Task: {3C482EBD-2522-4B07-877C-60E05659A00D} - System32\Tasks\{1B76A525-ACDD-128E-79C5-9483A1B43ADB} => C:\ProgramData\{6A4FD9B6-DDE4-6E1D-A2B6-2FEDB30F5E24}\D3B2F61B-6419-41B0-7BC6-61388DAEA99B.exe <==== ATTENTION
Task: {41C35E59-9B69-4999-BD3A-34EFDE3AB5A2} - System32\Tasks\{9B23798D-2C88-CE26-7062-958EAAE4A8F7} => C:\ProgramData\{F9A7C46F-4E0C-73C4-5EE0-AE5DFC5273BD}\A1358AE6-169E-3D4D-C45F-2B699EF42368.exe <==== ATTENTION
Task: {4CA76C82-9A07-469B-8FEB-EDDF35CDF35C} - System32\Tasks\{DD89A159-6A22-16F2-3192-4B748C89E066} => C:\ProgramData\{7E6061DB-C9CB-D670-97A2-FDBB949F074D}\BF9263B8-0839-D413-BBFC-1367ED9824B2.exe <==== ATTENTION
Task: {51A17922-038A-4AC0-9EBE-917998B0CBEF} - System32\Tasks\{35F1E434-825A-539F-5DCD-321613ADE1CF} => C:\ProgramData\{04D32809-B378-9FA2-5434-269339149CD1}\6F403CBF-D8EB-8B14-A1C5-B47F1DD1456B.exe <==== ATTENTION
Task: {5AFC101F-A17C-4D5A-B67F-C2D93972FF9D} - System32\Tasks\{291BAC74-9EB0-1BDF-6611-D279515D79CD} => C:\ProgramData\{1674E7EA-A1DF-5041-750B-FB767B0D335B}\745C5F4A-C3F7-E8E1-ADCC-3F19397DA690.exe <==== ATTENTION
Task: {6E15EE09-EB80-427F-9BFE-445375055C4D} - System32\Tasks\{C4D5029A-737E-B531-DC66-BA02773894CD} => C:\ProgramData\{11532002-A6F8-97A9-09B6-B95D4364B9CB}\9BD37E5E-2C78-C9F5-0DAE-570063C9DAA0.exe <==== ATTENTION
Task: {721DA855-534B-47EB-8DE8-291F13781BB1} - System32\Tasks\{0CB78BFA-BB1C-3C51-189C-9A11D1CFBB97} => C:\ProgramData\{08A94816-BF02-FFBD-61EC-2227766596BE}\DAE6AC98-6D4D-1B33-C4D3-4FE0B0EDFF00.exe <==== ATTENTION
Task: {922D83B7-5B22-4CE6-8AB3-35EE5C1F049C} - System32\Tasks\{778FE9D4-C024-5E7F-E604-12B365730275} => C:\ProgramData\{AA766877-1DDD-DFDC-7FE5-242205D40E80}\537241D6-E4D9-F67D-4B82-DDB14F592913.exe <==== ATTENTION
Task: {97CBAEEE-0412-4B4E-B2FA-CAD5DBFB17EE} - System32\Tasks\{3163F9A6-86C8-4E0D-DDA7-94E92CA7A2CD} => C:\ProgramData\{36D1C2A8-817A-7503-BDB9-DAA8F53AB6F1}\E008C69D-57A3-7136-CCE8-4DDD7421791F.exe <==== ATTENTION
Task: {9EB8D30E-EDCA-4391-B8EA-39702DBFDC70} - System32\Tasks\{172572AE-A08E-C505-AE3D-3975821EBDE4} => C:\ProgramData\{E845A9F6-5FEE-1E5D-1F25-DFDC79EE9E19}\8C2AA30D-3B81-14A6-3E1F-010361AD198B.exe <==== ATTENTION
Task: {A2646E7F-E4FB-484E-8D56-0CBAD732D987} - System32\Tasks\{B090F4BA-F7EE-D581-AB53-A0968CD5592C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\5425cc40\5db51df1.dll" <==== ATTENTION
Task: {AB4ED7EB-044A-44A8-9FEF-926379475267} - System32\Tasks\{8162E81A-36C9-5FB1-187B-AFB590F28574} => C:\ProgramData\{CAA8648D-7D03-D326-6E2B-9683024CCCDC}\20F1D504-975A-62AF-3B86-97A88BE727DD.exe <==== ATTENTION
Task: {B403C2F3-6D3C-4A60-AEDF-1A86DA478FEC} - System32\Tasks\{B3E4284D-044F-9FE6-A413-2C6822CA3344} => C:\ProgramData\{AE33F576-1998-42DD-1AE9-24E3E6342482}\74A9E4FB-C302-5350-DB07-9B3B8BF95E1B.exe <==== ATTENTION
Task: {BFE6C894-ED20-4674-8B24-19AF8F85BC08} - System32\Tasks\{C166A24E-76CD-15E5-42A8-814FD7673AD0} => C:\ProgramData\{36D73F50-817C-88FB-E47E-FD0D47B77586}\A9AB5644-1E00-E1EF-E495-AF158C1F90A5.exe <==== ATTENTION
Task: {C32F9E53-FC8C-49C5-846B-03F17EC02863} - System32\Tasks\{300F7ED6-87A4-C97D-8F74-EFFFB0BC246E} => C:\ProgramData\{61C1CA53-D66A-7DF8-098C-4B483F5682CF}\A2ABF12C-1500-4687-25AA-315564AB1BF7.exe <==== ATTENTION
Task: {D92F3FB9-3F08-40DF-BAEF-0173782984F4} - System32\Tasks\{30E34557-8748-F2FC-7374-DDFD321F2182} => C:\ProgramData\{4A727D2B-FDD9-CA80-9104-340DBB3929E7}\0561F597-B2CA-423C-DDB5-5AF66AA41815.exe <==== ATTENTION
Task: {D9C10825-C4CF-4C7A-A94D-F1BF022A11F1} - System32\Tasks\{0BBF794A-BC14-CEE1-C0D8-13E64010A609} => C:\ProgramData\{4722B85A-F089-0FF1-CEE7-933BCF117AB8}\E0C4A050-576F-17FB-85FE-3E2431739DF8.exe <==== ATTENTION
Task: {DCA94F61-1916-4C71-9763-049B7B3587C2} - System32\Tasks\{30236CF7-8788-DB5C-1FA6-92583FF92472} => C:\ProgramData\{CD565826-7AFD-EF8D-A81A-3C513C5BBB63}\1F9147F3-A83A-F058-D8AF-54022B1FAEFD.exe <==== ATTENTION
Task: {EEEEBCCD-38A6-4727-A0C5-E7A9F2C248D3} - System32\Tasks\{9868813B-2FC3-3690-3EB3-AC4462C442EB} => C:\ProgramData\{ED15032E-5ABE-B485-4652-B06A8F4BAF03}\13623FD5-A4C9-887E-65D0-4B71BE40CAC3.exe <==== ATTENTION
Task: {EF5D8D53-F871-450C-8047-42CC0920F5A2} - System32\Tasks\{E702521E-FD6F-4F91-B963-A4971D6AD3AD} => pcalua.exe -a C:\Users\Julie\Desktop\jxpiinstall.exe -d C:\Users\Julie\Desktop
Task: {F300A44E-5098-482E-AC29-3F1208BD66FE} - System32\Tasks\{CF41AB61-78EA-1CCA-564C-BFD5F7C2F835} => C:\ProgramData\{AE034305-19A8-F4AE-5824-841872DC3231}\9AA307D1-2D08-B07A-C9EE-A7546E1ACE57.exe <==== ATTENTION
Task: {F6F69977-CEE6-41E9-A226-EF08B76A3575} - System32\Tasks\{416B323D-F6C0-8596-55E5-0AE35E3F5048} => C:\ProgramData\{1E654AB9-A9CE-FD12-9E2E-5CCE215834E3}\50648294-E7CF-353F-8237-B0E48E9ED55A.exe <==== ATTENTION
C:\ProgramData\{F545ED39-42EE-5A92-552D-92895B7603CB}
C:\ProgramData\{7B9C110E-CC37-A6A5-ADDA-44C80CA1B300}
C:\ProgramData\{654736C6-D2EC-816D-F6FE-9951E2EACBE5}
C:\ProgramData\{6FC71012-D86C-A7B9-C9C2-BB8E40866C69}
C:\ProgramData\{947D5F03-23D6-E8A8-A5D5-450BC7B11D75}
C:\ProgramData\{4CE4ED55-FB4F-5AFE-12DA-3223A6643F4A}
C:\ProgramData\{BA74F400-0DDF-43AB-5731-FF3BA13CAE59}
C:\ProgramData\{FD6784CC-4ACC-3367-E77C-472FC7570B4A}
C:\ProgramData\{DA82A375-6D29-14DE-6BC0-77D62B66A57F}
C:\ProgramData\{FA18728E-4DB3-C525-8B60-A9F8FAF0656E}
C:\ProgramData\{6A4FD9B6-DDE4-6E1D-A2B6-2FEDB30F5E24}
C:\ProgramData\{F9A7C46F-4E0C-73C4-5EE0-AE5DFC5273BD}
C:\ProgramData\{7E6061DB-C9CB-D670-97A2-FDBB949F074D}
C:\ProgramData\{04D32809-B378-9FA2-5434-269339149CD1}
C:\ProgramData\{1674E7EA-A1DF-5041-750B-FB767B0D335B}
C:\ProgramData\{11532002-A6F8-97A9-09B6-B95D4364B9CB}
C:\ProgramData\{08A94816-BF02-FFBD-61EC-2227766596BE}
C:\ProgramData\{AA766877-1DDD-DFDC-7FE5-242205D40E80}
C:\ProgramData\{36D1C2A8-817A-7503-BDB9-DAA8F53AB6F1}
C:\ProgramData\{E845A9F6-5FEE-1E5D-1F25-DFDC79EE9E19}
C:\PROGRA~3\5425cc40
C:\ProgramData\{CAA8648D-7D03-D326-6E2B-9683024CCCDC}
C:\ProgramData\{AE33F576-1998-42DD-1AE9-24E3E6342482}
C:\ProgramData\{36D73F50-817C-88FB-E47E-FD0D47B77586}
C:\ProgramData\{61C1CA53-D66A-7DF8-098C-4B483F5682CF}
C:\ProgramData\{4A727D2B-FDD9-CA80-9104-340DBB3929E7}
C:\ProgramData\{4722B85A-F089-0FF1-CEE7-933BCF117AB8}
C:\ProgramData\{CD565826-7AFD-EF8D-A81A-3C513C5BBB63}
C:\ProgramData\{ED15032E-5ABE-B485-4652-B06A8F4BAF03}
C:\Users\Julie\Desktop\jxpiinstall.exe
C:\ProgramData\{AE034305-19A8-F4AE-5824-841872DC3231}
C:\ProgramData\{1E654AB9-A9CE-FD12-9E2E-5CCE215834E3}
C:\Windows\SysWOW64\NTIOFM4.dll
C:\Users\Julie\AppData\Local\Temp\2250760.t.exe
C:\Users\Julie\AppData\Local\Temp\2995168.t.exe
C:\Users\Julie\AppData\Local\Temp\34775960.t.exe
C:\Users\Julie\AppData\Local\Temp\60813995.t.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 FuchsiaIce

FuchsiaIce
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:07:19 PM

Posted 20 January 2017 - 08:48 PM

Ran the fix and the computer restarted.  I had disconnected the ethernet cable and still no connection wirelessly when the machine restarted.  There are no other problems currently, but the "little glitches" mentioned above (command prompt window, pop ups, etc.) were only happening sporadically.

 

I am now reconnected by wire in order to post to this forum.

 

Here is the fix log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Julie (20-01-2017 19:15:32) Run:3
Running from C:\Users\Julie\Desktop
Loaded Profiles: Julie (Available Profiles: Julie & Mcx1-JUBILATIONLEE & Mcx2-JUBILATIONLEE)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {08E245AF-BD4D-4DAB-A39E-D2B9D54585EB} - System32\Tasks\{7145781B-C6EE-CFB0-AA8F-5B925AC73E0E} => C:\ProgramData\{F545ED39-42EE-5A92-552D-92895B7603CB}\871750D4-30BC-E77F-7C0C-3576345ABAEE.exe <==== ATTENTION
Task: {19DC2523-25B0-46ED-8169-4D58F571FD26} - System32\Tasks\{0E8559D8-B92E-EE73-21CD-FA7E221F8791} => C:\ProgramData\{7B9C110E-CC37-A6A5-ADDA-44C80CA1B300}\6D3078D6-DA9B-CF7D-5A95-C2762445159D.exe <==== ATTENTION
Task: {2766BEB7-1172-454A-BAA5-1A24F902CF0B} - System32\Tasks\{D1EC1045-6647-A7EE-7743-E7D3743FD033} => C:\ProgramData\{654736C6-D2EC-816D-F6FE-9951E2EACBE5}\78607BBE-CFCB-CC15-A6C6-32537F0A2F2C.exe <==== ATTENTION
Task: {2B8919A8-402D-4C6A-BEB2-1CB7638FA174} - System32\Tasks\{A5A454A9-120F-E302-5173-3B1AA673BA9C} => C:\ProgramData\{6FC71012-D86C-A7B9-C9C2-BB8E40866C69}\93A8F772-2403-40D9-5900-6197A0F5A1B1.exe <==== ATTENTION
Task: {2D9D85A4-B627-4423-B8C8-938FC7B1A7E8} - System32\Tasks\{48BF5808-FF14-EFA3-1007-FA0C2F2A116D} => C:\ProgramData\{947D5F03-23D6-E8A8-A5D5-450BC7B11D75}\50FCC2E9-E757-7542-37C0-7EC212E5F9BB.exe <==== ATTENTION
Task: {33876DCC-95C2-42EF-8D8F-83473BE3158E} - System32\Tasks\{9B26CA5B-2C8D-7DF0-8B7E-A6C58A547D6B} => C:\ProgramData\{4CE4ED55-FB4F-5AFE-12DA-3223A6643F4A}\2C7E0B26-9BD5-BC8D-4774-1677F0660E78.exe <==== ATTENTION
Task: {34ABDDFA-8435-4817-AA0C-6DC6F5A061B0} - System32\Tasks\{3898ABAC-8F33-1C07-F1AB-FB09EED30C11} => C:\ProgramData\{BA74F400-0DDF-43AB-5731-FF3BA13CAE59}\C036D9AD-779D-6E06-CAD5-A7B38DE1AD63.exe <==== ATTENTION
Task: {38AB0D67-5DBA-479D-8E1F-8D0EE181D298} - System32\Tasks\{041CCB44-B3B7-7CEF-9220-209D6673C907} => C:\ProgramData\{FD6784CC-4ACC-3367-E77C-472FC7570B4A}\A4DC494B-1377-FEE0-2E2C-62FB054D7D6A.exe <==== ATTENTION
Task: {3984DBA2-55D7-471C-8A1C-DF08A3D93961} - System32\Tasks\{074B5343-B0E0-E4E8-2C72-49E2C6B999F2} => C:\ProgramData\{DA82A375-6D29-14DE-6BC0-77D62B66A57F}\BD51AA14-0AFA-1DBF-E3D3-92D04BD4037E.exe <==== ATTENTION
Task: {3A9C296F-8903-446C-9712-F7E0865D9769} - System32\Tasks\{C24EF494-75E5-433F-5EB9-17B51C930DD9} => C:\ProgramData\{FA18728E-4DB3-C525-8B60-A9F8FAF0656E}\48C9A86D-FF62-1FC6-8DA2-DEA362D5DE5C.exe <==== ATTENTION
Task: {3C482EBD-2522-4B07-877C-60E05659A00D} - System32\Tasks\{1B76A525-ACDD-128E-79C5-9483A1B43ADB} => C:\ProgramData\{6A4FD9B6-DDE4-6E1D-A2B6-2FEDB30F5E24}\D3B2F61B-6419-41B0-7BC6-61388DAEA99B.exe <==== ATTENTION
Task: {41C35E59-9B69-4999-BD3A-34EFDE3AB5A2} - System32\Tasks\{9B23798D-2C88-CE26-7062-958EAAE4A8F7} => C:\ProgramData\{F9A7C46F-4E0C-73C4-5EE0-AE5DFC5273BD}\A1358AE6-169E-3D4D-C45F-2B699EF42368.exe <==== ATTENTION
Task: {4CA76C82-9A07-469B-8FEB-EDDF35CDF35C} - System32\Tasks\{DD89A159-6A22-16F2-3192-4B748C89E066} => C:\ProgramData\{7E6061DB-C9CB-D670-97A2-FDBB949F074D}\BF9263B8-0839-D413-BBFC-1367ED9824B2.exe <==== ATTENTION
Task: {51A17922-038A-4AC0-9EBE-917998B0CBEF} - System32\Tasks\{35F1E434-825A-539F-5DCD-321613ADE1CF} => C:\ProgramData\{04D32809-B378-9FA2-5434-269339149CD1}\6F403CBF-D8EB-8B14-A1C5-B47F1DD1456B.exe <==== ATTENTION
Task: {5AFC101F-A17C-4D5A-B67F-C2D93972FF9D} - System32\Tasks\{291BAC74-9EB0-1BDF-6611-D279515D79CD} => C:\ProgramData\{1674E7EA-A1DF-5041-750B-FB767B0D335B}\745C5F4A-C3F7-E8E1-ADCC-3F19397DA690.exe <==== ATTENTION
Task: {6E15EE09-EB80-427F-9BFE-445375055C4D} - System32\Tasks\{C4D5029A-737E-B531-DC66-BA02773894CD} => C:\ProgramData\{11532002-A6F8-97A9-09B6-B95D4364B9CB}\9BD37E5E-2C78-C9F5-0DAE-570063C9DAA0.exe <==== ATTENTION
Task: {721DA855-534B-47EB-8DE8-291F13781BB1} - System32\Tasks\{0CB78BFA-BB1C-3C51-189C-9A11D1CFBB97} => C:\ProgramData\{08A94816-BF02-FFBD-61EC-2227766596BE}\DAE6AC98-6D4D-1B33-C4D3-4FE0B0EDFF00.exe <==== ATTENTION
Task: {922D83B7-5B22-4CE6-8AB3-35EE5C1F049C} - System32\Tasks\{778FE9D4-C024-5E7F-E604-12B365730275} => C:\ProgramData\{AA766877-1DDD-DFDC-7FE5-242205D40E80}\537241D6-E4D9-F67D-4B82-DDB14F592913.exe <==== ATTENTION
Task: {97CBAEEE-0412-4B4E-B2FA-CAD5DBFB17EE} - System32\Tasks\{3163F9A6-86C8-4E0D-DDA7-94E92CA7A2CD} => C:\ProgramData\{36D1C2A8-817A-7503-BDB9-DAA8F53AB6F1}\E008C69D-57A3-7136-CCE8-4DDD7421791F.exe <==== ATTENTION
Task: {9EB8D30E-EDCA-4391-B8EA-39702DBFDC70} - System32\Tasks\{172572AE-A08E-C505-AE3D-3975821EBDE4} => C:\ProgramData\{E845A9F6-5FEE-1E5D-1F25-DFDC79EE9E19}\8C2AA30D-3B81-14A6-3E1F-010361AD198B.exe <==== ATTENTION
Task: {A2646E7F-E4FB-484E-8D56-0CBAD732D987} - System32\Tasks\{B090F4BA-F7EE-D581-AB53-A0968CD5592C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\5425cc40\5db51df1.dll" <==== ATTENTION
Task: {AB4ED7EB-044A-44A8-9FEF-926379475267} - System32\Tasks\{8162E81A-36C9-5FB1-187B-AFB590F28574} => C:\ProgramData\{CAA8648D-7D03-D326-6E2B-9683024CCCDC}\20F1D504-975A-62AF-3B86-97A88BE727DD.exe <==== ATTENTION
Task: {B403C2F3-6D3C-4A60-AEDF-1A86DA478FEC} - System32\Tasks\{B3E4284D-044F-9FE6-A413-2C6822CA3344} => C:\ProgramData\{AE33F576-1998-42DD-1AE9-24E3E6342482}\74A9E4FB-C302-5350-DB07-9B3B8BF95E1B.exe <==== ATTENTION
Task: {BFE6C894-ED20-4674-8B24-19AF8F85BC08} - System32\Tasks\{C166A24E-76CD-15E5-42A8-814FD7673AD0} => C:\ProgramData\{36D73F50-817C-88FB-E47E-FD0D47B77586}\A9AB5644-1E00-E1EF-E495-AF158C1F90A5.exe <==== ATTENTION
Task: {C32F9E53-FC8C-49C5-846B-03F17EC02863} - System32\Tasks\{300F7ED6-87A4-C97D-8F74-EFFFB0BC246E} => C:\ProgramData\{61C1CA53-D66A-7DF8-098C-4B483F5682CF}\A2ABF12C-1500-4687-25AA-315564AB1BF7.exe <==== ATTENTION
Task: {D92F3FB9-3F08-40DF-BAEF-0173782984F4} - System32\Tasks\{30E34557-8748-F2FC-7374-DDFD321F2182} => C:\ProgramData\{4A727D2B-FDD9-CA80-9104-340DBB3929E7}\0561F597-B2CA-423C-DDB5-5AF66AA41815.exe <==== ATTENTION
Task: {D9C10825-C4CF-4C7A-A94D-F1BF022A11F1} - System32\Tasks\{0BBF794A-BC14-CEE1-C0D8-13E64010A609} => C:\ProgramData\{4722B85A-F089-0FF1-CEE7-933BCF117AB8}\E0C4A050-576F-17FB-85FE-3E2431739DF8.exe <==== ATTENTION
Task: {DCA94F61-1916-4C71-9763-049B7B3587C2} - System32\Tasks\{30236CF7-8788-DB5C-1FA6-92583FF92472} => C:\ProgramData\{CD565826-7AFD-EF8D-A81A-3C513C5BBB63}\1F9147F3-A83A-F058-D8AF-54022B1FAEFD.exe <==== ATTENTION
Task: {EEEEBCCD-38A6-4727-A0C5-E7A9F2C248D3} - System32\Tasks\{9868813B-2FC3-3690-3EB3-AC4462C442EB} => C:\ProgramData\{ED15032E-5ABE-B485-4652-B06A8F4BAF03}\13623FD5-A4C9-887E-65D0-4B71BE40CAC3.exe <==== ATTENTION
Task: {EF5D8D53-F871-450C-8047-42CC0920F5A2} - System32\Tasks\{E702521E-FD6F-4F91-B963-A4971D6AD3AD} => pcalua.exe -a C:\Users\Julie\Desktop\jxpiinstall.exe -d C:\Users\Julie\Desktop
Task: {F300A44E-5098-482E-AC29-3F1208BD66FE} - System32\Tasks\{CF41AB61-78EA-1CCA-564C-BFD5F7C2F835} => C:\ProgramData\{AE034305-19A8-F4AE-5824-841872DC3231}\9AA307D1-2D08-B07A-C9EE-A7546E1ACE57.exe <==== ATTENTION
Task: {F6F69977-CEE6-41E9-A226-EF08B76A3575} - System32\Tasks\{416B323D-F6C0-8596-55E5-0AE35E3F5048} => C:\ProgramData\{1E654AB9-A9CE-FD12-9E2E-5CCE215834E3}\50648294-E7CF-353F-8237-B0E48E9ED55A.exe <==== ATTENTION
C:\ProgramData\{F545ED39-42EE-5A92-552D-92895B7603CB}
C:\ProgramData\{7B9C110E-CC37-A6A5-ADDA-44C80CA1B300}
C:\ProgramData\{654736C6-D2EC-816D-F6FE-9951E2EACBE5}
C:\ProgramData\{6FC71012-D86C-A7B9-C9C2-BB8E40866C69}
C:\ProgramData\{947D5F03-23D6-E8A8-A5D5-450BC7B11D75}
C:\ProgramData\{4CE4ED55-FB4F-5AFE-12DA-3223A6643F4A}
C:\ProgramData\{BA74F400-0DDF-43AB-5731-FF3BA13CAE59}
C:\ProgramData\{FD6784CC-4ACC-3367-E77C-472FC7570B4A}
C:\ProgramData\{DA82A375-6D29-14DE-6BC0-77D62B66A57F}
C:\ProgramData\{FA18728E-4DB3-C525-8B60-A9F8FAF0656E}
C:\ProgramData\{6A4FD9B6-DDE4-6E1D-A2B6-2FEDB30F5E24}
C:\ProgramData\{F9A7C46F-4E0C-73C4-5EE0-AE5DFC5273BD}
C:\ProgramData\{7E6061DB-C9CB-D670-97A2-FDBB949F074D}
C:\ProgramData\{04D32809-B378-9FA2-5434-269339149CD1}
C:\ProgramData\{1674E7EA-A1DF-5041-750B-FB767B0D335B}
C:\ProgramData\{11532002-A6F8-97A9-09B6-B95D4364B9CB}
C:\ProgramData\{08A94816-BF02-FFBD-61EC-2227766596BE}
C:\ProgramData\{AA766877-1DDD-DFDC-7FE5-242205D40E80}
C:\ProgramData\{36D1C2A8-817A-7503-BDB9-DAA8F53AB6F1}
C:\ProgramData\{E845A9F6-5FEE-1E5D-1F25-DFDC79EE9E19}
C:\PROGRA~3\5425cc40
C:\ProgramData\{CAA8648D-7D03-D326-6E2B-9683024CCCDC}
C:\ProgramData\{AE33F576-1998-42DD-1AE9-24E3E6342482}
C:\ProgramData\{36D73F50-817C-88FB-E47E-FD0D47B77586}
C:\ProgramData\{61C1CA53-D66A-7DF8-098C-4B483F5682CF}
C:\ProgramData\{4A727D2B-FDD9-CA80-9104-340DBB3929E7}
C:\ProgramData\{4722B85A-F089-0FF1-CEE7-933BCF117AB8}
C:\ProgramData\{CD565826-7AFD-EF8D-A81A-3C513C5BBB63}
C:\ProgramData\{ED15032E-5ABE-B485-4652-B06A8F4BAF03}
C:\Users\Julie\Desktop\jxpiinstall.exe
C:\ProgramData\{AE034305-19A8-F4AE-5824-841872DC3231}
C:\ProgramData\{1E654AB9-A9CE-FD12-9E2E-5CCE215834E3}
C:\Windows\SysWOW64\NTIOFM4.dll
C:\Users\Julie\AppData\Local\Temp\2250760.t.exe
C:\Users\Julie\AppData\Local\Temp\2995168.t.exe
C:\Users\Julie\AppData\Local\Temp\34775960.t.exe
C:\Users\Julie\AppData\Local\Temp\60813995.t.exe

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08E245AF-BD4D-4DAB-A39E-D2B9D54585EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08E245AF-BD4D-4DAB-A39E-D2B9D54585EB} => key removed successfully
C:\Windows\System32\Tasks\{7145781B-C6EE-CFB0-AA8F-5B925AC73E0E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7145781B-C6EE-CFB0-AA8F-5B925AC73E0E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19DC2523-25B0-46ED-8169-4D58F571FD26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19DC2523-25B0-46ED-8169-4D58F571FD26} => key removed successfully
C:\Windows\System32\Tasks\{0E8559D8-B92E-EE73-21CD-FA7E221F8791} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E8559D8-B92E-EE73-21CD-FA7E221F8791} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2766BEB7-1172-454A-BAA5-1A24F902CF0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2766BEB7-1172-454A-BAA5-1A24F902CF0B} => key removed successfully
C:\Windows\System32\Tasks\{D1EC1045-6647-A7EE-7743-E7D3743FD033} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D1EC1045-6647-A7EE-7743-E7D3743FD033} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B8919A8-402D-4C6A-BEB2-1CB7638FA174} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B8919A8-402D-4C6A-BEB2-1CB7638FA174} => key removed successfully
C:\Windows\System32\Tasks\{A5A454A9-120F-E302-5173-3B1AA673BA9C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5A454A9-120F-E302-5173-3B1AA673BA9C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D9D85A4-B627-4423-B8C8-938FC7B1A7E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D9D85A4-B627-4423-B8C8-938FC7B1A7E8} => key removed successfully
C:\Windows\System32\Tasks\{48BF5808-FF14-EFA3-1007-FA0C2F2A116D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{48BF5808-FF14-EFA3-1007-FA0C2F2A116D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33876DCC-95C2-42EF-8D8F-83473BE3158E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33876DCC-95C2-42EF-8D8F-83473BE3158E} => key removed successfully
C:\Windows\System32\Tasks\{9B26CA5B-2C8D-7DF0-8B7E-A6C58A547D6B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9B26CA5B-2C8D-7DF0-8B7E-A6C58A547D6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34ABDDFA-8435-4817-AA0C-6DC6F5A061B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34ABDDFA-8435-4817-AA0C-6DC6F5A061B0} => key removed successfully
C:\Windows\System32\Tasks\{3898ABAC-8F33-1C07-F1AB-FB09EED30C11} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3898ABAC-8F33-1C07-F1AB-FB09EED30C11} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38AB0D67-5DBA-479D-8E1F-8D0EE181D298} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38AB0D67-5DBA-479D-8E1F-8D0EE181D298} => key removed successfully
C:\Windows\System32\Tasks\{041CCB44-B3B7-7CEF-9220-209D6673C907} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{041CCB44-B3B7-7CEF-9220-209D6673C907} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3984DBA2-55D7-471C-8A1C-DF08A3D93961} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3984DBA2-55D7-471C-8A1C-DF08A3D93961} => key removed successfully
C:\Windows\System32\Tasks\{074B5343-B0E0-E4E8-2C72-49E2C6B999F2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{074B5343-B0E0-E4E8-2C72-49E2C6B999F2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A9C296F-8903-446C-9712-F7E0865D9769} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A9C296F-8903-446C-9712-F7E0865D9769} => key removed successfully
C:\Windows\System32\Tasks\{C24EF494-75E5-433F-5EB9-17B51C930DD9} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C24EF494-75E5-433F-5EB9-17B51C930DD9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C482EBD-2522-4B07-877C-60E05659A00D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C482EBD-2522-4B07-877C-60E05659A00D} => key removed successfully
C:\Windows\System32\Tasks\{1B76A525-ACDD-128E-79C5-9483A1B43ADB} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B76A525-ACDD-128E-79C5-9483A1B43ADB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41C35E59-9B69-4999-BD3A-34EFDE3AB5A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41C35E59-9B69-4999-BD3A-34EFDE3AB5A2} => key removed successfully
C:\Windows\System32\Tasks\{9B23798D-2C88-CE26-7062-958EAAE4A8F7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9B23798D-2C88-CE26-7062-958EAAE4A8F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CA76C82-9A07-469B-8FEB-EDDF35CDF35C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CA76C82-9A07-469B-8FEB-EDDF35CDF35C} => key removed successfully
C:\Windows\System32\Tasks\{DD89A159-6A22-16F2-3192-4B748C89E066} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DD89A159-6A22-16F2-3192-4B748C89E066} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51A17922-038A-4AC0-9EBE-917998B0CBEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51A17922-038A-4AC0-9EBE-917998B0CBEF} => key removed successfully
C:\Windows\System32\Tasks\{35F1E434-825A-539F-5DCD-321613ADE1CF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{35F1E434-825A-539F-5DCD-321613ADE1CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AFC101F-A17C-4D5A-B67F-C2D93972FF9D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AFC101F-A17C-4D5A-B67F-C2D93972FF9D} => key removed successfully
C:\Windows\System32\Tasks\{291BAC74-9EB0-1BDF-6611-D279515D79CD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{291BAC74-9EB0-1BDF-6611-D279515D79CD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E15EE09-EB80-427F-9BFE-445375055C4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E15EE09-EB80-427F-9BFE-445375055C4D} => key removed successfully
C:\Windows\System32\Tasks\{C4D5029A-737E-B531-DC66-BA02773894CD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C4D5029A-737E-B531-DC66-BA02773894CD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{721DA855-534B-47EB-8DE8-291F13781BB1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{721DA855-534B-47EB-8DE8-291F13781BB1} => key removed successfully
C:\Windows\System32\Tasks\{0CB78BFA-BB1C-3C51-189C-9A11D1CFBB97} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0CB78BFA-BB1C-3C51-189C-9A11D1CFBB97} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{922D83B7-5B22-4CE6-8AB3-35EE5C1F049C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{922D83B7-5B22-4CE6-8AB3-35EE5C1F049C} => key removed successfully
C:\Windows\System32\Tasks\{778FE9D4-C024-5E7F-E604-12B365730275} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{778FE9D4-C024-5E7F-E604-12B365730275} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97CBAEEE-0412-4B4E-B2FA-CAD5DBFB17EE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97CBAEEE-0412-4B4E-B2FA-CAD5DBFB17EE} => key removed successfully
C:\Windows\System32\Tasks\{3163F9A6-86C8-4E0D-DDA7-94E92CA7A2CD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3163F9A6-86C8-4E0D-DDA7-94E92CA7A2CD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EB8D30E-EDCA-4391-B8EA-39702DBFDC70} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EB8D30E-EDCA-4391-B8EA-39702DBFDC70} => key removed successfully
C:\Windows\System32\Tasks\{172572AE-A08E-C505-AE3D-3975821EBDE4} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{172572AE-A08E-C505-AE3D-3975821EBDE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2646E7F-E4FB-484E-8D56-0CBAD732D987} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2646E7F-E4FB-484E-8D56-0CBAD732D987} => key removed successfully
C:\Windows\System32\Tasks\{B090F4BA-F7EE-D581-AB53-A0968CD5592C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B090F4BA-F7EE-D581-AB53-A0968CD5592C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB4ED7EB-044A-44A8-9FEF-926379475267} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB4ED7EB-044A-44A8-9FEF-926379475267} => key removed successfully
C:\Windows\System32\Tasks\{8162E81A-36C9-5FB1-187B-AFB590F28574} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8162E81A-36C9-5FB1-187B-AFB590F28574} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B403C2F3-6D3C-4A60-AEDF-1A86DA478FEC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B403C2F3-6D3C-4A60-AEDF-1A86DA478FEC} => key removed successfully
C:\Windows\System32\Tasks\{B3E4284D-044F-9FE6-A413-2C6822CA3344} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3E4284D-044F-9FE6-A413-2C6822CA3344} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFE6C894-ED20-4674-8B24-19AF8F85BC08} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFE6C894-ED20-4674-8B24-19AF8F85BC08} => key removed successfully
C:\Windows\System32\Tasks\{C166A24E-76CD-15E5-42A8-814FD7673AD0} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C166A24E-76CD-15E5-42A8-814FD7673AD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C32F9E53-FC8C-49C5-846B-03F17EC02863} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C32F9E53-FC8C-49C5-846B-03F17EC02863} => key removed successfully
C:\Windows\System32\Tasks\{300F7ED6-87A4-C97D-8F74-EFFFB0BC246E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{300F7ED6-87A4-C97D-8F74-EFFFB0BC246E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D92F3FB9-3F08-40DF-BAEF-0173782984F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D92F3FB9-3F08-40DF-BAEF-0173782984F4} => key removed successfully
C:\Windows\System32\Tasks\{30E34557-8748-F2FC-7374-DDFD321F2182} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30E34557-8748-F2FC-7374-DDFD321F2182} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9C10825-C4CF-4C7A-A94D-F1BF022A11F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9C10825-C4CF-4C7A-A94D-F1BF022A11F1} => key removed successfully
C:\Windows\System32\Tasks\{0BBF794A-BC14-CEE1-C0D8-13E64010A609} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0BBF794A-BC14-CEE1-C0D8-13E64010A609} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCA94F61-1916-4C71-9763-049B7B3587C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCA94F61-1916-4C71-9763-049B7B3587C2} => key removed successfully
C:\Windows\System32\Tasks\{30236CF7-8788-DB5C-1FA6-92583FF92472} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30236CF7-8788-DB5C-1FA6-92583FF92472} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEEEBCCD-38A6-4727-A0C5-E7A9F2C248D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEEEBCCD-38A6-4727-A0C5-E7A9F2C248D3} => key removed successfully
C:\Windows\System32\Tasks\{9868813B-2FC3-3690-3EB3-AC4462C442EB} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9868813B-2FC3-3690-3EB3-AC4462C442EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF5D8D53-F871-450C-8047-42CC0920F5A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF5D8D53-F871-450C-8047-42CC0920F5A2} => key removed successfully
C:\Windows\System32\Tasks\{E702521E-FD6F-4F91-B963-A4971D6AD3AD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E702521E-FD6F-4F91-B963-A4971D6AD3AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F300A44E-5098-482E-AC29-3F1208BD66FE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F300A44E-5098-482E-AC29-3F1208BD66FE} => key removed successfully
C:\Windows\System32\Tasks\{CF41AB61-78EA-1CCA-564C-BFD5F7C2F835} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF41AB61-78EA-1CCA-564C-BFD5F7C2F835} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6F69977-CEE6-41E9-A226-EF08B76A3575} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6F69977-CEE6-41E9-A226-EF08B76A3575} => key removed successfully
C:\Windows\System32\Tasks\{416B323D-F6C0-8596-55E5-0AE35E3F5048} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{416B323D-F6C0-8596-55E5-0AE35E3F5048} => key removed successfully
"C:\ProgramData\{F545ED39-42EE-5A92-552D-92895B7603CB}" => not found.
"C:\ProgramData\{7B9C110E-CC37-A6A5-ADDA-44C80CA1B300}" => not found.
"C:\ProgramData\{654736C6-D2EC-816D-F6FE-9951E2EACBE5}" => not found.
"C:\ProgramData\{6FC71012-D86C-A7B9-C9C2-BB8E40866C69}" => not found.
"C:\ProgramData\{947D5F03-23D6-E8A8-A5D5-450BC7B11D75}" => not found.
"C:\ProgramData\{4CE4ED55-FB4F-5AFE-12DA-3223A6643F4A}" => not found.
"C:\ProgramData\{BA74F400-0DDF-43AB-5731-FF3BA13CAE59}" => not found.
"C:\ProgramData\{FD6784CC-4ACC-3367-E77C-472FC7570B4A}" => not found.
"C:\ProgramData\{DA82A375-6D29-14DE-6BC0-77D62B66A57F}" => not found.
"C:\ProgramData\{FA18728E-4DB3-C525-8B60-A9F8FAF0656E}" => not found.
"C:\ProgramData\{6A4FD9B6-DDE4-6E1D-A2B6-2FEDB30F5E24}" => not found.
"C:\ProgramData\{F9A7C46F-4E0C-73C4-5EE0-AE5DFC5273BD}" => not found.
"C:\ProgramData\{7E6061DB-C9CB-D670-97A2-FDBB949F074D}" => not found.
"C:\ProgramData\{04D32809-B378-9FA2-5434-269339149CD1}" => not found.
"C:\ProgramData\{1674E7EA-A1DF-5041-750B-FB767B0D335B}" => not found.
"C:\ProgramData\{11532002-A6F8-97A9-09B6-B95D4364B9CB}" => not found.
"C:\ProgramData\{08A94816-BF02-FFBD-61EC-2227766596BE}" => not found.
"C:\ProgramData\{AA766877-1DDD-DFDC-7FE5-242205D40E80}" => not found.
"C:\ProgramData\{36D1C2A8-817A-7503-BDB9-DAA8F53AB6F1}" => not found.
"C:\ProgramData\{E845A9F6-5FEE-1E5D-1F25-DFDC79EE9E19}" => not found.
"C:\PROGRA~3\5425cc40" => not found.
"C:\ProgramData\{CAA8648D-7D03-D326-6E2B-9683024CCCDC}" => not found.
"C:\ProgramData\{AE33F576-1998-42DD-1AE9-24E3E6342482}" => not found.
"C:\ProgramData\{36D73F50-817C-88FB-E47E-FD0D47B77586}" => not found.
"C:\ProgramData\{61C1CA53-D66A-7DF8-098C-4B483F5682CF}" => not found.
"C:\ProgramData\{4A727D2B-FDD9-CA80-9104-340DBB3929E7}" => not found.
"C:\ProgramData\{4722B85A-F089-0FF1-CEE7-933BCF117AB8}" => not found.
"C:\ProgramData\{CD565826-7AFD-EF8D-A81A-3C513C5BBB63}" => not found.
"C:\ProgramData\{ED15032E-5ABE-B485-4652-B06A8F4BAF03}" => not found.
"C:\Users\Julie\Desktop\jxpiinstall.exe" => not found.
"C:\ProgramData\{AE034305-19A8-F4AE-5824-841872DC3231}" => not found.
"C:\ProgramData\{1E654AB9-A9CE-FD12-9E2E-5CCE215834E3}" => not found.
C:\Windows\SysWOW64\NTIOFM4.dll => moved successfully
C:\Users\Julie\AppData\Local\Temp\2250760.t.exe => moved successfully
C:\Users\Julie\AppData\Local\Temp\2995168.t.exe => moved successfully
C:\Users\Julie\AppData\Local\Temp\34775960.t.exe => moved successfully
C:\Users\Julie\AppData\Local\Temp\60813995.t.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39197450 B
Java, Flash, Steam htmlcache => 1024 B
Windows/system/drivers => 75989074 B
Edge => 0 B
Chrome => 0 B
Firefox => 377489378 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 424 B
LocalService => 0 B
NetworkService => 425860 B
Julie => 389213888 B
Mcx1-JUBILATIONLEE => 0 B
Mcx2-JUBILATIONLEE => 0 B

RecycleBin => 0 B
EmptyTemp: => 849.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:20:37 ====


Fuchsia Ice

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 21 January 2017 - 08:39 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
RemoveProxy:

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.
===


If the problem persists reset your router.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#5 FuchsiaIce

FuchsiaIce
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:07:19 PM

Posted 22 January 2017 - 03:27 AM

Ran fix, computer restarted, no joy on connecting wirelessly so reset the Gateway.  Still not wirelessly connected.  The Gateway is WPA2-PSK (AES) secured.  Here is the fix log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Julie (22-01-2017 01:07:48) Run:4
Running from C:\Users\Julie\Desktop
Loaded Profiles: Julie (Available Profiles: Julie & Mcx1-JUBILATIONLEE & Mcx2-JUBILATIONLEE)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
RemoveProxy:

Reboot:


End
*****************

Restore point was successfully created.
Processes closed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Wireless Network Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.{EF09A829-DC9F-48A7-9620-8CA865F76522}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{22622142-FCAB-4270-AD57-A77EF2BCC417}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Wireless Network Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : attlocal.net
   IPv4 Address. . . . . . . . . . . : 192.168.1.78
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

Tunnel adapter isatap.{EF09A829-DC9F-48A7-9620-8CA865F76522}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net

Tunnel adapter isatap.{22622142-FCAB-4270-AD57-A77EF2BCC417}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv4 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-658284135-3662055118-2884648652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========



The system needed a reboot.

==== End of Fixlog 01:10:31 ====


Fuchsia Ice

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 22 January 2017 - 08:48 AM


Lan setting is not my forte.

I suggest you start a new topic in the Networking Forum.

https://www.bleepingcomputer.com/forums/f/21/networking/

Before you do download and run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (MTB.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Post the log in the new topic. Tell them what the problem is and what you have done to reset the connection.

I will leave this topic open of 6 days.
If you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users