Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

csrss.exe


  • This topic is locked This topic is locked
19 replies to this topic

#1 Staceysa

Staceysa

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 15 February 2018 - 10:23 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:20:49 PM, on 2/15/2018
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16872)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
C:\Program Files\Canon\Quick Utility Toolbox\cnqtbapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Stacey\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutLauncher4.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AVG\Antivirus\AVGUI.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Users\Stacey\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutBridge4.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Users\Stacey\Desktop\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX2] C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe /FORCE
O4 - HKLM\..\Run: [CanonQuickToolbox] C:\Program Files\Canon\Quick Utility Toolbox\cnqtbapp.exe -NOUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cricut Design Space3] "C:\Users\Stacey\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutLauncher4.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.keytrain.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\aswidsagent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14119 bytes
 



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:57 AM

Posted 16 February 2018 - 05:23 AM

Hello Staceysa and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Run HijackThis


  • open HijackThis and click Do a system scan only.
  • place a check mark next to the following entries:


    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?

     

  • close all windows except for HijackThis and click Fix checked.

NEXT


  • with HJT open, click on Config and then on the Misc Tools button
  • if you're viewing HijackThis from the Main Menu, click on Open the Misc Tools Section
  • click on the Open Uninstall Manager button
  • click the Save List button.

Copy and paste that list here as well as the HijackThis fix log.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:57 AM

Posted 19 February 2018 - 03:43 AM

Hi Staceysa

It has been several days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 Staceysa

Staceysa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 19 February 2018 - 11:22 PM

Sorry about that. Thank you for helping me!

 

 Update for Microsoft Office 2007 (KB2508958)
926plv32
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Elements Studio Launcher
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 28 ActiveX
Adobe Flash Player 28 NPAPI
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Premiere Elements 4.0 Templates
Adobe Reader X (10.1.16)
Adobe Refresh Manager
Adobe Setup
Adobe Setup
Adobe Shockwave Player 12.1
Adobe Soundbooth CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Apple Application Support (32-bit)
Apple Mobile Device Support
Apple Software Update
att.net Internet Mail
att.net Toolbar
AVG AntiVirus FREE
Bamboo
Bamboo Dock
Bamboo Dock
Bamboo Dock
Bink and Smacker
Browser Address Error Redirector
Canon Calibration Tool
Canon IJ Network Scanner Selector EX2
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MB2100 series MP Drivers
Canon MB2100 series On-screen Manual
Canon MB2100 series User Registration
Canon My Printer
Canon Quick Utility Toolbox
Canon Speed Dial Utility2
CDDRV_Installer
Creative Centrale
Creative Centrale
Creative Removable Disk Manager
Creative Software Update
Cricut ™ Driver v2.01
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell PC Fax
Dell Support Center
DirectXInstallService
EDocs
Elements+ for PSE 6 (demo)
erLT
FLV.com FLV Converter 7.6
Free FLV Converter V 6.7.4
Google Desktop
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IJ Network Device Setup Utility
Intel® Matrix Storage Manager
Intel® PRO Network Connections 12.1.12.4
Intel® PRO Network Connections 12.1.12.4
iTunes
Java 8 Update 151
Junk Mail filter update
KhalInstallWrapper
Logitech SetPoint
Logitech Updater
Lorex_Stratus_Client1
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.5.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Mozilla Firefox 52.6.0 ESR (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NVIDIA Graphics Driver 307.45
NVIDIA nView 136.53
OGA Notifier 2.0.0048.0
Origin
PreReq
PrintProjects
Product Documentation Launcher
QualXServ Service Agreement
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)
Security Update for Microsoft .NET Framework 4.5.2 (KB3099869)
Security Update for Microsoft .NET Framework 4.5.2 (KB3122656)
Security Update for Microsoft .NET Framework 4.5.2 (KB3127229)
Security Update for Microsoft .NET Framework 4.5.2 (KB3135996)
Security Update for Microsoft .NET Framework 4.5.2 (KB3135996v2)
Security Update for Microsoft .NET Framework 4.5.2 (KB3142033)
Security Update for Microsoft .NET Framework 4.5.2 (KB3163251)
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596904) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2956110) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2984938) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2984943) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2986253) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3213641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB4011656) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB4011715) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011605) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011607) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB4011602) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB3114456) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB3191829) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3213642) 32-Bit Edition
Security Update for Microsoft Office Visio Viewer 2007 (KB2596915) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB4011657) 32-Bit Edition
Segoe UI
Shared C Run-time for x86
Spelling Dictionaries Support For Adobe Reader 8
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4.5.2 (KB3189051)
Update for Microsoft .NET Framework 4.5.2 (KB3210139)
Update for Microsoft .NET Framework 4.5.2 (KB4014559)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB3213646) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB3213649) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports  (08/01/2016 1.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
XPS MiniView Gadget
Yahoo! Software Update

_______________________________________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:18:44 PM, on 2/19/2018
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16872)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
C:\Program Files\Canon\Quick Utility Toolbox\cnqtbapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Stacey\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutLauncher4.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AVG\Antivirus\AVGUI.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Users\Stacey\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutBridge4.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPEnc.exe
C:\Users\Stacey\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX2] C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe /FORCE
O4 - HKLM\..\Run: [CanonQuickToolbox] C:\Program Files\Canon\Quick Utility Toolbox\cnqtbapp.exe -NOUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cricut Design Space3] "C:\Users\Stacey\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutLauncher4.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4013254311-1621539489-3775279548-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-4013254311-1621539489-3775279548-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx1')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.keytrain.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\aswidsagent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13909 bytes
 



#5 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:57 AM

Posted 20 February 2018 - 03:33 AM

Multiple antiviruses

You have AVG and Microsoft Security Essentials, (MSE) antivirus programs installed.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

I would suggest you uninstall AVG but it is your choice.

  • click Start, Control Panel, Programs and Features
  • scroll down the list click on either AVG or Microsoft Security Client and then on Remove.

Run AVG removal tool

If you uninstalled AVG there will still be some remnants on your computer even after the uninstall so please download and run AVG Removal Tool from here.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 Staceysa

Staceysa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 21 February 2018 - 07:02 PM

After uninstalling AVG I had microsoft security essentials pop up saying my OP system is no longer being updated therefore I'm no longer protected. Is there another Anti Virus software you reccommend?

 

 

 

# AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 21 23:14:48 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows Vista ™ Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: YahooAUService


***** [ Folders ] *****

Deleted: C:\ProgramData\Yahoo! Companion
Deleted: C:\ProgramData\Application Data\Yahoo! Companion
Deleted: C:\Users\All Users\Yahoo! Companion
Deleted: C:\Users\Stacey\AppData\LocalLow\Yahoo! Companion
Deleted: C:\Program Files\AGI
Deleted: C:\Program Files\GreenTree Applications
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
Deleted: C:\Program Files\Free FLV Converter
Deleted: C:\Program Files\Yahoo!\Companion
Deleted: C:\Users\Stacey\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\Stacey\AppData\Roaming\Yahoo!\Companion
Deleted: C:\Program Files\Conduit
Deleted: C:\Program Files\Coupons


***** [ Files ] *****

Deleted: C:\Program Files\Yahoo!\Common\unyt.exe
Deleted: C:\Users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\7k5s5rts.default\searchplugins\web-search.xml
Deleted: C:\Users\Default\AppData\gacutil.exe
Deleted: C:\Users\Default\AppData\gacutil
Deleted: C:\Users\Default User\AppData\gacutil.exe
Deleted: C:\Users\Default User\AppData\gacutil


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: gacutil
Deleted: gacutil


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Deleted: [Key] - HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\YahooPartnerToolbar
Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free FLV Converter_is1
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free FLV Converter_is1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free FLV Converter_is1
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\AppDataLow\GVTL
Deleted: [Key] - HKCU\Software\AppDataLow\GVTL
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{DC97D932-ED6C-4AD3-A0D6-AA03C4C76A97}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
Deleted: [Key] - HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

SearchProvider deleted: websearch.shopathome.com - Web Search


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [14403 B] - [2018/2/21 23:13:59]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

______________________________________________________________________________________________

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.02.2018
Ran by Stacey (administrator) on STACEY-PC (21-02-2018 17:21:24)
Running from C:\Users\Stacey\Desktop
Loaded Profiles: Stacey (Available Profiles: Stacey & Mcx1)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(CANON INC.) C:\Program Files\Canon\Quick Utility Toolbox\cnqtbapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-31] (Google)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [BambooCore] => C:\Program Files\Bamboo Dock\BambooCore.exe [646744 2014-09-10] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
HKLM\...\Run: [CanonQuickToolbox] => C:\Program Files\Canon\Quick Utility Toolbox\cnqtbapp.exe [1929904 2016-05-10] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [2011-06-02] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\Run: [MsnMsgr] => C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\Run: [Cricut Design Space3] => C:\Users\Stacey\AppData\Roaming\CricutDesignSpace3\BRIDGE\CricutLauncher4.exe [437912 2017-12-11] (Provo Craft & Novelty, Inc.)
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {07afa60b-ed1e-11e3-b02a-001ec94a736b} - J:\TLBootstrap_WPP.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {3539e3d1-26c0-11e1-bcc2-001ec94a736b} - J:\PhotoViewer.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {584d63c1-4944-11de-b4ef-001ec94a736b} - L:\start.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {ef2c2d5c-c363-11df-9d6e-001e4ce6ff74} - L:\LaunchU3.exe -a
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-31] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2008-11-27]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0D6E46AB-0989-40F5-A6C8-8772D25FA07C}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080612
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.att.net
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080612
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://us.f837.mail.yahoo.com/dc/launch?.rand=6m9hkq0mpcpcj
hxxp://www.facebook.com/
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> DefaultScope {BF12A4ED-5743-4590-8EF8-052DB135E945} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B010US105D20140115&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=2D0q_wP2xyCLbSMdW4jg-teXJW8?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {AC854C16-CA1E-43f1-8513-0D2F36C726ED} URL = hxxp://www.offos.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=5wWlyXgC
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {BF12A4ED-5743-4590-8EF8-052DB135E945} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B010US105D20140115&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-01] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-01] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\7k5s5rts.default [2018-02-21]
FF user.js: detected! => C:\Users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\7k5s5rts.default\user.js [2012-02-08]
FF Extension: (CensureBlock) - C:\Users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\7k5s5rts.default\Extensions\censureblock@gmail.com.xpi [2016-05-13] [Legacy]
FF Extension: (Save Button for Pinterest) - C:\Users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\7k5s5rts.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2018-02-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-24] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-14] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-20] (RocketLife, LLP)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4013254311-1621539489-3775279548-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Stacey\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF Plugin HKU\S-1-5-21-4013254311-1621539489-3775279548-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-02-06] (Adobe Systems Incorporated) [File not signed]
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-12] (Macrovision Europe Ltd.) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-31] (Google)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe [13160 2011-06-02] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [387144 2016-02-04] ()
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1931632 2015-04-15] (Electronic Arts)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-12-14] (Sonic Solutions)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] <==== ATTENTION
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2008-05-13] (Avanquest Software) [File not signed]
S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-26] (Logitech Inc.)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; no ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-21 17:21 - 2018-02-21 17:22 - 000019453 _____ C:\Users\Stacey\Desktop\FRST.txt
2018-02-21 17:21 - 2018-02-21 17:21 - 000000000 ____D C:\FRST
2018-02-21 17:20 - 2018-02-21 17:20 - 001763328 _____ (Farbar) C:\Users\Stacey\Desktop\FRST.exe
2018-02-21 17:16 - 2018-02-21 17:16 - 000000000 ____D C:\Users\Stacey\AppData\Local\{18212E4F-E8EC-462B-99C0-96E62BF56423}
2018-02-21 17:12 - 2018-02-21 17:14 - 000000000 ____D C:\AdwCleaner
2018-02-21 17:02 - 2018-02-21 17:03 - 008222496 _____ (Malwarebytes) C:\Users\Stacey\Desktop\adwcleaner_7.0.8.0.exe
2018-02-21 17:01 - 2018-02-21 17:08 - 000000000 ____D C:\AVG_Remover
2018-02-21 16:55 - 2018-02-21 16:55 - 007986864 _____ ( ) C:\Users\Stacey\Downloads\AVG_Remover.exe
2018-02-19 22:17 - 2018-02-19 22:17 - 000010623 _____ C:\Users\Stacey\Documents\uninstall_list.txt
2018-02-19 22:15 - 2018-02-19 22:15 - 000000000 ____D C:\Users\Stacey\Desktop\backups
2018-02-15 21:04 - 2018-02-21 16:57 - 000000000 ____D C:\Users\Stacey\AppData\Local\AVG
2018-02-15 21:04 - 2018-02-15 21:04 - 000000000 ____D C:\Users\Stacey\AppData\Local\CEF
2018-02-15 21:03 - 2018-02-15 21:03 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-15 21:03 - 2018-02-15 21:03 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-02-15 20:59 - 2018-02-21 16:57 - 000000000 ____D C:\ProgramData\AVG
2018-02-15 20:59 - 2018-02-15 20:59 - 007306280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Stacey\Downloads\avg_antivirus_free_setup.exe
2018-02-15 20:53 - 2018-02-15 20:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\Stacey\Desktop\HijackThis.exe
2018-02-07 17:01 - 2018-02-15 17:04 - 000000000 ____D C:\Users\Stacey\AppData\Local\{F9BD0720-83DA-4D7D-B483-33F1C387AD9A}
2018-02-02 13:38 - 2018-02-02 13:38 - 000532054 _____ C:\Users\Stacey\Documents\unemployment.xps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-21 17:22 - 2006-11-02 05:18 - 000000000 ____D C:\Windows\inf
2018-02-21 17:22 - 2006-11-02 04:33 - 000759582 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-21 17:17 - 2016-12-01 11:00 - 000000000 ____D C:\Users\Stacey\AppData\LocalLow\Mozilla
2018-02-21 17:16 - 2009-07-10 07:33 - 000000000 ____D C:\Users\Stacey\Tracing
2018-02-21 17:15 - 2006-11-02 07:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-21 17:15 - 2006-11-02 06:47 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-21 17:15 - 2006-11-02 06:47 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-21 17:14 - 2012-02-08 15:27 - 000000000 ____D C:\Users\Stacey\AppData\Roaming\Yahoo!
2018-02-21 17:14 - 2012-02-08 15:27 - 000000000 ____D C:\Users\Stacey\AppData\LocalLow\Yahoo!
2018-02-21 17:14 - 2009-01-27 20:49 - 000000000 ____D C:\Program Files\Yahoo!
2018-02-21 17:14 - 2008-06-12 04:39 - 000001076 _____ C:\Windows\bthservsdp.dat
2018-02-21 17:14 - 2006-11-02 07:01 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-21 16:49 - 2012-12-20 10:56 - 000000320 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2018-02-15 20:56 - 2013-03-22 19:04 - 000000000 ____D C:\Program Files\Canon
2018-02-15 20:30 - 2013-03-22 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-02-15 20:29 - 2013-04-09 15:01 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-02-15 20:29 - 2013-03-22 19:23 - 000000000 ____D C:\Users\Stacey\AppData\Roaming\canon
2018-02-15 19:58 - 2008-06-12 09:07 - 000000000 ____D C:\Program Files\Bonjour
2018-02-15 19:56 - 2008-11-05 08:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2018-02-15 19:37 - 2013-03-22 19:04 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-02-07 03:21 - 2017-03-27 09:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-07 03:21 - 2012-04-26 12:08 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-02-07 03:20 - 2008-12-24 11:32 - 001879420 ____H C:\Users\Stacey\AppData\Local\IconCache.db.backup
2018-02-07 03:19 - 2017-04-21 20:33 - 000000000 ___HD C:\ProgramData\CanonIJQTB
2018-02-06 11:52 - 2012-05-10 07:40 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-02-06 11:52 - 2011-06-25 17:54 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-02-06 11:52 - 2008-06-12 08:46 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-02 13:50 - 2016-12-09 22:08 - 000000000 ____D C:\Users\Stacey\Documents\NEIL MINUTES AND OTHER FILES

==================== Files in the root of some directories =======

2009-03-13 16:55 - 2010-07-11 19:14 - 000000004 _____ () C:\Users\Stacey\AppData\Roaming\8E8AB2
2008-11-15 20:46 - 2008-11-15 20:46 - 000000005 _____ () C:\Users\Stacey\AppData\Roaming\closedListSW.awt
2009-03-13 16:55 - 2010-07-11 19:14 - 000870128 _____ () C:\Users\Stacey\AppData\Roaming\mcs.rma
2017-08-08 11:15 - 2017-08-08 11:15 - 000000000 _____ () C:\Users\Stacey\AppData\Roaming\RSDevID.fig
2017-08-08 11:15 - 2018-01-05 19:40 - 000000019 _____ () C:\Users\Stacey\AppData\Roaming\RSIdAndPort.fig
2017-08-08 11:15 - 2017-08-08 11:19 - 000000020 _____ () C:\Users\Stacey\AppData\Roaming\RSIpAndPort.fig
2011-02-18 21:04 - 2011-02-18 21:05 - 000000180 _____ () C:\Users\Stacey\AppData\Roaming\setup.log
2011-02-18 21:04 - 2011-02-18 21:04 - 000000760 _____ () C:\Users\Stacey\AppData\Roaming\setup_ldm.iss
2009-12-18 11:51 - 2010-09-12 18:04 - 000000680 _____ () C:\Users\Stacey\AppData\Local\d3d9caps.dat
2008-06-17 18:03 - 2017-09-05 19:42 - 000113152 _____ () C:\Users\Stacey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-18 14:11 - 2009-10-24 10:20 - 000008248 _____ () C:\Users\Stacey\AppData\Local\en.ini
2011-06-13 11:37 - 2011-06-13 11:37 - 000000230 _____ () C:\Users\Stacey\AppData\Local\LaunchHomeCenter.log
2009-01-23 18:50 - 2009-01-23 18:55 - 000002108 _____ () C:\Users\Stacey\AppData\Local\rx_audio.Cache
2009-01-23 18:44 - 2011-05-11 07:31 - 000299308 _____ () C:\Users\Stacey\AppData\Local\rx_image32.Cache

Some files in TEMP:
====================
2014-11-06 15:23 - 2009-07-08 00:17 - 000359488 _____ (Electronic Arts Inc.) C:\Users\Stacey\AppData\Local\Temp\eauninstall.exe
2016-08-03 21:38 - 2016-08-03 21:38 - 000741440 _____ (Oracle Corporation) C:\Users\Stacey\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-01-25 12:12 - 2017-01-25 12:12 - 000739904 _____ (Oracle Corporation) C:\Users\Stacey\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-07-28 00:44 - 2017-07-28 00:44 - 000740416 _____ (Oracle Corporation) C:\Users\Stacey\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-12-01 12:20 - 2017-12-01 12:20 - 001856576 _____ (Oracle Corporation) C:\Users\Stacey\AppData\Local\Temp\jre-8u151-windows-au.exe
2016-05-30 20:58 - 2016-05-30 20:58 - 000739904 _____ (Oracle Corporation) C:\Users\Stacey\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-11-06 15:25 - 2009-07-07 23:55 - 000189712 _____ (Electronic Arts) C:\Users\Stacey\AppData\Local\Temp\The Sims 2 Double Deluxe_uninst.exe
2013-03-22 19:10 - 2012-03-27 07:59 - 000354424 ____R (CANON INC.) C:\Users\Stacey\AppData\Local\Temp\uninstall.exe
2009-04-29 11:51 - 2009-04-29 11:51 - 000195056 _____ (Electronic Arts, Inc.) C:\Users\Stacey\AppData\Local\Temp\UninstallEADM.dll
2010-09-12 17:22 - 2009-07-08 00:17 - 000026176 ____R () C:\Users\Stacey\AppData\Local\Temp\VP6Install.exe
2010-09-12 17:22 - 2009-07-08 00:17 - 000445504 ____R (On2.com) C:\Users\Stacey\AppData\Local\Temp\VP6VFW.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-21 17:23

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.02.2018
Ran by Stacey (21-02-2018 17:23:10)
Running from C:\Users\Stacey\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-06-12 10:39:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4013254311-1621539489-3775279548-500 - Administrator - Disabled)
Guest (S-1-5-21-4013254311-1621539489-3775279548-501 - Limited - Disabled)
Mcx1 (S-1-5-21-4013254311-1621539489-3775279548-1002 - Administrator - Enabled) => C:\Users\Mcx1.Stacey-PC
Stacey (S-1-5-21-4013254311-1621539489-3775279548-1000 - Administrator - Enabled) => C:\Users\Stacey

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

926plv32 (HKLM\...\{0FA7B858-E0E1-400B-B5C0-1285F7D6FE5E}) (Version: 1.0.0 - Dell)
Acrobat.com (HKLM\...\{6421F085-1FAA-DE13-D02A-CFB412C522A4}) (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Elements Studio Launcher (HKLM\...\{C127414C-A625-4E0A-8AC1-F970F9E566A3}) (Version: 1.00.0000 - Dell Inc.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Premiere Elements 4.0 (HKLM\...\PremElem40) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 4.0 Templates (HKLM\...\PremElem40Templates) (Version: 4.0.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Adobe Soundbooth CS3 (HKLM\...\Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2) (Version: 1 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bamboo Dock (HKLM\...\{BEBD8B5B-2EC8-6489-1585-47B78EA6832A}) (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.)
Bamboo Dock (HKLM\...\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1) (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bink and Smacker (HKLM\...\Bink and Smacker) (Version:  - )
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon Calibration Tool (HKLM\...\CanonCalibrationTool) (Version: 1.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.2.0.18 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 5.2.0 - Canon Inc.)
Canon MB2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MB2100_series) (Version: 1.00 - Canon Inc.)
Canon MB2100 series On-screen Manual (HKLM\...\Canon MB2100 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MB2100 series User Registration (HKLM\...\Canon MB2100 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Utility Toolbox (HKLM\...\Quick Toolbox) (Version: 2.1.2 - Canon Inc.)
Canon Speed Dial Utility2 (HKLM\...\Speed Dial Utility2) (Version: 2.0.1 - Canon Inc.)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.60 - Logitech) Hidden
Creative Centrale (HKLM\...\{4442AB48-DEC4-4B39-B067-1F75BF8017E7}) (Version: 1.02.04 - Creative Technology Ltd.) Hidden
Creative Centrale (HKLM\...\Creative Centrale) (Version:  - Creative Technology Ltd.)
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative Software Update (HKLM\...\{86604C06-DA30-425E-AECE-47304FE81C45}) (Version: 1.00.14 - Creative Technology Ltd.) Hidden
Cricut ™ Driver v2.01 (HKLM\...\Cricut ™ Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
Cricut Design Space Client (HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\Cricut Design Space Client) (Version: 5.6.1.2 - Provo Craft)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell PC Fax (HKLM\...\Dell PC Fax) (Version:  - )
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.55 - PC-Doctor, Inc.)
DirectXInstallService (HKLM\...\{098122AB-C605-4853-B441-C0A4EB359B75}) (Version: 9.0.2 - Roxio) Hidden
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Elements+ for PSE 6 (demo) (HKLM\...\Elements+ for PSE 6 Demo_is1) (Version:  - Andrei Doubrovski)
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 0.72.105 - Logitech, Inc.) Hidden
Facebook Plug-In (HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
FLV.com FLV Converter 7.6 (HKLM\...\{1a413f37-ed88-4fec-9666-997AF4905D9C}) (Version: 7.6 - GreenTree Applications SRL)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
IJ Network Device Setup Utility (HKLM\...\IJ Network Device Setup Utility) (Version: 1.3.0 - Canon Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PRO Network Connections 12.1.12.4 (HKLM\...\PROSetDX) (Version:  - Dell)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 151 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (HKLM\...\{3101CB58-3482-4D21-AF1A-7057FC935355}) (Version: 4.60.122 - Logitech) Hidden
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Lorex_Stratus_Client1 (HKLM\...\{4332B198-445E-4D5C-80D3-D2ABE451EC68}) (Version: 1.1.1186.0 - Lorex)
Mesh Runtime (HKLM\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 52.6.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.6.0 ESR (x86 en-US)) (Version: 52.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.6.0.6592 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NVIDIA Graphics Driver 307.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.45 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PreReq (HKLM\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.10712 - RocketLife Inc.)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QualXServ Service Agreement (HKLM\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Roxio Creator Premier (HKLM\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - )
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Segoe UI (HKLM\...\{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}) (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shared C Run-time for x86 (HKLM\...\{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}) (Version: 10.0.0 - McAfee) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports  (08/01/2016 1.3.0.0) (HKLM\...\17736CDD02DF8CFDD0CC1097668A82C013C969F3) (Version: 08/01/2016 1.3.0.0 - Provo Craft & Novelty, Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
XPS MiniView Gadget (HKLM\...\{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}) (Version: 1.00.0000 - CompanionLink Software, Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000_Classes\CLSID\{0BC5FC00-D4DC-AF4C-177D-3B4199FD832A}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000_Classes\CLSID\{30FC0244-182A-C342-3963-FC7AFFE0672D}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Stacey\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Stacey\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000_Classes\CLSID\{FD8C4664-A2D4-97EC-185D-875E454333FE}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [Yahoo! Mail] -> {5464D816-CF16-4784-B9F3-75C0DB52B499} => C:\Program Files\Yahoo!\Common\Ymmapi.dll [2007-06-28] (Yahoo! Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2012-11-06] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-11-06] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F2E1F5-EA4F-4346-B611-2CABAA2706A5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-09-05] (PC-Doctor, Inc.)
Task: {21206204-94BF-4B71-83F8-D655ECF82F6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {54A277EF-1EC5-493E-9AEB-183CBCA9D278} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A5E0C807-B06A-4473-ADA0-A730285A14F7} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2012-12-20] ()
Task: {B218269C-73E9-4CFE-83ED-206CF3C46602} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-09-05] (PC-Doctor, Inc.)
Task: {CB707B12-7A40-4976-87C9-F465F105A15E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D1262351-A2D9-4C8B-A124-E4AF74FD56A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2008-06-17 10:47 - 2006-10-06 09:06 - 000045056 _____ () C:\Windows\System32\DLPRMON.DLL
2008-06-17 10:46 - 2006-10-06 09:24 - 000016384 _____ () C:\Program Files\Dell PC Fax\DlCtrStr.dll
2008-06-17 10:46 - 2006-10-06 09:04 - 000032768 _____ () C:\Program Files\Dell PC Fax\ipcmt.dll
2012-04-23 20:27 - 2011-09-08 16:48 - 000962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2007-09-10 22:45 - 2007-09-10 22:45 - 000124832 _____ () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 000073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 001044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-22 19:23 - 2016-02-04 10:53 - 000387144 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2011-09-26 21:45 - 2014-09-10 19:29 - 000646744 _____ () C:\Program Files\Bamboo Dock\BambooCore.exe
2007-08-23 13:58 - 2007-08-23 13:58 - 002070000 _____ () C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7621 more sites.

IE trusted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\keytrain.com -> hxxp://keytrain.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\123simsen.com -> www.123simsen.com

There are 7621 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2011-04-27 19:22 - 000000819 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stacey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk => C:\Windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: EADM => "C:\Program Files\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Dell PC Fax\fm3032.exe" /s
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{5942AB75-4C03-42B9-84FA-D35865C9603B}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{89F011E6-BFD2-4827-9CF0-48F7ABCEEB18}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{86E4E6AB-1CA5-48B1-AAF4-461C67610604}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{FED9C803-DCA5-4CAA-BE85-B64E5489C36A}] => (Allow) C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{EB4AF1D2-DFAC-48E1-BD00-E6BAB333EE04}] => (Allow) C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{38679C9D-3E0D-4A3C-B4E4-5FB9A255396D}] => (Allow) C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{439FBA57-C846-4D62-A1E2-8F8C4C06081F}] => (Allow) C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{3E9F0962-FC05-4792-8289-2913AC420173}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{59BA97A7-0BB9-4565-9423-33EAC3C6C2C7}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{6F1D190C-3CCC-40CE-83CC-4EB120928CF2}] => (Allow) LPort=135
FirewallRules: [{BE9072BC-3215-449C-98F0-ACB139082CFE}] => (Allow) LPort=5000
FirewallRules: [{E2FA8104-2A99-4147-936B-C7F3549186EF}] => (Allow) LPort=5001
FirewallRules: [{7C9066D5-0BA0-4DFD-B11B-8484B6EB9F76}] => (Allow) LPort=5002
FirewallRules: [{B78A732B-AE89-4434-8FC0-6E9AB90528A6}] => (Allow) LPort=5003
FirewallRules: [{3CECD5BB-9FEF-4760-BE53-54C8CA8D9FE3}] => (Allow) LPort=5004
FirewallRules: [{A5750102-652A-4912-85D1-D5A7C38A33E6}] => (Allow) LPort=5005
FirewallRules: [{1FC88086-FA89-47C1-8115-925AC87CA5E8}] => (Allow) LPort=5006
FirewallRules: [{9E4B4C13-85DD-48AE-8124-A3E2E930C2C4}] => (Allow) LPort=5007
FirewallRules: [{8A2672E9-2C0B-4C4E-A412-7423412BC3F9}] => (Allow) LPort=5008
FirewallRules: [{E64D42E9-B457-48B5-AA46-46D6DEFCB904}] => (Allow) LPort=5009
FirewallRules: [{52AB8A41-8CBF-4895-A583-C40A732931CC}] => (Allow) LPort=5010
FirewallRules: [{74F415A3-499D-48ED-BB74-679638F2734F}] => (Allow) LPort=5011
FirewallRules: [{C49B01AF-5543-4D78-96D6-407D298E1AB5}] => (Allow) LPort=5012
FirewallRules: [{32B59825-EA57-4B42-AA73-0A7F8E966390}] => (Allow) LPort=5013
FirewallRules: [{92B82400-B5C4-4765-BD39-D4F23A468EBE}] => (Allow) LPort=5014
FirewallRules: [{592471C1-E6BD-4D88-8E2F-EC0954D5FCE5}] => (Allow) LPort=5015
FirewallRules: [{2BBEA201-B7D9-43E0-A33A-511008E143BF}] => (Allow) LPort=5016
FirewallRules: [{0C8489AE-8626-415D-B83F-F04FFA34D8EC}] => (Allow) LPort=5017
FirewallRules: [{B1BAA9F2-4B7E-436D-B158-797E43FD7D39}] => (Allow) LPort=5018
FirewallRules: [{E51A91B1-A7CB-4EB0-9050-1B9127E794B7}] => (Allow) LPort=5019
FirewallRules: [{240AD9AD-7E85-4588-A6A9-639DA767D2C1}] => (Allow) LPort=5020
FirewallRules: [{75D737E0-70F5-4FBB-A7C4-A668F8B18212}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C25E1D5A-ECC5-493E-B8CE-5EDFE849CE90}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{DF469E48-8486-4490-8BB9-09419BE619FB}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{EA42CCB2-C88B-4988-BAFF-D65B3DC69776}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{81F62A74-7C57-4606-A10E-C010506BB28E}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0CE15DA0-4817-4E1A-BD27-6954651987C4}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{6A0C132D-0152-4AB6-A078-F466F6B601CA}C:\program files\v cast music with rhapsody\rhapsody.exe] => (Allow) C:\program files\v cast music with rhapsody\rhapsody.exe
FirewallRules: [UDP Query User{E230505C-7E95-45E3-AEBB-D7E4666ADB51}C:\program files\v cast music with rhapsody\rhapsody.exe] => (Allow) C:\program files\v cast music with rhapsody\rhapsody.exe
FirewallRules: [{4B163A9C-5050-4348-846B-B8DDBFB8C5A8}] => (Allow) LPort=3074
FirewallRules: [TCP Query User{E8A88BC1-9777-47BC-AAFD-80357BD9D3D1}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [UDP Query User{3A8A1599-A362-4A35-B5F2-253242260A8A}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [{DB2D1423-0E3C-4806-9459-989340F4CF21}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7F69BA70-3A0B-45CF-9B8F-921F52C29A33}] => (Allow) svchost.exe
FirewallRules: [{E1F442E8-8880-4BEA-8E77-7330B92E78B2}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{256CFA9C-B2FD-4CD5-8780-19904DFD8D3C}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{522230D5-1A11-485D-983C-3F21D6361840}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{4FAB0C89-9F6A-480E-B7C2-69AD6746AF65}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{873B7070-0BEE-45F4-8083-B511B2F1A9C1}] => (Allow) C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [TCP Query User{1ED7C8DB-4440-413C-8978-E1ABCECD0578}C:\users\stacey\appdata\local\temp\b2dad84ea3e3416d8139b72e10916be9\relicdownloader.exe] => (Allow) C:\users\stacey\appdata\local\temp\b2dad84ea3e3416d8139b72e10916be9\relicdownloader.exe
FirewallRules: [UDP Query User{95820B7B-BAAA-47D7-9528-4C39EBC00132}C:\users\stacey\appdata\local\temp\b2dad84ea3e3416d8139b72e10916be9\relicdownloader.exe] => (Allow) C:\users\stacey\appdata\local\temp\b2dad84ea3e3416d8139b72e10916be9\relicdownloader.exe
FirewallRules: [{78AD7F26-6882-4502-8066-7BA729A07734}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{71248452-E76E-4AB0-884E-296C355B3A6C}] => (Allow) LPort=80
FirewallRules: [{69135BF2-D41B-441A-BC2B-879568778360}] => (Allow) LPort=80
FirewallRules: [{05E21527-FD88-40A6-8043-CB8BDCCEEE12}] => (Allow) LPort=80
FirewallRules: [{53C0AC75-9AB2-417A-8615-CDE345F6CCF4}] => (Allow) LPort=135
FirewallRules: [{3A9328F8-D4B7-40B1-AF59-2528D2144473}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B70D4A00-4A27-4F03-ABB9-0255748D054E}] => (Allow) LPort=2869
FirewallRules: [{4E67E11B-C684-4314-A76C-29606480BB9C}] => (Allow) LPort=1900
FirewallRules: [{26ACE3DA-D8AE-48E6-A27A-238D5AB15718}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{90F42DFB-C0ED-4B8E-9645-D6B2091AC4BB}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlcxpswx.exe
FirewallRules: [{D9260CAB-6E6C-4B5D-895E-58E7E6AD6C56}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlcxpswx.exe
FirewallRules: [{403DA63C-4167-4EE4-991C-C8AFA1F4E774}] => (Allow) C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{EC697F95-4B8D-4986-A13B-755BBF54734A}] => (Allow) C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{3C894C13-7AA3-45EB-B4D3-BC21391B1910}] => (Allow) C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{C9E6F96F-1021-4CB5-BAB8-288AE5048497}] => (Allow) C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{5A12249C-B9B1-4B26-A99B-E7F0A353AB35}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{2C8A4818-3447-4FA3-BCD6-2724AF09B0F4}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{9ECAA3DE-2077-4C38-A11B-72A66037EB4D}] => (Allow) LPort=5353
FirewallRules: [{1B2DC785-3222-409E-96FD-A2933FFF92D6}] => (Allow) LPort=9322
FirewallRules: [{BA2450D1-0AAA-46F9-B27D-F0E0EEA173E3}] => (Allow) LPort=5353
FirewallRules: [{2559A502-6C64-42B1-B060-7399154C9743}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{EB0FBF38-727B-4ADC-9E51-3961D7796067}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{6DD4EA55-F0A7-4448-BD30-9B059C1F29AD}] => (Allow) LPort=26675
FirewallRules: [{CF4400E7-9B9A-444C-866B-E1915E6AF530}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D844C3A2-7166-4267-B068-0143252FA324}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{222873A1-B495-4CB8-9E48-0168770CA9EC}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{AFBB4972-1CDE-4C39-89D5-BC8DA88A818A}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{05B0B505-F839-47EB-8338-A4A0B4842EB0}] => (Allow) LPort=26675
FirewallRules: [{24FA2F09-9F54-441B-81BB-763E2EFF03CA}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{765A1A45-4B86-4C1B-A637-60305A3A8421}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4FD92ED1-EC1F-4A31-A100-21357EED4AF4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C3C060D2-9961-430C-B09F-52559C4BAF39}] => (Allow) C:\Program Files\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{0EFAFD7D-C95C-4E7A-8829-D4B2E0E4A292}] => (Allow) C:\Program Files\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E1071810-3BAD-4EA9-8B51-A25C22B9A71D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{8CB9C7B3-8C45-452C-9DE6-563A92ACBC8D}C:\users\stacey\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\stacey\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [UDP Query User{FEDFD741-1609-4100-AE3F-DF8BF3DA3C38}C:\users\stacey\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\stacey\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [TCP Query User{E5BEB1BF-EB16-471F-AD7F-5EBE65BF947D}C:\program files\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files\cricut-craft room\ccrbridge.exe
FirewallRules: [UDP Query User{0C79750B-270C-4D03-A7A5-920FDDEB97AB}C:\program files\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files\cricut-craft room\ccrbridge.exe
FirewallRules: [TCP Query User{D3B4E643-1BA2-49F3-AB46-F40D02515BD8}C:\users\stacey\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\stacey\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [UDP Query User{72997377-2BCA-472A-88FC-B558BC9A3B7C}C:\users\stacey\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\stacey\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [{EE605D29-B57E-45B0-9727-33E21523A05D}] => (Allow) C:\Program Files\Canon\Quick Utility Toolbox\cnqtbapp.exe
FirewallRules: [{A59FF452-C9DA-410B-8CFB-9E4EE850B3ED}] => (Allow) C:\Program Files\Canon\IJ Network Device Setup Utility\cnwiddsu.exe
FirewallRules: [TCP Query User{171C2E55-97AD-46B4-B48A-B72363C50BE7}C:\program files\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [UDP Query User{1C29163A-09E5-4E57-ADD2-DE767FAC8DA9}C:\program files\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [TCP Query User{07BD8E0C-38E0-459B-9D40-FE28E70D024C}C:\users\stacey\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\stacey\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe
FirewallRules: [UDP Query User{50C86294-ACE1-45DB-BDC3-1C89C523B36B}C:\users\stacey\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\stacey\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe
FirewallRules: [TCP Query User{899704DC-8BDF-418E-A156-1CC234DE70BF}C:\users\stacey\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Allow) C:\users\stacey\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe
FirewallRules: [UDP Query User{DDED95AE-71EF-4E62-9A10-7571D269CE59}C:\users\stacey\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Allow) C:\users\stacey\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe

==================== Restore Points =========================

08-01-2018 07:10:18 Windows Update
09-01-2018 00:00:00 Scheduled Checkpoint
10-01-2018 00:00:16 Scheduled Checkpoint
11-01-2018 00:00:01 Scheduled Checkpoint
12-01-2018 00:00:03 Scheduled Checkpoint
07-02-2018 03:00:38 Windows Update
08-02-2018 00:00:07 Scheduled Checkpoint
09-02-2018 00:00:01 Scheduled Checkpoint
10-02-2018 00:00:04 Scheduled Checkpoint
11-02-2018 00:00:02 Scheduled Checkpoint
13-02-2018 02:41:07 Windows Update
14-02-2018 03:00:27 Windows Update
15-02-2018 00:00:04 Scheduled Checkpoint
15-02-2018 19:58:15 Removed Bonjour
17-02-2018 00:00:45 Scheduled Checkpoint
18-02-2018 00:00:03 Scheduled Checkpoint
19-02-2018 00:34:28 Scheduled Checkpoint
20-02-2018 00:00:04 Scheduled Checkpoint
21-02-2018 00:00:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2018 05:16:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2018 05:09:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2018 04:58:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2018 12:01:35 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (02/20/2018 12:01:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/20/2018 12:01:34 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (02/19/2018 12:00:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/19/2018 12:00:34 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.


System errors:
=============
Error: (02/21/2018 05:20:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/21/2018 05:16:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/21/2018 05:16:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/21/2018 05:16:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/21/2018 05:16:15 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'DELL USB   HS-SD Card USB Device' (USBSTOR\Disk&Ven_DELL&Prod_USB___HS-SD_Card&Rev_7.08\000003004488&3) disappeared from the system without first being prepared for removal.

Error: (02/21/2018 05:16:15 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'DELL USB   HS-MS Card USB Device' (USBSTOR\Disk&Ven_DELL&Prod_USB___HS-MS_Card&Rev_7.08\000003004488&2) disappeared from the system without first being prepared for removal.

Error: (02/21/2018 05:16:15 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'DELL USB   HS-xD/SM USB Device' (USBSTOR\Disk&Ven_DELL&Prod_USB___HS-xD/SM&Rev_7.08\000003004488&1) disappeared from the system without first being prepared for removal.

Error: (02/21/2018 05:16:15 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'DELL USB   HS-CF Card USB Device' (USBSTOR\Disk&Ven_DELL&Prod_USB___HS-CF_Card&Rev_7.08\000003004488&0) disappeared from the system without first being prepared for removal.


CodeIntegrity:
===================================

Date: 2017-09-05 20:45:01.055
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-05 20:45:00.578
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-05 20:45:00.068
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-05 20:44:59.577
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-05 20:44:38.460
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-05 20:44:37.988
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-05 20:44:37.411
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-05 20:44:36.936
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 3325.03 MB
Available physical RAM: 1726.92 MB
Total Virtual: 6843.05 MB
Available Virtual: 5419.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:273.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.54 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 48000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:57 AM

Posted 22 February 2018 - 10:42 AM

Disable Windows Defender

Please disable Windows Defender for now. Apart from the fact that that old version of Windows Defender was useless, it should have been disabled by Windows Security essentials.

  • open Windows Defender
  • click on Tools, General Settings
  • scroll down and uncheck Turn on real-time protection (recommended)
  • after you uncheck this, click on the Save button and close Windows Defender.

===================================================

Enable Microsoft Security Essentials

  • open Microsoft Security Essentials
  • don’t bother clicking on ‘Turn On’ as that sometimes doesn’t work
  • click on Settings and under the ‘Settings’ tab, put a checkmark in the box to the left of ‘Turn on real time protection
  • click on Save changes then close the window.

If it is still disabled then I think the easiest thing to do is to uninstall MSE and download a new version but we’ll leave that for the time being.

===================================================

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):
Start::
CloseProcesses:
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {07afa60b-ed1e-11e3-b02a-001ec94a736b} - J:\TLBootstrap_WPP.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {3539e3d1-26c0-11e1-bcc2-001ec94a736b} - J:\PhotoViewer.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {584d63c1-4944-11de-b4ef-001ec94a736b} - L:\start.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {ef2c2d5c-c363-11df-9d6e-001e4ce6ff74} - L:\LaunchU3.exe -a
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> DefaultScope {BF12A4ED-5743-4590-8EF8-052DB135E945} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B010US105D20140115&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=2D0q_wP2xyCLbSMdW4jg-teXJW8?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {AC854C16-CA1E-43f1-8513-0D2F36C726ED} URL = hxxp://www.offos.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=5wWlyXgC
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {BF12A4ED-5743-4590-8EF8-052DB135E945} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B010US105D20140115&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
Toolbar: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] <==== ATTENTION
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; no ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2018-02-21 17:16 - 2018-02-21 17:16 - 000000000 ____D C:\Users\Stacey\AppData\Local\{18212E4F-E8EC-462B-99C0-96E62BF56423}
2018-02-15 21:04 - 2018-02-21 16:57 - 000000000 ____D C:\Users\Stacey\AppData\Local\AVG
2018-02-15 21:04 - 2018-02-15 21:04 - 000000000 ____D C:\Users\Stacey\AppData\Local\CEF
2018-02-15 21:03 - 2018-02-15 21:03 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-02-15 20:59 - 2018-02-21 16:57 - 000000000 ____D C:\ProgramData\AVG
2018-02-15 20:59 - 2018-02-15 20:59 - 007306280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Stacey\Downloads\avg_antivirus_free_setup.exe
2018-02-07 17:01 - 2018-02-15 17:04 - 000000000 ____D C:\Users\Stacey\AppData\Local\{F9BD0720-83DA-4D7D-B483-33F1C387AD9A}
2018-02-21 17:14 - 2012-02-08 15:27 - 000000000 ____D C:\Users\Stacey\AppData\Roaming\Yahoo!
2018-02-21 17:14 - 2012-02-08 15:27 - 000000000 ____D C:\Users\Stacey\AppData\LocalLow\Yahoo!
2018-02-21 17:14 - 2009-01-27 20:49 - 000000000 ____D C:\Program Files\Yahoo!
2018-02-21 17:14 - 2008-06-12 04:39 - 000001076 _____ C:\Windows\bthservsdp.dat
C:\Users\Stacey\AppData\Local\Temp\eauninstall.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u121-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u144-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u151-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\The Sims 2 Double Deluxe_uninst.exe
C:\Users\Stacey\AppData\Local\Temp\uninstall.exe
C:\Users\Stacey\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Stacey\AppData\Local\Temp\VP6Install.exe
C:\Users\Stacey\AppData\Local\Temp\VP6VFW.dll
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll -> No File
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Security Analysis

Download Security Analysis by Rocket Grannie from here

  • save it to your Desktop
  • close your security software to avoid potential conflicts
  • double-click RGSA.exe
  • click OK on the copyright-disclaimer
  • when finished, a Notepad window will open with the results of the scan
  • the log named SALog.txt can also be found on the Desktop or, in the same folder from where the tool is run if installed elsewhere
  • please copy and paste the contents of that log in the next post.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

Logs to include with next post:

Fixlog.txt
SALog.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 Staceysa

Staceysa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 24 February 2018 - 07:50 PM

I'm stuck on the farbar instructions I do exactly what it says but after about 30 seconds the program stops responding
to verify, I open as admin. copy your text in the box by highlighting and ctl c then I click on fix once.
 



#9 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:57 AM

Posted 25 February 2018 - 03:36 AM

You have it correct. Maybe it hadn't finished updating. When FRST opens, at the top left you will notice that it is searching for updates: please wait until you see that it informs you that FRST is ready to use.

When it has finished updating, highlight everything making sure that you have included Start:: and End::. The 'fix' may take a few minutes so please be patient.

 

If for some reason it doesn't work, please tell me what happens exactly.

 

Thanks

 

Satchfan


Edited by satchfan, 25 February 2018 - 03:37 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 Staceysa

Staceysa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 26 February 2018 - 07:54 PM

ok so now I get a box that says Failed to update (3)



#11 Staceysa

Staceysa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 26 February 2018 - 08:07 PM

I went ahead and followed the instructions again and waited awhile when it said (not responding) it ended up picking up again and going so I posted everything you asked for below. Also MSE isn't working. All I can do is click on a link that says end-of-support guidance for operating systems and it brings me to a microsoft page that tells me to update to windows 10.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 21.02.2018
Ran by Stacey (26-02-2018 18:54:28) Run:3
Running from C:\Users\Stacey\Desktop
Loaded Profiles: Stacey (Available Profiles: Stacey & Mcx1)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {07afa60b-ed1e-11e3-b02a-001ec94a736b} - J:\TLBootstrap_WPP.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {3539e3d1-26c0-11e1-bcc2-001ec94a736b} - J:\PhotoViewer.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {584d63c1-4944-11de-b4ef-001ec94a736b} - L:\start.exe
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\...\MountPoints2: {ef2c2d5c-c363-11df-9d6e-001e4ce6ff74} - L:\LaunchU3.exe -a
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> DefaultScope {BF12A4ED-5743-4590-8EF8-052DB135E945} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B010US105D20140115&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=2D0q_wP2xyCLbSMdW4jg-teXJW8?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {AC854C16-CA1E-43f1-8513-0D2F36C726ED} URL = hxxp://www.offos.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=5wWlyXgC
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {BF12A4ED-5743-4590-8EF8-052DB135E945} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B010US105D20140115&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
Toolbar: HKU\S-1-5-21-4013254311-1621539489-3775279548-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] <==== ATTENTION
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; no ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2018-02-21 17:16 - 2018-02-21 17:16 - 000000000 ____D C:\Users\Stacey\AppData\Local\{18212E4F-E8EC-462B-99C0-96E62BF56423}
2018-02-15 21:04 - 2018-02-21 16:57 - 000000000 ____D C:\Users\Stacey\AppData\Local\AVG
2018-02-15 21:04 - 2018-02-15 21:04 - 000000000 ____D C:\Users\Stacey\AppData\Local\CEF
2018-02-15 21:03 - 2018-02-15 21:03 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-02-15 20:59 - 2018-02-21 16:57 - 000000000 ____D C:\ProgramData\AVG
2018-02-15 20:59 - 2018-02-15 20:59 - 007306280 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Stacey\Downloads\avg_antivirus_free_setup.exe
2018-02-07 17:01 - 2018-02-15 17:04 - 000000000 ____D C:\Users\Stacey\AppData\Local\{F9BD0720-83DA-4D7D-B483-33F1C387AD9A}
2018-02-21 17:14 - 2012-02-08 15:27 - 000000000 ____D C:\Users\Stacey\AppData\Roaming\Yahoo!
2018-02-21 17:14 - 2012-02-08 15:27 - 000000000 ____D C:\Users\Stacey\AppData\LocalLow\Yahoo!
2018-02-21 17:14 - 2009-01-27 20:49 - 000000000 ____D C:\Program Files\Yahoo!
2018-02-21 17:14 - 2008-06-12 04:39 - 000001076 _____ C:\Windows\bthservsdp.dat
C:\Users\Stacey\AppData\Local\Temp\eauninstall.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u121-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u144-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u151-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Stacey\AppData\Local\Temp\The Sims 2 Double Deluxe_uninst.exe
C:\Users\Stacey\AppData\Local\Temp\uninstall.exe
C:\Users\Stacey\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Stacey\AppData\Local\Temp\VP6Install.exe
C:\Users\Stacey\AppData\Local\Temp\VP6VFW.dll
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll -> No File
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07afa60b-ed1e-11e3-b02a-001ec94a736b} => not found
HKLM\Software\Classes\CLSID\{07afa60b-ed1e-11e3-b02a-001ec94a736b} => not found
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3539e3d1-26c0-11e1-bcc2-001ec94a736b} => not found
HKLM\Software\Classes\CLSID\{3539e3d1-26c0-11e1-bcc2-001ec94a736b} => not found
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{584d63c1-4944-11de-b4ef-001ec94a736b} => not found
HKLM\Software\Classes\CLSID\{584d63c1-4944-11de-b4ef-001ec94a736b} => not found
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef2c2d5c-c363-11df-9d6e-001e4ce6ff74} => not found
HKLM\Software\Classes\CLSID\{ef2c2d5c-c363-11df-9d6e-001e4ce6ff74} => not found
"HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => not found
HKLM\Software\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => not found
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED} => not found
HKLM\Software\Classes\CLSID\{AC854C16-CA1E-43f1-8513-0D2F36C726ED} => not found
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF12A4ED-5743-4590-8EF8-052DB135E945} => not found
HKLM\Software\Classes\CLSID\{BF12A4ED-5743-4590-8EF8-052DB135E945} => not found
HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => not found
HKLM\Software\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => not found
"HKU\S-1-5-21-4013254311-1621539489-3775279548-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => not found
HKLM\Software\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} => not found
HKLM\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} => not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => not found
HKLM\Software\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => not found
"C:\Program Files\mozilla firefox\defaults\pref\itms.js" => not found
SessionLauncher => service not found.
sprtsvc_dellsupportcenter => service not found.
IpInIp => service not found.
MCSTRM => service not found.
MREMPR5 => service not found.
MRENDIS5 => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
"C:\Users\Stacey\AppData\Local\{18212E4F-E8EC-462B-99C0-96E62BF56423}" => not found
"C:\Users\Stacey\AppData\Local\AVG" => not found
"C:\Users\Stacey\AppData\Local\CEF" => not found
"C:\Program Files\Common Files\AVG" => not found
"C:\ProgramData\AVG" => not found
"C:\Users\Stacey\Downloads\avg_antivirus_free_setup.exe" => not found
"C:\Users\Stacey\AppData\Local\{F9BD0720-83DA-4D7D-B483-33F1C387AD9A}" => not found
"C:\Users\Stacey\AppData\Roaming\Yahoo!" => not found
C:\Users\Stacey\AppData\LocalLow\Yahoo! => moved successfully
C:\Program Files\Yahoo! => moved successfully
C:\Windows\bthservsdp.dat => moved successfully
C:\Users\Stacey\AppData\Local\Temp\eauninstall.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\jre-8u144-windows-au.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\jre-8u151-windows-au.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\The Sims 2 Double Deluxe_uninst.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\uninstall.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\UninstallEADM.dll => moved successfully
C:\Users\Stacey\AppData\Local\Temp\VP6Install.exe => moved successfully
C:\Users\Stacey\AppData\Local\Temp\VP6VFW.dll => moved successfully
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully.
"HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" => removed successfully.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE" => removed successfully.
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully.
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => not found

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 786316313 B
Java, Flash, Steam htmlcache => 2221 B
Windows/system/drivers => 741468054 B
Edge => 0 B
Chrome => 0 B
Firefox => 436989208 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 151109 B
Public => 0 B
ProgramData => 0 B
systemprofile => 27469606 B
LocalService => 132638 B
NetworkService => 37341982 B
Stacey => 6159264497 B
Mcx1 => 66228 B
Mcx1.Stacey-PC => 1485102 B

RecycleBin => 63573139 B
EmptyTemp: => 7.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:56:47 ====

 

 

 

 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 16th February, 2018
Running from:C:\Users\Stacey\Desktop (19:02:26 - 02/26/2018)
***---------------------------------------------------------***
Microsoft® Windows Vista™ Home Premium X86 Service Pack 2
UAC is Enabled
Internet Explorer 9
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Microsoft Security Essentials (Disabled - up to Date)
Microsoft Security Essentials (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (28.0.0.161)
Java (8.0.1510.12) ==> is out of Date
Microsoft Security Essentials (4.10.209.0)
Microsoft Silverlight (5.1.50906.0)
Mozilla Firefox (52.6.0) ==> is out of Date
Windows Live Essentials (15.4.3502.0922) ==> is out of Date ==> is no longer supported

***----------------Analysis Complete-------------------------***



#12 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:57 AM

Posted 27 February 2018 - 05:10 AM

  • press the Windows key + R and type services.msc, then click OK
  • in the list of services, click Microsoft Antimalware Service
  • make sure that the ‘Status’ column displays Started and that the ‘Startup Type’ column displays Automatic
  • if the service is not set to Started or if the startup type is not set to Automatic, follow these steps:


    a.    right-click Microsoft Antimalware Service, and then click Properties
    b.    in the Properties dialog box, click the ‘General’ tab, and then click Automatic in the Startup type list
    c.    click Start, click Apply, and then click OK
     

  • reboot the computer.

Please run Security Analysis again and send the new log.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 Staceysa

Staceysa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 27 February 2018 - 04:35 PM

I could not start it, it says the same thing.  It wont let me click to change anything. The window that opens on start up is the MSE window with everything there but nothing is clickable. It says in red letters "Support for this operating system has ended and Microsoft Security Essentials is no longer protecting your PC. To make sure your PC is protected, click the link below to see our end-of-support guidance for operating systems."

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 16th February, 2018
Running from:C:\Users\Stacey\Desktop (15:25:02 - 02/27/2018)
***---------------------------------------------------------***
Microsoft® Windows Vista™ Home Premium X86 Service Pack 2
UAC is Enabled
Internet Explorer 9
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Microsoft Security Essentials (Disabled - up to Date)
Microsoft Security Essentials (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (28.0.0.161)
Java (8.0.1510.12) ==> is out of Date
Microsoft Security Essentials (4.10.209.0)
Microsoft Silverlight (5.1.50906.0)
Mozilla Firefox (52.6.0) ==> is out of Date
Windows Live Essentials (15.4.3502.0922) ==> is out of Date ==> is no longer supported

***----------------Analysis Complete-------------------------***



#14 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:57 AM

Posted 27 February 2018 - 05:25 PM

I think the easiest thing to do is to uninstall MSE and download a new version. If there is still a problem with the new version, we’ll take another look.

Uninstall Microsoft Security Essentials:

  • click on Start, Settings, Control Panel
  • double-click Add or Remove Programs (it may take time for the list to appear, so be patient)
  • scroll down the list and find Microsoft Security Essentials, click on it and then on Uninstall

Download a new version from here and then run a scan.

Let me know how it goes.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 Staceysa

Staceysa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 01 March 2018 - 10:52 PM

I did the install and it says the same thing.  It started to do an update then it switched to the home tab with the same warning.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users