Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CJ.dotomi


  • This topic is locked This topic is locked
8 replies to this topic

#1 tomsmom06

tomsmom06

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 04 July 2018 - 10:11 PM

Somehow, I have managed to avoid this until now, but after looking around at many sites, I know that I have it (it's redirecting affiliate links, and sometimes it's shown in the redirect web address). I have looked online and followed the suggestion to look in add/remove programs (Windows XP) and of course found nothing there by that name. I've also checked the browsers that I use, Firefox and a Chomium version, Flash Peak Slimjet, and found NO extensions. The only other advice that I have seen is to use SpyHunter. I have Kaspersky Internet Security, keeping it fully up-to- date, ran a full scan that showed nothing. Malwarebytes Anti-malware also found nothing. I'm very careful online, and when I occasionally have an issue, I can usually figure it out. But this time, I need your help. Would appreciate any thought on ways to remove this. I think I have had it for about 3 weeks.

 

 

 

HERE ARE THE FARBAR SCANS:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018
Ran by Milly (administrator) on D90L61C1 (04-07-2018 23:34:52)
Running from C:\Documents and Settings\Milly\Desktop
Loaded Profiles: Milly (Available Profiles: Milly & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: "C:\Program Files\Slimjet\slimjet.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AddressBookReminderApp] => C:\Program Files\Creative Home\Hallmark Card Studio 2016 Deluxe\ReminderApp.exe
HKU\S-1-5-21-4223712583-492965492-1977232021-1006\...\Run: [ISUSPM] => C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-4223712583-492965492-1977232021-1006\...\MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe
HKU\S-1-5-21-4223712583-492965492-1977232021-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.250.190.144
Tcpip\..\Interfaces\{8949CE91-BAC6-4C4A-9CBE-6DB717E68BCD}: [NameServer] 4.2.2.2,4.2.2.1
Tcpip\..\Interfaces\{8949CE91-BAC6-4C4A-9CBE-6DB717E68BCD}: [DhcpNameServer] 192.168.0.1 216.250.190.144
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061028
HKU\S-1-5-21-4223712583-492965492-1977232021-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4223712583-492965492-1977232021-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4223712583-492965492-1977232021-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061028
URLSearchHook: HKU\S-1-5-21-4223712583-492965492-1977232021-1006 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4223712583-492965492-1977232021-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-08-31] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-08-31] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-08-31] (Kaspersky Lab ZAO)
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} hxxp://online.invokesolutions.com/events/bin/comptest/4.1.0.34000/MILiveCompTest.ocx
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} hxxp://by128fd.bay128.hotmail.msn.com/activex/HMAtchmt.ocx
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-04] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Milly\Application Data\Mozilla\Firefox\Profiles\989qq65g.default [2018-06-30]
FF user.js: detected! => C:\Documents and Settings\Milly\Application Data\Mozilla\Firefox\Profiles\989qq65g.default\user.js [2018-03-02]
FF Homepage: C:\Documents and Settings\Milly\Application Data\Mozilla\Firefox\Profiles\989qq65g.default -> about:blank
FF Extension: (The Camelizer - Price Tracker) - C:\Documents and Settings\Milly\Application Data\Mozilla\Firefox\Profiles\989qq65g.default\Extensions\izer@camelcamelcamel.com.xpi [2016-01-24] [Legacy]
FF Extension: (Dangerous Websites Blocker) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-08-31] [Legacy]
FF Extension: (Virtual Keyboard) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-08-31] [Legacy]
FF Extension: (Safe Money) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-08-31] [Legacy]
FF SearchPlugin: C:\Documents and Settings\Milly\Application Data\Mozilla\Firefox\Profiles\989qq65g.default\searchplugins\startpage-ssl.xml [2016-01-12]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE8@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_074028@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking_08806E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-28] ()
FF Plugin: @kaspersky.com/content_blocker_663BE8 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-08-31] ()
FF Plugin: @kaspersky.com/online_banking_08806E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-08-31] ()
FF Plugin: @kaspersky.com/virtual_keyboard_074028 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-08-31] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-4223712583-492965492-1977232021-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll [2010-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4223712583-492965492-1977232021-1006: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2015-11-27] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-4223712583-492965492-1977232021-1006: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2015-11-27] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-4223712583-492965492-1977232021-1006: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\DOCUME~1\Milly\APPLIC~1\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-09-03] (Coupons, Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2016-08-31] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
S4 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2006-10-28] (Creative Labs) [File not signed]
S4 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo)
S4 ELService; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [180224 2006-06-01] (Intel Corporation) [File not signed]
S2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2014-03-04] (SEIKO EPSON CORPORATION)
S4 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 idsvc; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe /svc [X]
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-10-28] (Windows ® 2000 DDK provider) [File not signed]
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [197864 2016-08-31] (Kaspersky Lab UK Ltd)
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2007-03-05] (Samsung Electronics Co., Ltd.) [File not signed]
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) [File not signed]
R3 ELacpi; C:\WINDOWS\System32\DRIVERS\ELacpi.sys [9728 2006-05-09] (Intel Corporation)
R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-09] (Intel Corporation) [File not signed]
R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-09] (Intel Corporation) [File not signed]
R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-09] (Intel Corporation) [File not signed]
R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-09] (Intel Corporation) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [155304 2016-08-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [54640 2016-08-31] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [125656 2016-08-31] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [53168 2016-08-31] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [694704 2016-08-31] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [35696 2016-08-31] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [35184 2016-08-31] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [23920 2016-08-31] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [54328 2016-08-31] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [157240 2016-08-31] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation ) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2006-05-23] (Padus, Inc.) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [9728 2004-10-19] (Creative Technology Ltd.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-08-24] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-07-24] (SigmaTel, Inc.)
S4 bvrp_pci; no ImagePath
S4 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S4 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
S4 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-04 23:24 - 2018-07-04 23:35 - 000018756 _____ C:\Documents and Settings\Milly\Desktop\FRST.txt
2018-07-04 23:23 - 2018-07-04 23:33 - 000000000 ____D C:\FRST
2018-07-04 23:20 - 2018-07-04 23:21 - 001773056 _____ (Farbar) C:\Documents and Settings\Milly\Desktop\FRST.exe
2018-06-19 16:54 - 2018-06-19 16:54 - 000000000 ____D C:\Documents and Settings\Milly\My Documents\Copy of My Backup Files
2018-06-19 16:52 - 2018-06-19 16:53 - 000000000 ____D C:\Documents and Settings\Milly\My Documents\My Backup Files
2018-06-19 16:45 - 2018-06-19 16:49 - 000000000 ____D C:\Documents and Settings\Milly\Desktop\My Backup Files
2018-06-18 14:27 - 2018-06-18 14:27 - 000004608 _____ C:\WINDOWS\system32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-06-08 21:12 - 2018-06-08 21:19 - 041352656 _____ C:\Documents and Settings\Milly\Desktop\Cub Magazine.pdf
2018-06-04 18:51 - 2018-06-04 18:51 - 000030035 _____ C:\Documents and Settings\Milly\My Documents\Understanding the Meter to AMR interface.htm
2018-06-04 14:55 - 2018-06-04 14:54 - 000246835 _____ C:\Documents and Settings\Milly\My Documents\abstract-smart-water-utilities-managed-services-report-2018.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-04 23:35 - 2006-11-16 22:23 - 000000000 ____D C:\Documents and Settings\Milly\Local Settings\Temp
2018-07-04 23:28 - 2015-02-03 00:53 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2018-07-04 23:19 - 2015-02-10 01:44 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2018-07-04 08:23 - 2006-10-28 12:02 - 000003850 _____ C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2018-07-04 07:17 - 2005-08-16 04:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-04 07:17 - 2005-08-16 04:38 - 000000000 ____D C:\WINDOWS\Registration
2018-07-04 01:14 - 2015-02-03 01:04 - 010661668 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4223712583-492965492-1977232021-1006-0.dat
2018-07-04 01:14 - 2015-02-03 01:04 - 000387326 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2018-07-04 01:14 - 2005-08-16 04:49 - 000032652 _____ C:\WINDOWS\SchedLgU.Txt
2018-07-04 01:13 - 2006-11-16 22:23 - 000000178 ___SH C:\Documents and Settings\Milly\ntuser.ini
2018-07-03 10:58 - 2009-12-30 15:21 - 000997888 _____ C:\Documents and Settings\Milly\My Documents\chk tally.xls
2018-07-02 11:50 - 2010-09-05 13:33 - 000242176 _____ C:\Documents and Settings\Milly\My Documents\Chally-Lab Draw Schedule.xls
2018-07-01 23:12 - 2006-11-16 22:23 - 000000000 ____D C:\Documents and Settings\Milly
2018-06-30 17:01 - 2016-05-13 16:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-23 16:31 - 2007-11-12 16:16 - 000000000 ____D C:\Documents and Settings\Milly\My Documents\Hallmark Projects
2018-06-19 17:21 - 2015-02-03 00:53 - 000000588 _____ C:\WINDOWS\system32\settingsbkup.sfm
2018-06-19 17:21 - 2015-02-03 00:53 - 000000588 _____ C:\WINDOWS\system32\settings.sfm
2018-06-19 16:58 - 2006-11-18 19:44 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2018-06-19 16:58 - 2006-11-16 22:23 - 000000000 ____D C:\Documents and Settings\Milly\Local Settings\Application Data\Google
2018-06-18 14:59 - 2005-08-16 04:41 - 000000000 __SHD C:\Documents and Settings\All Users\DRM
2018-06-18 12:42 - 2005-08-16 04:19 - 000000209 __RSH C:\boot.ini
2018-06-18 12:42 - 2005-08-16 04:18 - 000000461 _____ C:\WINDOWS\win.ini
2018-06-18 12:42 - 2005-08-16 04:18 - 000000227 _____ C:\WINDOWS\system.ini
2018-06-15 18:01 - 2015-07-08 11:42 - 000119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-06-14 10:54 - 2011-10-02 18:35 - 000640512 _____ C:\Documents and Settings\Milly\My Documents\good stuff.xls
2018-06-08 22:06 - 2016-03-01 00:02 - 000054156 ____H C:\WINDOWS\QTFont.qfn
2018-06-08 22:06 - 2006-11-28 22:29 - 000000000 ____D C:\Documents and Settings\Milly\Application Data\Corel
2018-06-08 19:12 - 2007-01-09 01:12 - 000002514 ___SH C:\WINDOWS\system32\KGyGaAvL.sys
2018-06-08 19:12 - 2006-11-28 22:31 - 000000000 ____D C:\Documents and Settings\Administrator\My Documents\My PSP Files
 
==================== Files in the root of some directories =======
 
2012-09-06 14:33 - 2012-09-06 14:33 - 000999456 _____ (Solid State Networks) C:\Program Files\install_flashplayer11x32_chrd_aih.exe
2012-09-06 14:14 - 2012-09-06 14:14 - 000894952 _____ (Oracle Corporation) C:\Program Files\jre-7u7-windows-i586-iftw.exe
2012-09-07 22:33 - 2012-09-07 22:34 - 010652120 _____ (Malwarebytes Corporation                                    ) C:\Program Files\mbam-setup-1.62.0.1300.exe
2013-02-04 22:18 - 2013-02-04 22:19 - 023749680 _____ (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware.exe
2012-09-11 17:56 - 2012-09-11 17:57 - 064967036 _____ () C:\Program Files\Windows 7 Product Guide.pdf
2006-12-01 23:01 - 2006-12-01 23:56 - 000000000 _____ () C:\Documents and Settings\Milly\Application Data\dm.ini
2010-10-04 20:29 - 2010-10-06 10:38 - 000003072 _____ () C:\Documents and Settings\Milly\Application Data\dvd.bmk
2013-07-19 22:32 - 2013-07-19 22:32 - 000893239 _____ () C:\Documents and Settings\Milly\Local Settings\Application Data\a.zip
2012-08-29 00:15 - 2012-08-29 00:15 - 000193179 _____ () C:\Documents and Settings\Milly\Local Settings\Application Data\ars.cache
2013-07-19 22:32 - 2013-07-19 22:32 - 002162416 _____ (Catalina Marketing Corp) C:\Documents and Settings\Milly\Local Settings\Application Data\BcsKtYcHW.dll
2012-08-29 00:15 - 2012-08-29 00:15 - 000273870 _____ () C:\Documents and Settings\Milly\Local Settings\Application Data\census.cache
2006-11-26 01:48 - 2012-07-02 12:22 - 000011264 _____ () C:\Documents and Settings\Milly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-11-16 22:23 - 2006-11-16 22:23 - 000000128 _____ () C:\Documents and Settings\Milly\Local Settings\Application Data\fusioncache.dat
2011-02-13 00:28 - 2011-02-13 00:28 - 000000036 _____ () C:\Documents and Settings\Milly\Local Settings\Application Data\housecall.guid.cache
2012-09-06 15:33 - 2012-09-06 15:33 - 000017408 _____ () C:\Documents and Settings\Milly\Local Settings\Application Data\WebpageIcons.db
2012-08-25 04:39 - 2012-08-25 05:11 - 000000144 _____ () C:\Documents and Settings\All Users\Application Data\-e73P5CvrGVuans
2012-08-25 04:39 - 2012-08-25 05:11 - 000000160 _____ () C:\Documents and Settings\All Users\Application Data\-e73P5CvrGVuansr
2012-08-25 03:22 - 2012-08-25 05:11 - 000000368 _____ () C:\Documents and Settings\All Users\Application Data\e73P5CvrGVuans
2007-02-16 01:46 - 2008-11-30 23:34 - 000007810 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-08-31 01:04 - 2012-08-31 01:06 - 000010338 _____ () C:\Documents and Settings\All Users\Application Data\SEC15A.tmp
2013-02-02 01:05 - 2013-02-02 01:06 - 000010338 _____ () C:\Documents and Settings\All Users\Application Data\SEC17E.tmp
2014-02-24 01:33 - 2014-02-24 01:34 - 000010338 _____ () C:\Documents and Settings\All Users\Application Data\SEC27.tmp
2012-08-31 01:25 - 2012-08-31 01:26 - 000010338 _____ () C:\Documents and Settings\All Users\Application Data\SEC2C.tmp
2013-02-11 02:03 - 2013-02-11 02:05 - 000010338 _____ () C:\Documents and Settings\All Users\Application Data\SEC320.tmp
2013-02-09 01:31 - 2013-02-09 01:32 - 000010338 _____ () C:\Documents and Settings\All Users\Application Data\SEC413.tmp
2012-07-05 14:30 - 2012-07-05 14:32 - 000010338 _____ () C:\Documents and Settings\All Users\Application Data\SEC9F.tmp
2013-02-21 14:40 - 2013-02-21 14:41 - 000010338 _____ () C:\Documents and Settings\All Users\Application Data\SECC8.tmp
 
Some files in TEMP:
====================
2014-03-25 15:54 - 2006-05-24 12:10 - 000455600 ____R (Macrovision Corporation) C:\Documents and Settings\Milly\Local Settings\Temp\_isF9.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by Milly (04-07-2018 23:35:23)
Running from C:\Documents and Settings\Milly\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-11-17 03:23:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4223712583-492965492-1977232021-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-4223712583-492965492-1977232021-1007 - Limited - Enabled)
Guest (S-1-5-21-4223712583-492965492-1977232021-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-4223712583-492965492-1977232021-1005 - Limited - Disabled)
Milly (S-1-5-21-4223712583-492965492-1977232021-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Milly
SUPPORT_388945a0 (S-1-5-21-4223712583-492965492-1977232021-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Andrea VoiceCenter (HKLM\...\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}) (Version:  - )
AOLIcon (HKLM\...\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}) (Version: 1.00.0000 - Dell) Hidden
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}) (Version: 1.2.2370.37610 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.263-060607a-034018C-Dell - )
Brother MFL-Pro Suite MFC-J4310DW (HKLM\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.2.0 - Brother Industries, Ltd.)
calibre (HKLM\...\{D14AAC37-38FC-4454-9CEC-B3CD081632C4}) (Version: 0.8.38 - Kovid Goyal)
Catalina Savings Printer (HKLM\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 45.9.12.393 - Comodo)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Consumer Complete Care Services Agreement (HKLM\...\{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}) (Version: 1.10.0000 - Dell)
Corel Paint Shop Pro Photo XI (HKLM\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
Corel Snapfire Plus (HKLM\...\{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}) (Version: 1.00.0000 - Corel)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
CreataCard Plus 3 (HKLM\...\CreataCard Plus 3) (Version:  - )
Creative Audio Pack (HKLM\...\Creative Audio Pack) (Version:  - )
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell DataSafe (HKLM\...\{C89588E4-A151-489E-A393-066E503FC549}) (Version: 1.00.0000 - Dell Inc.)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Game Console (HKLM\...\Dell Game Console) (Version:  - WildTangent)
Dell Support 3.2 (HKLM\...\{3846E811-639D-4DE1-844B-30491C0A6C0C}) (Version: 5.5.2038 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destinations (HKLM\...\{FB15E224-67C3-491F-9F5C-F257BC418412}) (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
EducateU (HKLM\...\{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
Epic Privacy Browser (HKU\S-1-5-21-4223712583-492965492-1977232021-1006\...\Epic) (Version: 40.0.2214.91 - Epic)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
EPSON WP-4020 Series Printer Uninstall (HKLM\...\EPSON WP-4020 Series) (Version:  - SEIKO EPSON Corporation)
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
FlashPeak Slimjet (HKLM\...\Slimjet) (Version: 8.0.4.0 - FlashPeak Inc.)
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
Get High Speed Internet! (HKLM\...\{7A3F0566-5E05-4919-9C98-456F6B5CF831}) (Version: 1.00.0000 - Dell)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.53 - Google Inc.) Hidden
Greeting Card Factory Deluxe 6.0 (HKLM\...\{9C627F78-DBB9-4293-AA89-E83119C39CE9}) (Version: 6.0.0.20 - Nova Development)
Hallmark Card Studio 2006 Deluxe (HKLM\...\{3B901CB2-9DAF-43FC-BDD2-4149AF19381C}) (Version: 7.0.0.15 - Creative Home)
Hallmark Card Studio 2009 Deluxe (HKLM\...\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}) (Version: 10.0.0.28 - Creative Home)
Hallmark Card Studio 2016 Deluxe (HKLM\...\{8B89C389-8C13-4A95-BA2D-87DC5FFB620C}) (Version: 17.0.0.10 - Creative Home)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Deskjet 9800 Series (HKLM\...\hp Deskjet 9800 series) (Version:  - )
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{AF06FEB8-B5BB-44EA-B554-B825A65025EC}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HPPhotoSmartExpress (HKLM\...\{2376813B-2E5A-4641-B7B3-A0D5ADB55229}) (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareDevicesMFC (HKLM\...\{F157460F-720E-482f-8625-AD7843891E5F}) (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PRO Network Connections (HKLM\...\{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}) (Version:  - Dell)
Intel® Quick Resume Technology Drivers (HKLM\...\EL) (Version:  - )
Intel® Viiv™ Software (HKLM\...\{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}) (Version: 1.0.3.2019 - Intel Corporation)
Invoke Solutions Participant 6.2.0.1450 (HKLM\...\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}_is1) (Version:  - Invoke Solutions)
Kaspersky Internet Security (HKLM\...\{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB886903) (HKLM\...\M886903) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
P@H-Protocol (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PanoStandAlone (HKLM\...\{363790D2-DA98-41DD-9C9F-69FA36B169DE}) (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Picaboo X (HKLM\...\{E07D77A7-D6AF-4A06-164A-7E3C9CFEA229}) (Version: 10.131 - Picaboo Corporation) Hidden
Picaboo X (HKLM\...\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1) (Version: 10.131P - Picaboo Corporation)
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung ML-1630 Series (HKLM\...\Samsung ML-1630 Series) (Version:  - Samsung Electronics CO.,LTD)
Sonic Activation Module (HKLM\...\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}) (Version: 1.0 - Sonic Solutions) Hidden
Sonic Advanced Decoder (HKLM\...\{46C73DE4-E96D-4F7C-8371-F28052183B12}) (Version:  - )
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version:  - )
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Sound Blaster Audigy ADVANCED MB Product Registration (HKLM\...\Sound Blaster Audigy ADVANCED MB Product Registration) (Version:  - )
Status (HKLM\...\{8331C3EA-0C91-43AA-A4D4-27221C631139}) (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1016 - SUPERAntiSpyware.com)
TrayApp (HKLM\...\{DBC20735-34E6-4E97-A9E5-2066B66B243D}) (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Unload (HKLM\...\{4596FA5B-2966-44E6-9DA3-998001CA71DC}) (Version: 7.5.0 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB912067 (HKLM\...\KB912067) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Music Jukebox (HKLM\...\{7C49EA42-5647-4051-84C2-E6404F25A931}) (Version: 2.0.0.134 - Yahoo!)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\localserver32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Update\1.2.183.29\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{6959B6E8-B5E0-4E64-B1B4-C82969BAF394}\InprocServer32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{75E5277F-CA84-4758-8968-7ED78FE8D546}\localserver32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Application\40.0.2214.91\delegate_execute.exe (Hidden Reflex)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\localserver32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\localserver32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\localserver32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\EpicUpdate.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Documents and Settings\Milly\Application Data\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\localserver32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{E9DA06F1-632C-462F-98B3-AF74B47DA727}\InprocServer32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4223712583-492965492-1977232021-1006_Classes\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32 -> C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
ContextMenuHandlers1: [Kaspersky Anti-Virus 15.0.2] -> {6ECB6C79-632B-4E91-821A-A8B86346FD93} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\shellex.dll [2014-12-23] (Kaspersky Lab ZAO)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08] (Sonic Solutions)
ContextMenuHandlers2: [Kaspersky Anti-Virus 15.0.2] -> {6ECB6C79-632B-4E91-821A-A8B86346FD93} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\shellex.dll [2014-12-23] (Kaspersky Lab ZAO)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> No File
ContextMenuHandlers4: [Kaspersky Anti-Virus 15.0.2] -> {6ECB6C79-632B-4E91-821A-A8B86346FD93} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\shellex.dll [2014-12-23] (Kaspersky Lab ZAO)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [Kaspersky Anti-Virus 15.0.2] -> {6ECB6C79-632B-4E91-821A-A8B86346FD93} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\shellex.dll [2014-12-23] (Kaspersky Lab ZAO)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\Milly\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-11-30 17:07 - 2007-02-08 20:22 - 000022723 _____ () C:\WINDOWS\system32\ml163sl3.dll
2005-08-16 04:18 - 2005-08-05 14:01 - 000282112 _____ () C:\WINDOWS\system32\sbe.dll
2005-08-16 04:18 - 2008-05-07 00:12 - 001288192 ____N () C:\WINDOWS\system32\quartz.dll
2005-08-16 04:18 - 2008-04-14 06:41 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-16 04:18 - 2008-04-14 06:42 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2005-08-16 04:18 - 2017-01-19 17:10 - 000000842 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4223712583-492965492-1977232021-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Milly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 4.2.2.2 - 4.2.2.1
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2009.lnk => C:\WINDOWS\pss\Event Planner Reminder 2009.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\WINDOWS\pss\Event Planner Reminder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
MSCONFIG\startupreg: AVP => "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
MSCONFIG\startupreg: CTSysVol => C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
MSCONFIG\startupreg: DLA => C:\WINDOWS\System32\DLA\DLACTRLW.EXE
MSCONFIG\startupreg: DMXLauncher => C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: Epic Privacy Browser Installer => "C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HPWQTOOLBOX => C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i"
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MBMon => Rundll32 CTMBHA.DLL,MBMon
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: ReminderApp => C:\Program Files\Nova Development\Greeting Card Factory Deluxe 6.0\ReminderApp.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE
MSCONFIG\startupreg: VoiceCenter => "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\CallWave\IAM.exe] => Enabled:CallWave
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Photosmart 6510 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 6510 series)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Milly\Local Settings\Application Data\Epic Privacy Browser\Application\epic.exe] => Enabled:Epic Privacy Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\Slimjet\slimjet.exe] => Enabled:Slimjet
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
==================== Restore Points =========================
 
07-05-2018 11:27:20 System Checkpoint
08-05-2018 12:18:27 System Checkpoint
09-05-2018 13:03:15 System Checkpoint
10-05-2018 14:47:55 System Checkpoint
11-05-2018 15:35:23 System Checkpoint
12-05-2018 16:24:52 System Checkpoint
13-05-2018 17:14:57 System Checkpoint
14-05-2018 17:51:48 System Checkpoint
15-05-2018 18:00:03 System Checkpoint
16-05-2018 18:02:25 System Checkpoint
17-05-2018 18:23:23 System Checkpoint
18-05-2018 19:30:00 System Checkpoint
19-05-2018 19:50:51 System Checkpoint
20-05-2018 20:10:20 System Checkpoint
21-05-2018 20:19:26 System Checkpoint
22-05-2018 21:09:31 System Checkpoint
24-05-2018 09:43:41 System Checkpoint
25-05-2018 09:53:09 System Checkpoint
26-05-2018 10:20:38 System Checkpoint
27-05-2018 11:13:08 System Checkpoint
28-05-2018 11:13:29 System Checkpoint
29-05-2018 12:02:43 System Checkpoint
30-05-2018 12:08:46 System Checkpoint
31-05-2018 15:46:07 System Checkpoint
01-06-2018 18:59:43 System Checkpoint
03-06-2018 08:41:57 System Checkpoint
04-06-2018 09:17:13 System Checkpoint
05-06-2018 09:43:28 System Checkpoint
06-06-2018 09:55:01 System Checkpoint
07-06-2018 10:26:11 System Checkpoint
08-06-2018 11:26:08 System Checkpoint
09-06-2018 12:42:08 System Checkpoint
10-06-2018 13:19:57 System Checkpoint
11-06-2018 13:20:50 System Checkpoint
12-06-2018 14:30:24 System Checkpoint
13-06-2018 15:28:30 System Checkpoint
14-06-2018 16:06:47 System Checkpoint
15-06-2018 16:47:19 System Checkpoint
16-06-2018 17:11:40 System Checkpoint
17-06-2018 17:23:22 System Checkpoint
18-06-2018 16:35:28 pre Google Desktop removal
18-06-2018 16:38:22 Revo Uninstaller's restore point - Google Desktop
19-06-2018 16:57:54 Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
20-06-2018 18:34:30 System Checkpoint
21-06-2018 18:50:51 System Checkpoint
22-06-2018 18:55:30 System Checkpoint
23-06-2018 20:00:46 System Checkpoint
24-06-2018 20:15:24 System Checkpoint
25-06-2018 20:26:59 System Checkpoint
26-06-2018 20:34:35 System Checkpoint
27-06-2018 21:04:07 System Checkpoint
29-06-2018 09:23:28 System Checkpoint
30-06-2018 10:31:54 System Checkpoint
01-07-2018 11:16:10 System Checkpoint
02-07-2018 13:40:02 System Checkpoint
03-07-2018 14:01:29 System Checkpoint
04-07-2018 14:34:46 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/04/2018 11:34:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 20.6.2018.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/29/2018 07:02:42 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/29/2018 07:02:42 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/28/2018 06:08:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/28/2018 06:08:51 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/28/2018 06:08:51 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/27/2018 06:49:32 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/27/2018 06:49:31 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
System errors:
=============
Error: (07/04/2018 06:35:21 PM) (Source: DCOM) (EventID: 10005) (User: D90L61C1)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (07/04/2018 07:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EpsonCustomerParticipation service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/04/2018 07:17:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the EpsonCustomerParticipation service to connect.
 
Error: (07/04/2018 07:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (07/03/2018 08:01:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.
 
Error: (07/03/2018 07:59:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EpsonCustomerParticipation service failed to start due to the following error: 
Access is denied.
 
Error: (07/03/2018 07:59:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (07/02/2018 07:29:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EpsonCustomerParticipation service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 41%
Total physical RAM: 2045.98 MB
Available physical RAM: 1192.37 MB
Total Virtual: 3932.99 MB
Available Virtual: 3112.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:169.93 GB) (Free:112.42 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:58.09 GB) (Free:57.99 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=169.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=58.1 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=4.7 GB) - (Type=DB)
 
==================== End of Addition.txt ============================

Edited by tomsmom06, 04 July 2018 - 11:44 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:59 AM

Posted 08 July 2018 - 09:48 PM

Greetings tomsmom06 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

What you are experiencing is not malicious activity but rather the result of a setting in Kaspersky. You can disable Kaspersky Anti-Banner or allow the URL. Please see here.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Launch FRST
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: ""
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll 
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll 
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll 
S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe /svc [X]
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc [X]
S4 bvrp_pci; no ImagePath
S4 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
S4 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys 
S4 wanatw; system32\DRIVERS\wanatw4.sys 
U1 WS2IFSL; no ImagePath
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Kaspersky?
  • Fixlog
  • Update on computer behavior

Edited by Oh My!, 09 July 2018 - 08:44 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 tomsmom06

tomsmom06
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 08 July 2018 - 11:04 PM

Hello Gary, I'm Mil, thank you for your reply and attention to this problem. I have a few questions. I stumbled across the Kaspersky Anti-Banner thing (I think it was at a Microsoft forum) while looking for answers to this.  I disabled the Anti-Banner and when I did, the affiliate link opened to the correct site. My question is, why did this happen out of the blue, from one day until the next? I have had the Kaspersky program for literally years, with the Anti-Banner active, and have clicked many affiliate links. Now, if I do not disable that anti-banner, just some of the links are high-jacked, while other are not. I use ebates and a couple of weeks ago, my account there showed about 20 "shopping trips" to a site I was going to purchase from (normally, there is just one), which never did open correctly. I had something similar a few years back, and MalwareBytes found and removed it. I guess I ask too many questions, but why now? Sorry, but this really bugs me :~)  If I wanted to use the Anti-Banner, is there something I could change in Anti-Banner that would stop this cj.dotomi? I've read that Anti-Banner is disabled by default, what is the reason that one would want to use it? 

  Second, I was reading the copy/paste info you want me to use in FRST and notice several references to Google updates. I have had Google updates service turned off as an administrator. I don't use Google anything, though I realize that any Chromium browser is likely Google. I just recently got rid of the Google Desktop, too. Sorry to be a pain, but I want to know exactly what I will be doing if I do what you recommend with FRST.

 

Thanks very much for your patience, I really appreciate it. I'll watch this thread.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:59 AM

Posted 09 July 2018 - 09:45 AM

Greetings Mil.

No problem wanting to understand things.

I can't really say why this started now. Since this is specific to Kaspersky and their "detection" formula I would suggest you go right to the source and ask the question of one of their experts at the Kaspersky Lab Forum. I do not use the program so I am unfamiliar with it.

-----
 

S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe /svc [X]
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc [X]

When your computer starts the HKLM\SYSTEM\CurrentControlSet\Services registry key tells the computer certain things it should start or not start. The S4 gupdate and S4 gupdate portions of the above lines are telling us what that registry key is instructing the computer to do/not do with those Google services. The S4 indicates the services are Stopped and set to Disabled. Nothing happens as a result of these entries in the registry.

Registry entries do not directly launch services but rather they provide further instructions on how to carry out the instruction if the service is supposed to be started. Typically that is done by providing a file path location to an executable file(C:\Program Files\Google\Update\GoogleUpdate.exe /svc and C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc). What is most important in our lines are the [X]'s at the end of each line. The [X]'s indicate the files are missing. So the Services registry keys still have pointers to the files but the files no longer exists. Sometime earlier the files were removed.

All we are doing is mopping up leftover entries to tidy things up a bit.

Does this answer your question and make sense?


Edited by Oh My!, 09 July 2018 - 09:46 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 tomsmom06

tomsmom06
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 09 July 2018 - 10:41 PM

Thank you so much for explaining things. So, it seems I was successful in routing Google, as much as that is possible. I've learned a lot along the way, but respect the registry and the need to back it up as much as I hate Google! I try to keep a tidy computer, but obviously I've missed a lot too along the way. You guys helped me to get rid of something that removed all my icons from the XP page, and that was quite a mess, so I know you folks are very successful at helping people. It must take tons of time, patience and energy.

 

 

So, are we "mopping up" some leftovers" that don't relate to the cj.dotomi? I get the feeling that using ad blockers does what Anti-Banner is supposed to be doing if enabled, and I certainly haven't seen any since disabling it. Just wondering if Kaspersky has changed the sites they monitor, and you're right, go to the source :~) While looking at the FRST logs the other day, I noticed that it says if things are included on the fixlist, they will be "fixed". Is the data you asked me to copy and paste to FRST to fix including everything it found in that initial scan, or only certain issues?

 

Please let me think about this for a day or two. I promise to get back to you, and I appreciate your patience in answering my many questions! Have a good day.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:59 AM

Posted 10 July 2018 - 08:34 AM

Greetings.

You are welcome for the explanation. My approach is to help people by cleaning their computers. I try always to stay focused on the person first.

Yes, we are cleaning up some things totally unrelated to your initial concern. I figured since we are already evaluating your computer why not do some cleaning while we are at it.

The author of FRST, Farbar, has created the tool to examine areas of the computer that typically house malicious material. So it will examine the Services, for example, and provide information for review by a trained helper. It is our training and experience that allows us to determine what is legitimate and what is not. Following that weeding out process FRST is designed to allow us to do something about it by creating a Fixlist. When you see "if things are included on the fixlist, they will be fixed", what that means is whatever items are detected that need to be fixed (selective in nature) if those particular items are included in a Fixlist they will be fixed. Other things on the list that are not included in a Fixlist will be left alone.

In general, programs that are designed to do the same thing (antivirus) don't always behave the same because of the way a particular program code is written. Cars are cars but they are not all the same. That is why I will typically use more than one program to look for and deal with malware. Once I have done the bulk of the work I will get a second opinion by means of an online scanner like ESET or Emsisoft. It is very common for those programs to find things other programs don't detect. Overwhelmingly these second detections are relatively minor. I say this because the same applies to Ad Blocker type programs. The do not all detect the exact same things. The difference in your situation is that Kaspersky is blocking something that doesn't necessarily need to be blocked. A "false positive" so to speak. Since it is not malicious but bothers you none the less it is better to either turn off the Anti-Banner feature or create an exception within Kaspersky to ignore the detections.

Give it a day or two then if you would please provide the Fixlog report and we will go from there. You have done a good job keeping your computer clean and the things we are dealing with are annoyances rather than problems.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 tomsmom06

tomsmom06
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 11 July 2018 - 05:06 PM

Thank you so much, Gary, for all of your patient explanations! I used to belong to an internet site that had nothing to do with computers, and I always tried to be patient and helpful when answering queries about computers from newcomers who didn't know a lot about them. Sometimes, in searching for an answer, I found things that were also new to me. In this case, I came here with a problem, and I learned of a valuable new tool, FRST. I printed the two logs from that initial scan and also went to the FRST tutorial on Geekstogo.com that was mentioned in the first log. 

 

I'm OK with turning off the Anti-Banner in Kaspersky, seems to solve the issue of high-jacked affiliate links. So I think that is as solved as it is going to be. I'd love to know just what is causing it now, but you have definitely set my mind at ease about it.

 

As for the FRST scan, I am going to read that tutorial before going any further. I have the logs it found initially on my computer, and I see that it is also possible to scan just certain things (like registry, services, etc.); so I may just clean up one thing at a time then see if there are any changes that I like or don't like. I do not want to take any more of your time at this point, there are so many people waiting for help. So you can close this thread.

 

You have my gratitude for teaching me some things I did not know, and with FRST you've given me some work to do in learning about what seems to be a very valuable program. I have recommended Bleeping Computer for people with problems they do not have a clue about fixing, and will continue to do so. And thank you, Gary, personally. Much appreciated.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:59 AM

Posted 11 July 2018 - 06:06 PM

Greetings.

Although you are always welcome to start a topic to help sort through FRST reports before making any changes, if you decide to do it on your own I would suggest including a System Restore command (CreateRestorePoint:) any time you modify things. That will give you a fall back position if something goes wrong.

It appears we are all set. It is up to you on what you choose to delete or save.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your computer is now clean.

Right click on the FRST icon and rename it to Uninstall. Right click on it again, select Run as administrator and FRST will delete itself. You may also delete any other tools or reports created during our efforts.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:59 AM

Posted 12 July 2018 - 08:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users