User Tag List

Possible Virus

This is a discussion on Possible Virus within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, Think I have a virus on my computer when the computer sits idle I am unable to wake it


 
 
Thread Tools Search this Thread
Old 09-02-2015, 04:34 AM   #1
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



Hi, Think I have a virus on my computer when the computer sits idle I am unable to wake it without a manual shut down and then on startup I get a list of chrome extensions that have crashed. Would appreciate any help you can provide Thanks

Also I do not believe I have a windows install disc or reboot disc







DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16685 BrowserJavaVersion: 10.67.2
Run by Jenks at 7:08:15 on 2015-09-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1552 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\spool\drivers\w32x86\3\DLKAMUI.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=1590&gct=hp
uDefault_Page_URL = hxxp://www.dell.com
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\22.5.2.15\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\22.5.2.15\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\22.5.2.15\CoIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [GoogleChromeAutoLaunch_2279C6B37BEDCA0A05ED35B19AC84A13] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [PMX Daemon] ICO.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLKAStatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\DLKAMUI.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.11.149\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{BD1A4011-0564-4F16-B577-5ACFD0F386A8} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\44.0.2403.157\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 0.0.0.1 mssplus.mcafee.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jenks\appdata\roaming\mozilla\firefox\profiles\7ta98ef3.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jenks\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\users\jenks\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_296.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\n360\1605020.00f\SymEFASI.sys [2015-8-10 1286896]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\nortondata\22.5.2.15\definitions\bashdefs\20150821.001\BHDrvx86.sys [2015-8-25 1181936]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1605020.00f\ccSetx86.sys [2015-8-10 137456]
R1 IDSVix86;IDSVix86;c:\program files\norton security suite\nortondata\22.5.2.15\definitions\ipsdefs\20150901.003\IDSvix86.sys [2015-9-2 580856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1605020.00f\Ironx86.sys [2015-8-10 234744]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1605020.00f\symtdiv.sys [2015-8-10 358104]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 142648]
R2 dlSvc;Dell Photo Device Service;c:\program files\dell\dell photo p703w aio printer\printer\center\dlSvc.exe [2008-11-17 28672]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
R2 N360;Norton 360;c:\program files\norton security suite\engine\22.5.2.15\N360.exe [2015-8-10 282016]
R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\reimage\reimage protector\ReiGuard.exe [2015-8-19 6324208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2015-8-12 122192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.11.149\McCHSvc.exe [2015-6-26 235696]
S3 Origin Client Service;Origin Client Service;c:\program files\origin\OriginClientService.exe [2015-3-25 1931632]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2011-6-8 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2011-6-8 19008]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2014-4-12 772296]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2015-09-01 12:45:19 -------- d-----w- C:\SUPERDelete
2015-09-01 11:55:31 -------- d-----w- c:\programdata\Reimage Protector
2015-09-01 11:55:24 -------- d-----w- c:\program files\Reimage
2015-09-01 11:55:13 -------- d-----w- C:\rei
2015-08-20 11:01:12 758000 ----a-w- c:\program files\internet explorer\iexplore.exe
2015-08-20 11:01:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-20 11:01:12 151184 ----a-w- c:\program files\internet explorer\sqmapi.dll
2015-08-14 04:23:08 -------- d-----w- c:\programdata\Emsisoft
2015-08-14 04:04:03 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2015-08-13 09:30:19 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-13 09:30:19 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-13 09:30:19 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-13 09:30:19 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-13 09:30:18 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-13 09:30:18 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-13 09:30:18 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-13 09:30:17 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-13 09:27:57 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:27:22 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-13 08:55:25 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-13 08:54:42 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-08-13 08:54:42 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-08-13 08:53:41 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-13 08:53:41 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-13 08:53:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-13 08:53:41 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-08-13 08:53:41 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-13 08:53:41 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-13 08:53:41 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-13 08:53:41 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-13 08:53:41 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-13 08:53:40 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-13 08:53:40 2066944 ----a-w- c:\windows\system32\win32k.sys
2015-08-13 08:53:40 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-13 08:52:26 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-13 08:52:01 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-13 08:52:01 151040 ----a-w- c:\windows\notepad.exe
2015-08-13 08:51:24 2691072 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 14:22:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2015-08-12 14:22:59 474624 ----a-w- c:\program files\internet explorer\ieinstal.exe
2015-08-12 14:22:59 194560 ----a-w- c:\program files\internet explorer\IEShims.dll
2015-08-12 14:22:59 1810432 ----a-w- c:\windows\system32\jscript9.dll
2015-08-12 14:22:59 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-08-12 14:22:58 367616 ----a-w- c:\windows\system32\html.iec
2015-08-12 14:22:57 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2015-08-10 17:27:27 711408 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\srtsp.sys
2015-08-10 17:27:27 44792 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\srtspx.sys
2015-08-10 17:27:27 429816 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\symnets.sys
2015-08-10 17:27:27 358104 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\symtdiv.sys
2015-08-10 17:27:27 234744 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\Ironx86.sys
2015-08-10 17:27:27 22144 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\SymELAM.sys
2015-08-10 17:27:27 137456 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\ccSetx86.sys
2015-08-10 17:27:27 1286896 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\SymEFASI.sys
2015-08-10 17:27:16 178057 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\SymVTcer.dat
2015-08-10 17:27:16 -------- d-----w- c:\windows\system32\drivers\n360\1605020.00F
2015-08-05 04:03:08 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-05 04:03:08 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
.
==================== Find3M ====================
.
2015-08-12 18:14:06 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 18:14:05 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-10 17:28:06 103152 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2015-07-22 20:45:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-07-22 20:44:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-07-22 20:44:39 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-07-22 20:43:19 11776 ----a-w- c:\windows\system32\mshta.exe
2015-07-03 16:04:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-06-27 16:03:22 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02:55 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02:34 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01:58 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21:13 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21:10 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-17 16:50:20 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09:17 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-17 05:01:52 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-06-12 16:01:52 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13:52 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
============= FINISH: 7:09:18.23 ===============
Attached Files
File Type: txt attach.txt (9.8 KB, 54 views)
QueenDawn1 is offline  
Sponsored Links
Advertisement
 
Old 09-02-2015, 04:54 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello QueenDawn1

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 09-03-2015, 04:48 AM   #3
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



Okay Norton kept removing the farber scan tool so I had to restore it and I do not know where it was loaded to because it just popped up for me to scan it did not give me an option of where to put it ... But other then that I was able to run the scan and am attaching the logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Jenks (administrator) on JENKS-PC (03-09-2015 07:27:12)
Running from C:\Users\Jenks\Downloads
Loaded Profiles: Jenks (Available Profiles: Jenks)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell Photo P703w AIO Printer\Printer\Center\dlSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(iWin Inc.) C:\Program Files\iWin Games\iWinTrusted.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Dell Inc.) C:\Windows\System32\spool\drivers\w32x86\3\DLKAMUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [57344 2007-08-09] (Primax Electronics Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [DLKAStatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\DLKAMUI.exe [1331200 2009-09-05] (Dell Inc.)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-12] (SigmaTel, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-08-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [GoogleChromeAutoLaunch_2279C6B37BEDCA0A05ED35B19AC84A13] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-11-29] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-06-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2011-06-08]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-12-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{BD1A4011-0564-4F16-B577-5ACFD0F386A8}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=1590&gct=hp
SearchScopes: HKLM -> DefaultScope {6BE0F4BA-F07E-45E6-8FCA-F05B27091DBB} URL =
SearchScopes: HKLM -> {a17cc547-016c-4a35-a95b-de64acafa170} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=NP01DF&PC=NP01&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=NP01DF&PC=NP01&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> {a17cc547-016c-4a35-a95b-de64acafa170} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-05] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default
FF SearchEngineOrder.1: Blekko
FF SelectedSearchEngine: WhiteSmoke New Customized Web Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3542476646-4194484312-2243041315-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Jenks\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3542476646-4194484312-2243041315-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\user.js [2011-07-15]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\searchplugins\4-loot.xml [2011-07-25]
FF SearchPlugin: C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\searchplugins\safesearch.xml [2015-08-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\search.xml [2012-05-10]
FF Extension: 4Loot Toolbar - C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\Extensions\{f5f7ac00-9939-4a64-9198-5d4a5cf5f149}.xpi [2011-07-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-09-03]
FF Extension: No Name - C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-06-07]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-08]
CHR Extension: (Google Docs) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-08]
CHR Extension: (Google Drive) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-08]
CHR Extension: (YouTube) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-08]
CHR Extension: (Adblock Plus) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-11]
CHR Extension: (Google Search) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-08]
CHR Extension: (Tampermonkey) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-07-08]
CHR Extension: (Block site) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-08]
CHR Extension: (Google Sheets) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-08]
CHR Extension: (Gmail) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-08-12] (SUPERAntiSpyware.com)
R2 dlSvc; C:\Program Files\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe [28672 2008-11-17] (Dell Inc.) [File not signed]
R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [176848 2011-04-08] (iWin Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [235696 2015-06-26] (McAfee, Inc.)
R2 N360; C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1931632 2015-04-29] (Electronic Arts)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6324208 2015-08-19] (Reimage®)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx86.sys [1181936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1605020.00F\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-07-27] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20150902.001\IDSvix86.sys [580856 2015-08-28] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150902.002\NAVENG.SYS [104440 2015-08-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150902.002\NAVEX15.SYS [1645432 2015-08-26] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-11-29] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1605020.00F\SRTSP.SYS [711408 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1605020.00F\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\N360\1605020.00F\SYMEFASI.SYS [1286896 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-08-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1605020.00F\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1605020.00F\SYMTDIV.SYS [358104 2015-07-10] (Symantec Corporation)
S3 cpuz134; \??\C:\Users\Jenks\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 EraserUtilDrv11310; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11310.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-03 07:27 - 2015-09-03 07:28 - 00023096 _____ C:\Users\Jenks\Downloads\FRST.txt
2015-09-03 07:25 - 2015-09-03 07:27 - 00000000 ____D C:\FRST
2015-09-03 07:25 - 2015-09-03 07:25 - 01690624 _____ (Farbar) C:\Users\Jenks\Downloads\frst.exe
2015-09-02 07:10 - 2015-09-02 07:10 - 00010046 _____ C:\Users\Jenks\Desktop\attach.txt
2015-09-02 07:10 - 2015-09-02 07:09 - 00020006 _____ C:\Users\Jenks\Desktop\dds.txt
2015-09-02 07:08 - 2015-09-02 07:08 - 00688992 ____R (Swearware) C:\Users\Jenks\Downloads\dds.scr
2015-09-01 12:14 - 2015-09-01 12:14 - 00007340 _____ C:\Windows\PFRO.log
2015-09-01 08:45 - 2015-09-01 08:45 - 00000000 ____D C:\SUPERDelete
2015-09-01 07:55 - 2015-09-01 08:45 - 00000000 ____D C:\Program Files\Reimage
2015-09-01 07:55 - 2015-09-01 07:56 - 00000000 ____D C:\rei
2015-09-01 07:55 - 2015-09-01 07:55 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-09-01 07:54 - 2015-09-01 07:56 - 00000139 _____ C:\Windows\Reimage.ini
2015-09-01 07:54 - 2015-09-01 07:54 - 00772016 _____ (Reimage®) C:\Users\Jenks\Downloads\ReimageRepair.exe
2015-08-20 07:01 - 2015-08-14 19:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 07:01 - 2015-08-14 18:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-20 07:01 - 2015-08-14 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 13:58 - 2015-08-19 13:58 - 00008665 _____ C:\Users\Jenks\Downloads\CLERICAL VIDEO.mht
2015-08-17 11:26 - 2015-08-17 11:26 - 00342924 _____ C:\Users\Jenks\Downloads\payment.html
2015-08-14 15:46 - 2015-08-14 15:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jenks\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-14 15:46 - 2015-08-14 15:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jenks\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-14 00:23 - 2015-08-14 00:23 - 00000000 ____D C:\ProgramData\Emsisoft
2015-08-14 00:04 - 2015-08-14 15:42 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-08-14 00:03 - 2015-08-14 00:03 - 172891368 _____ (Emsisoft Ltd. ) C:\Users\Jenks\Downloads\EmsisoftAntiMalwareSetup.exe
2015-08-13 05:30 - 2015-07-21 16:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 05:30 - 2015-07-21 12:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 05:30 - 2015-07-21 12:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 05:30 - 2015-07-21 12:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-13 05:30 - 2015-07-21 12:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 05:30 - 2015-07-21 12:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-13 05:30 - 2015-07-21 12:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 05:30 - 2015-07-21 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 05:27 - 2015-07-31 15:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 05:27 - 2015-07-09 10:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-13 05:17 - 2015-07-11 11:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 04:55 - 2015-07-18 12:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 04:54 - 2015-07-10 15:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 04:54 - 2015-07-10 15:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 04:53 - 2015-07-31 18:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 04:53 - 2015-07-31 17:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-13 04:53 - 2015-07-31 17:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-13 04:53 - 2015-07-31 17:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-13 04:53 - 2015-07-31 17:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-13 04:53 - 2015-07-31 16:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 04:53 - 2015-07-31 16:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-13 04:53 - 2015-07-31 16:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-13 04:53 - 2015-07-31 16:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 04:53 - 2015-07-31 16:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 04:53 - 2015-07-31 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 04:53 - 2015-07-31 16:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 04:52 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 04:52 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 04:52 - 2015-07-01 11:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 04:51 - 2015-07-21 12:04 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 16:40 - 2015-08-12 16:40 - 00001357 _____ C:\Users\Jenks\Downloads\dirty-dancing_633.ics
2015-08-12 10:23 - 2015-07-22 16:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 10:23 - 2015-07-22 16:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 10:23 - 2015-07-22 16:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-12 10:23 - 2015-07-22 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 10:23 - 2015-07-22 16:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 10:23 - 2015-07-22 16:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 10:23 - 2015-07-22 16:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 10:23 - 2015-07-22 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 10:23 - 2015-07-22 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 10:23 - 2015-07-22 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-12 10:23 - 2015-07-22 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-12 10:23 - 2015-07-22 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-12 10:22 - 2015-07-22 16:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 10:22 - 2015-07-22 16:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 10:22 - 2015-07-22 16:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 10:22 - 2015-07-22 16:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 10:22 - 2015-07-22 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 10:22 - 2015-07-22 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 10:22 - 2015-07-22 16:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 07:17 - 2015-08-11 07:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-08-07 14:21 - 2015-08-07 14:21 - 00128580 _____ C:\Users\Jenks\Downloads\PGRDeclarationsPage.html
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-03 07:22 - 2006-11-02 06:33 - 00758946 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-03 07:18 - 2011-06-08 07:34 - 01832633 _____ C:\Windows\WindowsUpdate.log
2015-09-03 07:14 - 2011-07-27 10:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-03 07:14 - 2011-07-27 10:49 - 00000308 _____ C:\Windows\Tasks\WinMaximizer-Jenks-Startup.job
2015-09-03 07:14 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 07:14 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 07:14 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 00:56 - 2011-06-08 07:35 - 00002051 _____ C:\Windows\bthservsdp.dat
2015-09-03 00:56 - 2006-11-02 09:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-03 00:14 - 2012-04-21 08:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-02 23:36 - 2011-07-27 10:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 17:15 - 2012-12-13 21:54 - 00002627 _____ C:\Users\Jenks\Desktop\Microsoft Word.lnk
2015-09-01 09:00 - 2015-03-25 14:44 - 00000000 ____D C:\Windows\Minidump
2015-09-01 09:00 - 2011-07-06 20:42 - 00000000 ____D C:\Users\Jenks\AppData\Local\CrashDumps
2015-09-01 09:00 - 2009-04-11 13:03 - 00000000 ____D C:\Windows\Panther
2015-08-31 09:49 - 2011-07-25 23:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-30 21:08 - 2011-06-08 13:21 - 00000000 ____D C:\Users\Jenks\Documents\Bluetooth Exchange Folder
2015-08-23 08:50 - 2013-03-28 21:16 - 00000000 ____D C:\Program Files\TomTom HOME 2
2015-08-23 08:50 - 2011-06-08 14:15 - 00000000 ____D C:\Program Files\iWin Games
2015-08-20 22:32 - 2015-07-08 18:02 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-14 15:39 - 2006-11-02 08:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-14 15:38 - 2011-06-10 08:55 - 00000000 ____D C:\Program Files\Bonjour
2015-08-13 06:15 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-13 06:01 - 2006-11-02 08:47 - 00271672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 06:00 - 2011-07-03 17:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 05:58 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-13 05:31 - 2011-08-10 22:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 05:30 - 2011-07-03 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 05:14 - 2013-07-11 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 04:56 - 2006-11-02 06:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 14:14 - 2012-04-21 08:46 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 14:14 - 2011-06-08 17:21 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 06:18 - 2011-06-08 13:06 - 00000000 ____D C:\Program Files\Digital Line Detect
2015-08-11 23:14 - 2011-07-04 00:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-08-11 07:20 - 2011-07-04 00:01 - 00000000 ____D C:\ProgramData\Norton
2015-08-11 07:17 - 2013-11-26 13:58 - 00002100 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-08-11 07:17 - 2011-07-04 00:02 - 00000000 ____D C:\Windows\system32\Drivers\N360
2015-08-10 13:28 - 2011-07-04 00:03 - 00103152 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2015-08-10 13:28 - 2011-07-04 00:03 - 00008178 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2015-08-08 10:44 - 2011-06-08 14:16 - 00000000 ____D C:\ProgramData\TEMP
2015-08-05 04:09 - 2011-07-04 00:01 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== Files in the root of some directories =======

2013-07-01 14:36 - 2013-07-01 14:36 - 0000036 _____ () C:\Users\Jenks\AppData\Roaming\mbam.context.scan
2012-12-25 15:59 - 2013-01-21 17:30 - 0000663 _____ () C:\Users\Jenks\AppData\Local\cookies.ini
2011-06-26 18:30 - 2013-10-17 00:10 - 0000680 _____ () C:\Users\Jenks\AppData\Local\d3d9caps.dat
2011-06-15 17:15 - 2013-08-11 09:14 - 0015872 _____ () C:\Users\Jenks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-23 11:33 - 2011-06-23 11:42 - 0077538 _____ () C:\Users\Jenks\AppData\Local\installer.log
2011-06-08 17:41 - 2011-06-08 17:41 - 0005003 _____ () C:\ProgramData\gtxhlulu.rrk
2012-01-14 13:04 - 2012-01-14 13:04 - 0005007 _____ () C:\ProgramData\vmkofzys.vtc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-03 07:21

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Jenks (2015-09-03 07:28:23)
Running from C:\Users\Jenks\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3542476646-4194484312-2243041315-500 - Administrator - Disabled)
Guest (S-1-5-21-3542476646-4194484312-2243041315-501 - Limited - Disabled)
Jenks (S-1-5-21-3542476646-4194484312-2243041315-1000 - Administrator - Enabled) => C:\Users\Jenks

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
aiofw (Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
aioocr (Version: 1.00.0000.0001 - kodak) Hidden
aioprnt (Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (Version: 2.00.0000.0000 - Dell Inc.) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.1116.2137 - )
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.2.0.6 - )
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
BOTOHOLIC (HKLM\...\BOTOHOLIC) (Version: 1.0 - Breakpoint Software Development)
Build-a-lot 2: Town of the Year (HKLM\...\BFG-Build-a-lot 2 - Town of the Year) (Version: - )
ccc-core-static (Version: 2007.1116.2138.38649 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
center (Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Cooking Academy (HKLM\...\BFG-Cooking Academy) (Version: - )
Cooking Academy 2 (remove only) (HKLM\...\Cooking Academy 2) (Version: - )
Cooking Academy 3: Recipe For Success (HKLM\...\Cooking Academy 3: Recipe For Success) (Version: 32.0.0.0 - Shockwave.com)
Cooking Dash (remove only) (HKLM\...\Cooking Dash) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Daycare Nightmare (remove only) (HKLM\...\Daycare Nightmare) (Version: - )
Dell Driver Download Manager (HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Photo P703w AIO Printer (HKLM\...\{DF56288E-E66B-4F3F-81FE-03AE4F63F049}) (Version: 2.0.0.0 - Dell Company)
Dell Photo P703w WiFi Config Utility (Version: 1.0.4 - Dell) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dreamscapes: The Sandman (HKLM\...\Dreamscapes: The Sandman) (Version: 4.0.1.62181 - iWin.com)
Escape From Paradise (HKLM\...\BFG-Escape From Paradise) (Version: - )
FrostWire 5.1.5 (HKLM\...\FrostWire 5) (Version: 5.1.5.0 - FrostWire Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Grimm Reaper: Hidden Tales (HKLM\...\BFG-Grimm Reaper Hidden Tales) (Version: - )
Help_CTR (Version: 2.00.0000.000 - Eastman Kodak Company) Hidden
helpug (Version: 2.00.0000.0000 - kodak) Hidden
Home Sweet Home 2: Kitchens and Baths (HKLM\...\Home Sweet Home 2: Kitchens and Baths) (Version: - iWin.com)
Home Sweet Home: Christmas Edition (remove only) (HKLM\...\Home Sweet Home: Christmas Edition) (Version: - )
Hot Dish (HKLM\...\BFG-Hot Dish) (Version: - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections 12.1.12.4 (HKLM\...\PROSetDX) (Version: - Dell)
iTunes (HKLM\...\{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}) (Version: 10.3.1.55 - Apple Inc.)
iWin Games (remove only) (HKLM\...\iWinArcade) (Version: - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
ksDIP (Version: 2.00.0000.0000 - Dell Inc.) Hidden
Learning Lodge Navigator (HKLM\...\VTechDownloadManager) (Version: - VTech)
Luxor 2 (remove only) (HKLM\...\Luxor 2) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Miss Management (HKLM\...\BFG-Miss Management) (Version: - )
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.28.0 - Dell)
Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
Mozilla Firefox 8.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 8.0.1 (x86 en-US)) (Version: 8.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Norton Security Suite (HKLM\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OLYMPUS Raw Codec (HKLM\...\{5EA05D7F-5645-4068-A60F-0DCF8FBFD267}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SFR (Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
Skins (Version: 2007.1116.2138.38649 - ATI) Hidden
Spa Mania (HKLM\...\BFG-Spa Mania) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.55.1000 - SUPERAntiSpyware.com)
Supple (remove only) (HKLM\...\Supple) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tropix 1.5 (HKLM\...\Tropix) (Version: 1.5 - Robot Super Brain, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Villagers: New Believers (HKLM\...\BFG-Virtual Villagers - New Believers) (Version: - )
VoiceOver Kit (HKLM\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
Wedding Dash (HKLM\...\BFG-Wedding Dash) (Version: - )
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yard Sale Hidden Treasures: Lucky Junction (HKLM\...\BFG-Yard Sale Hidden Treasures - Lucky Junction) (Version: - )
Yard Sale Hidden Treasures: Sunnyville (HKLM\...\BFG-Yard Sale Hidden Treasures - Sunnyville) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

05-08-2015 00:20:39 Scheduled Checkpoint
06-08-2015 00:11:43 Scheduled Checkpoint
07-08-2015 00:00:02 Scheduled Checkpoint
08-08-2015 00:51:14 Scheduled Checkpoint
09-08-2015 00:00:02 Scheduled Checkpoint
10-08-2015 02:55:10 Scheduled Checkpoint
13-08-2015 04:50:59 Windows Update
14-08-2015 15:37:10 Removed Bonjour
20-08-2015 06:59:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2015-07-31 12:15 - 00000791 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018ED58E-48A9-4399-9069-AEF89C439FB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {18EB154D-321E-4D1C-9FB2-A1056DB32059} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {2A55FD9F-DA11-4EB9-9F3C-8A553AF44406} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {7C85FAFE-4A97-45A5-BEB3-A3808DA74478} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {89B23AC6-C815-44EE-B8A6-38E957133CC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8B0DC45E-B684-4B6C-9662-F98360D1D11B} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {90EFEB85-72D2-4124-AF03-3D22BCBEB439} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {9B5C1F7A-C158-4BE8-A6B2-71F7F6B8DD88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {9E058E08-0A86-4E15-A0D9-1B154FFAEB71} - System32\Tasks\{D549D8B8-65CF-4000-A292-DCDFDFF807C7} => pcalua.exe -a "C:\Program Files\BOTOHOLIC\Uninstall.exe"
Task: {A4E431AB-7DD3-42FC-BC14-DF5F1DE4A65C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BBC24312-BE0F-415A-9AC9-B6143A666869} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {C0E65225-69E8-41AB-A04E-F045D0444E1B} - System32\Tasks\WinMaximizer-Jenks-Startup => C:\Program Files\WinMaximizer\WinMaximizer.exe
Task: {DA08A52C-8BAC-4861-A860-BA94B53CDDF0} - System32\Tasks\LAUNCH CDPCO => C:\Program Files\CyberDefender\PC Optimizer\CDPCO.exe
Task: {FA472A2C-C817-42FA-A5B3-88353EDEB0EA} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe [2011-04-08] (iWin Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WinMaximizer-Jenks-Startup.job => C:\Program Files\WinMaximizer\WinMaximizer.exe

==================== Loaded Modules (Whitelisted) ==============

2011-06-07 16:59 - 2008-02-14 04:13 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-05-26 13:42 - 2011-05-26 13:42 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-05 05:40 - 2012-11-05 04:50 - 00377800 _____ () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
2012-11-05 05:40 - 2010-06-23 21:16 - 02150400 _____ () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
2012-11-05 05:40 - 2010-07-13 09:07 - 07826432 _____ () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
2012-11-05 05:40 - 2010-06-01 22:29 - 00934912 _____ () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
2012-11-05 05:40 - 2010-06-01 22:28 - 00335360 _____ () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
2012-11-05 05:40 - 2012-08-06 05:54 - 09843640 _____ () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
2012-11-05 05:40 - 2010-06-01 22:56 - 00232960 _____ () C:\Program Files\VTech\DownloadManager\System\phonon4.dll
2012-11-05 05:40 - 2010-06-01 22:54 - 02530816 _____ () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-11-05 05:40 - 2010-07-05 05:19 - 00116736 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-11-05 05:40 - 2010-11-11 05:24 - 00028160 _____ () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
2012-11-05 05:40 - 2010-06-02 01:05 - 00119808 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2007-02-13 12:14 - 2007-02-13 12:14 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2007-02-13 12:33 - 2007-02-13 12:33 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-08-20 22:32 - 2015-08-18 01:23 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:008FE370
AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:021703B2
AlternateDataStreams: C:\ProgramData\TEMP:02172F27
AlternateDataStreams: C:\ProgramData\TEMP:0474F714
AlternateDataStreams: C:\ProgramData\TEMP:07C99568
AlternateDataStreams: C:\ProgramData\TEMP:0AF3C3DF
AlternateDataStreams: C:\ProgramData\TEMP:0B55751B
AlternateDataStreams: C:\ProgramData\TEMP:0BACBDD9
AlternateDataStreams: C:\ProgramData\TEMP:0DFE2AE1
AlternateDataStreams: C:\ProgramData\TEMP:0FAE191E
AlternateDataStreams: C:\ProgramData\TEMP:1379054C
AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6
AlternateDataStreams: C:\ProgramData\TEMP:15734396
AlternateDataStreams: C:\ProgramData\TEMP:15D9664E
AlternateDataStreams: C:\ProgramData\TEMP:18897B1D
AlternateDataStreams: C:\ProgramData\TEMP:18B241CC
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2339C9FD
AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:282CE153
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:29058F8B
AlternateDataStreams: C:\ProgramData\TEMP:298B8F0F
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2D2461E7
AlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6
AlternateDataStreams: C:\ProgramData\TEMP:31F2397C
AlternateDataStreams: C:\ProgramData\TEMP:345A9A38
AlternateDataStreams: C:\ProgramData\TEMP:355DEA9D
AlternateDataStreams: C:\ProgramData\TEMP:393F7B1E
AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:3D1D487A
AlternateDataStreams: C:\ProgramData\TEMP:3D922890
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:42C1964D
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:43982D5E
AlternateDataStreams: C:\ProgramData\TEMP:48FEA089
AlternateDataStreams: C:\ProgramData\TEMP:4D51EA2B
AlternateDataStreams: C:\ProgramData\TEMP:50868536
AlternateDataStreams: C:\ProgramData\TEMP:5539129F
AlternateDataStreams: C:\ProgramData\TEMP:55C54F7C
AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2
AlternateDataStreams: C:\ProgramData\TEMP:60A4BB64
AlternateDataStreams: C:\ProgramData\TEMP:66AEA02C
AlternateDataStreams: C:\ProgramData\TEMP:69F562A6
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0
AlternateDataStreams: C:\ProgramData\TEMP:6BEADDC0
AlternateDataStreams: C:\ProgramData\TEMP:6DA18708
AlternateDataStreams: C:\ProgramData\TEMP:6ECD2470
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:709E81D4
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:76682252
AlternateDataStreams: C:\ProgramData\TEMP:80B291A7
AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA
AlternateDataStreams: C:\ProgramData\TEMP:848CC150
AlternateDataStreams: C:\ProgramData\TEMP:8866C899
AlternateDataStreams: C:\ProgramData\TEMP:8DA9DB01
AlternateDataStreams: C:\ProgramData\TEMP:95079543
AlternateDataStreams: C:\ProgramData\TEMP:9510DF8F
AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
AlternateDataStreams: C:\ProgramData\TEMP:99515FFA
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:9C3AAD57
AlternateDataStreams: C:\ProgramData\TEMP:9CD3B6D1
AlternateDataStreams: C:\ProgramData\TEMP:9E05DEB0
AlternateDataStreams: C:\ProgramData\TEMP:9E3E060F
AlternateDataStreams: C:\ProgramData\TEMP:A13B696A
AlternateDataStreams: C:\ProgramData\TEMP:A2B3764A
AlternateDataStreams: C:\ProgramData\TEMP:A561576B
AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AE0B4487
AlternateDataStreams: C:\ProgramData\TEMP:B093E177
AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69
AlternateDataStreams: C:\ProgramData\TEMP:B317D7ED
AlternateDataStreams: C:\ProgramData\TEMP:B33464A5
AlternateDataStreams: C:\ProgramData\TEMP:B3C7433B
AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D
AlternateDataStreams: C:\ProgramData\TEMP:B61767F5
AlternateDataStreams: C:\ProgramData\TEMP:B80659FA
AlternateDataStreams: C:\ProgramData\TEMP:BB718C46
AlternateDataStreams: C:\ProgramData\TEMP:C370B84F
AlternateDataStreams: C:\ProgramData\TEMP:C3AD9507
AlternateDataStreams: C:\ProgramData\TEMP:C76BA037
AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D434342F
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D4F5419A
AlternateDataStreams: C:\ProgramData\TEMP:D53D29CC
AlternateDataStreams: C:\ProgramData\TEMP:D6D87980
AlternateDataStreams: C:\ProgramData\TEMP:D7DA89B1
AlternateDataStreams: C:\ProgramData\TEMP:DB2BB17F
AlternateDataStreams: C:\ProgramData\TEMP:DD24DCF8
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:DFFB9E98
AlternateDataStreams: C:\ProgramData\TEMP:E7730732
AlternateDataStreams: C:\ProgramData\TEMP:E8B61305
AlternateDataStreams: C:\ProgramData\TEMP:E8BE0B80
AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66
AlternateDataStreams: C:\ProgramData\TEMP:E94FA418
AlternateDataStreams: C:\ProgramData\TEMP:E9900C74
AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553
AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047
AlternateDataStreams: C:\ProgramData\TEMP:EA701346
AlternateDataStreams: C:\ProgramData\TEMP:EBFD4E6F
AlternateDataStreams: C:\ProgramData\TEMP:ED92736E
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE9B2879
AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33
AlternateDataStreams: C:\ProgramData\TEMP:F1381B87
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F2EDC57C
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF
AlternateDataStreams: C:\ProgramData\TEMP:F67AAFC5
AlternateDataStreams: C:\ProgramData\TEMP:F7BF538D
AlternateDataStreams: C:\ProgramData\TEMP:F817E159
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\Users\Jenks\Downloads\Fwd Are you the couple for me - w4mw - 43 (lansing).msg.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jenks\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{33398398-C3CC-4A83-BE41-AE8EC3D4F609}] => (Allow) LPort=80
FirewallRules: [{D0D1FB9B-D2DA-4A8F-8EEA-21638BEEAA20}] => (Allow) LPort=80
FirewallRules: [{B51268C6-208C-4229-B663-323A73FE4C05}] => (Allow) LPort=80
FirewallRules: [{40023BBD-710E-4DBE-9509-72209178E9C1}] => (Allow) C:\Program Files\iWin Games\iWinGames.exe
FirewallRules: [{08EA8DEA-3FD8-4B8A-BE6E-F4DCE7AC9B13}] => (Allow) C:\Program Files\iWin Games\iWinGames.exe
FirewallRules: [{53DDC66C-4B36-41E8-A404-DDB5739DF6FA}] => (Allow) C:\Program Files\iWin Games\WebUpdater.exe
FirewallRules: [{15BF93E1-D35E-4C5E-A775-865A0E95C39B}] => (Allow) C:\Program Files\iWin Games\WebUpdater.exe
FirewallRules: [{5A7A0712-631F-476A-A4C5-376F22E9C76F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB3D899D-B6C2-4246-AB88-F7F245D2029A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{069EF0CA-B275-43B4-9037-AF128AB4FDC3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{75AB2BC9-29C1-437A-B75B-26CE5B3E7323}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{B2E65F20-1FC2-41A9-9BA2-F88F4195899A}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{913AF5AB-F7B5-45BA-93AD-9350A73D2998}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{02A84122-9ACE-48C6-BC80-C7EBB117BAB3}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{9FCBFE68-4CD6-4FB9-939B-B7DD31EF80B3}] => (Allow) C:\Program Files\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{1CBC7D12-6E92-45F5-9C7D-6FBC49C68D7A}] => (Allow) C:\Program Files\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{8E0F7666-6C30-44C8-8268-3D16B31C9EB4}] => (Allow) C:\Program Files\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{735A6575-2F62-48FB-83D0-8A0C42805DC7}] => (Allow) C:\Program Files\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{624E7ACB-834B-4332-A8C0-114FD2EA060C}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{C712622E-6D87-47E9-A412-6547B497598A}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{4396CED0-46AD-4DB0-8C54-D592D7BB8D1F}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{79DBE733-C341-45A4-A937-818649A03393}] => (Allow) LPort=2869
FirewallRules: [{D45F3967-E5EC-4953-A317-626E1C16B9FB}] => (Allow) LPort=1900
FirewallRules: [{AA0BF2A6-1542-4E5B-A9BE-0C5625781C28}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5BC756E8-A43D-4271-89C9-70EBF7CFCF95}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2015 07:29:37 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:29:37 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:16:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 07:15:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 12:56:28 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (09/03/2015 07:16:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (09/03/2015 07:14:56 AM) (Source: Dhcpv6) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address &B@ on the Network Card with network address 001D091F1F3F.

Error: (09/02/2015 09:57:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (09/02/2015 09:56:24 PM) (Source: Dhcpv6) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address &B@ on the Network Card with network address 001D091F1F3F.

Error: (09/02/2015 09:56:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:33:52 PM on 9/2/2015 was unexpected.

Error: (09/02/2015 09:27:22 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/02/2015 09:23:52 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/02/2015 09:20:52 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/02/2015 09:17:52 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/02/2015 09:14:52 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-09-01 08:46:36.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:36.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:36.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:35.991
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:21.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:20.844
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:20.544
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:20.260
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:06.586
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:06.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 3325.03 MB
Available physical RAM: 1684.52 MB
Total Virtual: 6853.07 MB
Available Virtual: 5226.41 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.41 GB) (Free:69.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=916.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
QueenDawn1 is offline  
Sponsored Links
Advertisement
 
Old 09-03-2015, 11:49 PM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Please do the following steps.

STEP 1

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

iWin Games >>>>>>>> read
Reimage >>>>>>>> read
Reimage Protector >>> read

========================================================

STEP 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (10.1 KB, 32 views)
__________________
tekir06 is offline  
Old 09-04-2015, 05:13 AM   #5
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



Okay I hope this worked my computer keeps deleting the FRST and I have to get it to allow it ....also I could not find reimage to remove it ...but I did finally get it to run so here is the log


Fix result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Jenks (2015-09-04 08:01:06) Run:2
Running from C:\Users\Jenks\Downloads
Loaded Profiles: Jenks (Available Profiles: Jenks)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=1590&gct=hp
SearchScopes: HKLM -> DefaultScope {6BE0F4BA-F07E-45E6-8FCA-F05B27091DBB} URL =
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
FF Extension: 4Loot Toolbar - C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\Extensions\{f5f7ac00-9939-4a64-9198-5d4a5cf5f149}.xpi [2011-07-25]
R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6324208 2015-08-19] (Reimage®)
2015-09-01 07:55 - 2015-09-01 08:45 - 00000000 ____D C:\Program Files\Reimage
2015-09-01 07:55 - 2015-09-01 07:55 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-09-01 07:54 - 2015-09-01 07:56 - 00000139 _____ C:\Windows\Reimage.ini
2015-09-01 07:54 - 2015-09-01 07:54 - 00772016 _____ (Reimage®) C:\Users\Jenks\Downloads\ReimageRepair.exe
2015-08-23 08:50 - 2011-06-08 14:15 - 00000000 ____D C:\Program Files\iWin Games
2011-06-08 17:41 - 2011-06-08 17:41 - 0005003 _____ () C:\ProgramData\gtxhlulu.rrk
2012-01-14 13:04 - 2012-01-14 13:04 - 0005007 _____ () C:\ProgramData\vmkofzys.vtc
Task: {8B0DC45E-B684-4B6C-9662-F98360D1D11B} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {90EFEB85-72D2-4124-AF03-3D22BCBEB439} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {FA472A2C-C817-42FA-A5B3-88353EDEB0EA} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe [2011-04-08] (iWin Inc.)
AlternateDataStreams: C:\ProgramData\TEMP:008FE370
AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:021703B2
AlternateDataStreams: C:\ProgramData\TEMP:02172F27
AlternateDataStreams: C:\ProgramData\TEMP:0474F714
AlternateDataStreams: C:\ProgramData\TEMP:07C99568
AlternateDataStreams: C:\ProgramData\TEMP:0AF3C3DF
AlternateDataStreams: C:\ProgramData\TEMP:0B55751B
AlternateDataStreams: C:\ProgramData\TEMP:0BACBDD9
AlternateDataStreams: C:\ProgramData\TEMP:0DFE2AE1
AlternateDataStreams: C:\ProgramData\TEMP:0FAE191E
AlternateDataStreams: C:\ProgramData\TEMP:1379054C
AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6
AlternateDataStreams: C:\ProgramData\TEMP:15734396
AlternateDataStreams: C:\ProgramData\TEMP:15D9664E
AlternateDataStreams: C:\ProgramData\TEMP:18897B1D
AlternateDataStreams: C:\ProgramData\TEMP:18B241CC
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2339C9FD
AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:282CE153
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:29058F8B
AlternateDataStreams: C:\ProgramData\TEMP:298B8F0F
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2D2461E7
AlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6
AlternateDataStreams: C:\ProgramData\TEMP:31F2397C
AlternateDataStreams: C:\ProgramData\TEMP:345A9A38
AlternateDataStreams: C:\ProgramData\TEMP:355DEA9D
AlternateDataStreams: C:\ProgramData\TEMP:393F7B1E
AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:3D1D487A
AlternateDataStreams: C:\ProgramData\TEMP:3D922890
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:42C1964D
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:43982D5E
AlternateDataStreams: C:\ProgramData\TEMP:48FEA089
AlternateDataStreams: C:\ProgramData\TEMP:4D51EA2B
AlternateDataStreams: C:\ProgramData\TEMP:50868536
AlternateDataStreams: C:\ProgramData\TEMP:5539129F
AlternateDataStreams: C:\ProgramData\TEMP:55C54F7C
AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2
AlternateDataStreams: C:\ProgramData\TEMP:60A4BB64
AlternateDataStreams: C:\ProgramData\TEMP:66AEA02C
AlternateDataStreams: C:\ProgramData\TEMP:69F562A6
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0
AlternateDataStreams: C:\ProgramData\TEMP:6BEADDC0
AlternateDataStreams: C:\ProgramData\TEMP:6DA18708
AlternateDataStreams: C:\ProgramData\TEMP:6ECD2470
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:709E81D4
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:76682252
AlternateDataStreams: C:\ProgramData\TEMP:80B291A7
AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA
AlternateDataStreams: C:\ProgramData\TEMP:848CC150
AlternateDataStreams: C:\ProgramData\TEMP:8866C899
AlternateDataStreams: C:\ProgramData\TEMP:8DA9DB01
AlternateDataStreams: C:\ProgramData\TEMP:95079543
AlternateDataStreams: C:\ProgramData\TEMP:9510DF8F
AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
AlternateDataStreams: C:\ProgramData\TEMP:99515FFA
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:9C3AAD57
AlternateDataStreams: C:\ProgramData\TEMP:9CD3B6D1
AlternateDataStreams: C:\ProgramData\TEMP:9E05DEB0
AlternateDataStreams: C:\ProgramData\TEMP:9E3E060F
AlternateDataStreams: C:\ProgramData\TEMP:A13B696A
AlternateDataStreams: C:\ProgramData\TEMP:A2B3764A
AlternateDataStreams: C:\ProgramData\TEMP:A561576B
AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AE0B4487
AlternateDataStreams: C:\ProgramData\TEMP:B093E177
AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69
AlternateDataStreams: C:\ProgramData\TEMP:B317D7ED
AlternateDataStreams: C:\ProgramData\TEMP:B33464A5
AlternateDataStreams: C:\ProgramData\TEMP:B3C7433B
AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D
AlternateDataStreams: C:\ProgramData\TEMP:B61767F5
AlternateDataStreams: C:\ProgramData\TEMP:B80659FA
AlternateDataStreams: C:\ProgramData\TEMP:BB718C46
AlternateDataStreams: C:\ProgramData\TEMP:C370B84F
AlternateDataStreams: C:\ProgramData\TEMP:C3AD9507
AlternateDataStreams: C:\ProgramData\TEMP:C76BA037
AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D434342F
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D4F5419A
AlternateDataStreams: C:\ProgramData\TEMP:D53D29CC
AlternateDataStreams: C:\ProgramData\TEMP:D6D87980
AlternateDataStreams: C:\ProgramData\TEMP:D7DA89B1
AlternateDataStreams: C:\ProgramData\TEMP:DB2BB17F
AlternateDataStreams: C:\ProgramData\TEMP:DD24DCF8
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:DFFB9E98
AlternateDataStreams: C:\ProgramData\TEMP:E7730732
AlternateDataStreams: C:\ProgramData\TEMP:E8B61305
AlternateDataStreams: C:\ProgramData\TEMP:E8BE0B80
AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66
AlternateDataStreams: C:\ProgramData\TEMP:E94FA418
AlternateDataStreams: C:\ProgramData\TEMP:E9900C74
AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553
AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047
AlternateDataStreams: C:\ProgramData\TEMP:EA701346
AlternateDataStreams: C:\ProgramData\TEMP:EBFD4E6F
AlternateDataStreams: C:\ProgramData\TEMP:ED92736E
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE9B2879
AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33
AlternateDataStreams: C:\ProgramData\TEMP:F1381B87
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F2EDC57C
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF
AlternateDataStreams: C:\ProgramData\TEMP:F67AAFC5
AlternateDataStreams: C:\ProgramData\TEMP:F7BF538D
AlternateDataStreams: C:\ProgramData\TEMP:F817E159
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\Users\Jenks\Downloads\Fwd Are you the couple for me - w4mw - 43 (lansing).msg.eml:OECustomProperty
FirewallRules: [{33398398-C3CC-4A83-BE41-AE8EC3D4F609}] => (Allow) LPort=80
FirewallRules: [{D0D1FB9B-D2DA-4A8F-8EEA-21638BEEAA20}] => (Allow) LPort=80
FirewallRules: [{B51268C6-208C-4229-B663-323A73FE4C05}] => (Allow) LPort=80
FirewallRules: [{40023BBD-710E-4DBE-9509-72209178E9C1}] => (Allow) C:\Program Files\iWin Games\iWinGames.exe
FirewallRules: [{08EA8DEA-3FD8-4B8A-BE6E-F4DCE7AC9B13}] => (Allow) C:\Program Files\iWin Games\iWinGames.exe
FirewallRules: [{75AB2BC9-29C1-437A-B75B-26CE5B3E7323}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{B2E65F20-1FC2-41A9-9BA2-F88F4195899A}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{913AF5AB-F7B5-45BA-93AD-9350A73D2998}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{02A84122-9ACE-48C6-BC80-C7EBB117BAB3}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{624E7ACB-834B-4332-A8C0-114FD2EA060C}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{C712622E-6D87-47E9-A412-6547B497598A}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
EmptyTemp:

*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\Extensions\{f5f7ac00-9939-4a64-9198-5d4a5cf5f149}.xpi => moved successfully
C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\Extensions\{f5f7ac00-9939-4a64-9198-5d4a5cf5f149}.xpi => path removed successfully.
iWinTrusted => service not found.
ReimageRealTimeProtector => Service stopped successfully.
ReimageRealTimeProtector => service removed successfully.
C:\Program Files\Reimage => moved successfully
C:\ProgramData\Reimage Protector => moved successfully
C:\Windows\Reimage.ini => moved successfully
"C:\Users\Jenks\Downloads\ReimageRepair.exe" => File/Folder not found.
"C:\Program Files\iWin Games" => File/Folder not found.
C:\ProgramData\gtxhlulu.rrk => moved successfully
C:\ProgramData\vmkofzys.vtc => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B0DC45E-B684-4B6C-9662-F98360D1D11B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B0DC45E-B684-4B6C-9662-F98360D1D11B}" => key removed successfully.
C:\Windows\System32\Tasks\Reimage Reminder => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{90EFEB85-72D2-4124-AF03-3D22BCBEB439}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90EFEB85-72D2-4124-AF03-3D22BCBEB439}" => key removed successfully.
C:\Windows\System32\Tasks\ReimageUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA472A2C-C817-42FA-A5B3-88353EDEB0EA} => key not found.
C:\Windows\System32\Tasks\RunAsStdUser Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => key removed successfully.
C:\ProgramData\TEMP => ":008FE370" ADS removed successfully..
C:\ProgramData\TEMP => ":012BC84F" ADS removed successfully..
C:\ProgramData\TEMP => ":021703B2" ADS removed successfully..
C:\ProgramData\TEMP => ":02172F27" ADS removed successfully..
C:\ProgramData\TEMP => ":0474F714" ADS removed successfully..
C:\ProgramData\TEMP => ":07C99568" ADS removed successfully..
C:\ProgramData\TEMP => ":0AF3C3DF" ADS removed successfully..
C:\ProgramData\TEMP => ":0B55751B" ADS removed successfully..
C:\ProgramData\TEMP => ":0BACBDD9" ADS removed successfully..
C:\ProgramData\TEMP => ":0DFE2AE1" ADS removed successfully..
C:\ProgramData\TEMP => ":0FAE191E" ADS removed successfully..
C:\ProgramData\TEMP => ":1379054C" ADS removed successfully..
C:\ProgramData\TEMP => ":1416AAA6" ADS removed successfully..
C:\ProgramData\TEMP => ":15734396" ADS removed successfully..
C:\ProgramData\TEMP => ":15D9664E" ADS removed successfully..
C:\ProgramData\TEMP => ":18897B1D" ADS removed successfully..
C:\ProgramData\TEMP => ":18B241CC" ADS removed successfully..
C:\ProgramData\TEMP => ":1999DD0A" ADS removed successfully..
C:\ProgramData\TEMP => ":19C541B5" ADS removed successfully..
C:\ProgramData\TEMP => ":206470A5" ADS removed successfully..
C:\ProgramData\TEMP => ":2339C9FD" ADS removed successfully..
C:\ProgramData\TEMP => ":234E9CC5" ADS removed successfully..
C:\ProgramData\TEMP => ":24C072FF" ADS removed successfully..
C:\ProgramData\TEMP => ":27F44544" ADS removed successfully..
C:\ProgramData\TEMP => ":282CE153" ADS removed successfully..
C:\ProgramData\TEMP => ":28BE9DE0" ADS removed successfully..
C:\ProgramData\TEMP => ":29058F8B" ADS removed successfully..
C:\ProgramData\TEMP => ":298B8F0F" ADS removed successfully..
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully..
C:\ProgramData\TEMP => ":2D2461E7" ADS removed successfully..
C:\ProgramData\TEMP => ":2F7C40B6" ADS removed successfully..
C:\ProgramData\TEMP => ":31F2397C" ADS removed successfully..
C:\ProgramData\TEMP => ":345A9A38" ADS removed successfully..
C:\ProgramData\TEMP => ":355DEA9D" ADS removed successfully..
C:\ProgramData\TEMP => ":393F7B1E" ADS removed successfully..
C:\ProgramData\TEMP => ":3A4C8FE7" ADS removed successfully..
C:\ProgramData\TEMP => ":3C9B05C4" ADS removed successfully..
C:\ProgramData\TEMP => ":3D1D487A" ADS removed successfully..
C:\ProgramData\TEMP => ":3D922890" ADS removed successfully..
C:\ProgramData\TEMP => ":3E8A3E87" ADS removed successfully..
C:\ProgramData\TEMP => ":42C1964D" ADS removed successfully..
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully..
C:\ProgramData\TEMP => ":43982D5E" ADS removed successfully..
C:\ProgramData\TEMP => ":48FEA089" ADS removed successfully..
C:\ProgramData\TEMP => ":4D51EA2B" ADS removed successfully..
C:\ProgramData\TEMP => ":50868536" ADS removed successfully..
C:\ProgramData\TEMP => ":5539129F" ADS removed successfully..
C:\ProgramData\TEMP => ":55C54F7C" ADS removed successfully..
C:\ProgramData\TEMP => ":5ACE199E" ADS removed successfully..
C:\ProgramData\TEMP => ":5E73E1C2" ADS removed successfully..
C:\ProgramData\TEMP => ":60A4BB64" ADS removed successfully..
C:\ProgramData\TEMP => ":66AEA02C" ADS removed successfully..
C:\ProgramData\TEMP => ":69F562A6" ADS removed successfully..
C:\ProgramData\TEMP => ":69FD6BF0" ADS removed successfully..
C:\ProgramData\TEMP => ":6BEADDC0" ADS removed successfully..
C:\ProgramData\TEMP => ":6DA18708" ADS removed successfully..
C:\ProgramData\TEMP => ":6ECD2470" ADS removed successfully..
C:\ProgramData\TEMP => ":708BB0FA" ADS removed successfully..
C:\ProgramData\TEMP => ":709E81D4" ADS removed successfully..
C:\ProgramData\TEMP => ":70E897B5" ADS removed successfully..
C:\ProgramData\TEMP => ":751D6870" ADS removed successfully..
C:\ProgramData\TEMP => ":76682252" ADS removed successfully..
C:\ProgramData\TEMP => ":80B291A7" ADS removed successfully..
C:\ProgramData\TEMP => ":80FA23CA" ADS removed successfully..
C:\ProgramData\TEMP => ":848CC150" ADS removed successfully..
C:\ProgramData\TEMP => ":8866C899" ADS removed successfully..
C:\ProgramData\TEMP => ":8DA9DB01" ADS removed successfully..
C:\ProgramData\TEMP => ":95079543" ADS removed successfully..
C:\ProgramData\TEMP => ":9510DF8F" ADS removed successfully..
C:\ProgramData\TEMP => ":9725F1BC" ADS removed successfully..
C:\ProgramData\TEMP => ":99515FFA" ADS removed successfully..
C:\ProgramData\TEMP => ":997DA6D7" ADS removed successfully..
C:\ProgramData\TEMP => ":9BAC4211" ADS removed successfully..
C:\ProgramData\TEMP => ":9C3AAD57" ADS removed successfully..
C:\ProgramData\TEMP => ":9CD3B6D1" ADS removed successfully..
C:\ProgramData\TEMP => ":9E05DEB0" ADS removed successfully..
C:\ProgramData\TEMP => ":9E3E060F" ADS removed successfully..
C:\ProgramData\TEMP => ":A13B696A" ADS removed successfully..
C:\ProgramData\TEMP => ":A2B3764A" ADS removed successfully..
C:\ProgramData\TEMP => ":A561576B" ADS removed successfully..
C:\ProgramData\TEMP => ":A6345BDA" ADS removed successfully..
C:\ProgramData\TEMP => ":A819A132" ADS removed successfully..
C:\ProgramData\TEMP => ":A9F13D2D" ADS removed successfully..
C:\ProgramData\TEMP => ":AB0A5A80" ADS removed successfully..
C:\ProgramData\TEMP => ":AE0B4487" ADS removed successfully..
C:\ProgramData\TEMP => ":B093E177" ADS removed successfully..
C:\ProgramData\TEMP => ":B2CCDB69" ADS removed successfully..
C:\ProgramData\TEMP => ":B317D7ED" ADS removed successfully..
C:\ProgramData\TEMP => ":B33464A5" ADS removed successfully..
C:\ProgramData\TEMP => ":B3C7433B" ADS removed successfully..
C:\ProgramData\TEMP => ":B4258C5D" ADS removed successfully..
C:\ProgramData\TEMP => ":B61767F5" ADS removed successfully..
C:\ProgramData\TEMP => ":B80659FA" ADS removed successfully..
C:\ProgramData\TEMP => ":BB718C46" ADS removed successfully..
C:\ProgramData\TEMP => ":C370B84F" ADS removed successfully..
C:\ProgramData\TEMP => ":C3AD9507" ADS removed successfully..
C:\ProgramData\TEMP => ":C76BA037" ADS removed successfully..
C:\ProgramData\TEMP => ":CA7E8F16" ADS removed successfully..
C:\ProgramData\TEMP => ":CB959782" ADS removed successfully..
C:\ProgramData\TEMP => ":D086B88D" ADS removed successfully..
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully..
C:\ProgramData\TEMP => ":D3A8AA31" ADS removed successfully..
C:\ProgramData\TEMP => ":D434342F" ADS removed successfully..
C:\ProgramData\TEMP => ":D4DD372D" ADS removed successfully..
C:\ProgramData\TEMP => ":D4F5419A" ADS removed successfully..
C:\ProgramData\TEMP => ":D53D29CC" ADS removed successfully..
C:\ProgramData\TEMP => ":D6D87980" ADS removed successfully..
C:\ProgramData\TEMP => ":D7DA89B1" ADS removed successfully..
C:\ProgramData\TEMP => ":DB2BB17F" ADS removed successfully..
C:\ProgramData\TEMP => ":DD24DCF8" ADS removed successfully..
C:\ProgramData\TEMP => ":DF7A2D3E" ADS removed successfully..
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully..
C:\ProgramData\TEMP => ":DFFB9E98" ADS removed successfully..
C:\ProgramData\TEMP => ":E7730732" ADS removed successfully..
C:\ProgramData\TEMP => ":E8B61305" ADS removed successfully..
C:\ProgramData\TEMP => ":E8BE0B80" ADS removed successfully..
C:\ProgramData\TEMP => ":E91ADC66" ADS removed successfully..
C:\ProgramData\TEMP => ":E94FA418" ADS removed successfully..
C:\ProgramData\TEMP => ":E9900C74" ADS removed successfully..
C:\ProgramData\TEMP => ":E9C2F553" ADS removed successfully..
C:\ProgramData\TEMP => ":EA2D3047" ADS removed successfully..
C:\ProgramData\TEMP => ":EA701346" ADS removed successfully..
C:\ProgramData\TEMP => ":EBFD4E6F" ADS removed successfully..
C:\ProgramData\TEMP => ":ED92736E" ADS removed successfully..
C:\ProgramData\TEMP => ":EDF12A30" ADS removed successfully..
C:\ProgramData\TEMP => ":EE9B2879" ADS removed successfully..
C:\ProgramData\TEMP => ":EF0F3F33" ADS removed successfully..
C:\ProgramData\TEMP => ":F1381B87" ADS removed successfully..
C:\ProgramData\TEMP => ":F2E92DCD" ADS removed successfully..
C:\ProgramData\TEMP => ":F2EDC57C" ADS removed successfully..
C:\ProgramData\TEMP => ":F67947AF" ADS removed successfully..
C:\ProgramData\TEMP => ":F67AAFC5" ADS removed successfully..
C:\ProgramData\TEMP => ":F7BF538D" ADS removed successfully..
C:\ProgramData\TEMP => ":F817E159" ADS removed successfully..
C:\ProgramData\TEMP => ":FD4C7AD3" ADS removed successfully..
C:\Users\Jenks\Downloads\Fwd Are you the couple for me - w4mw - 43 (lansing).msg.eml => ":OECustomProperty" ADS removed successfully..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33398398-C3CC-4A83-BE41-AE8EC3D4F609} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0D1FB9B-D2DA-4A8F-8EEA-21638BEEAA20} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B51268C6-208C-4229-B663-323A73FE4C05} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40023BBD-710E-4DBE-9509-72209178E9C1} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08EA8DEA-3FD8-4B8A-BE6E-F4DCE7AC9B13} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75AB2BC9-29C1-437A-B75B-26CE5B3E7323} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2E65F20-1FC2-41A9-9BA2-F88F4195899A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{913AF5AB-F7B5-45BA-93AD-9350A73D2998} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02A84122-9ACE-48C6-BC80-C7EBB117BAB3} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{624E7ACB-834B-4332-A8C0-114FD2EA060C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C712622E-6D87-47E9-A412-6547B497598A} => value removed successfully.
EmptyTemp: => 533.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:01:38 ====
QueenDawn1 is offline  
Old 09-04-2015, 06:01 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Thanks for the log. Please do the following steps.

STEP 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

========================================================

STEP 2

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 60 from the following link

Download Free Java Software

==========================================================

STEP 3

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 09-04-2015, 10:01 AM   #7
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



Okay I did the malwarebites and the flash player but everytime I try to do the eset scanner my computer crashes and freezes and I have to restart it manually so not sure what I can do



Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Update, Bad md5 or size: akadomains, 11,
Error, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Update, Bad md5 or size: akaips, 11,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.2.1,
Update, 9/4/2015 10:38:20 AM, SYSTEM, JENKS-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,
Update, 9/4/2015 10:38:21 AM, SYSTEM, JENKS-PC, Manual, Malware Database, 2015.6.3.3, 2015.9.4.5,
Scan, 9/4/2015 10:55:42 AM, SYSTEM, JENKS-PC, Manual, Start:9/4/2015 10:38:37 AM, Duration:16 min 14 sec, Threat Scan, Completed, 0 Malware Detections, 4 Non-Malware Detections,
Error, 9/4/2015 10:59:04 AM, SYSTEM, JENKS-PC, Protection, IsLicensed, 13,
Protection, 9/4/2015 10:59:04 AM, SYSTEM, JENKS-PC, Protection, Malware Protection, Stopping,
Protection, 9/4/2015 10:59:04 AM, SYSTEM, JENKS-PC, Protection, Malware Protection, Stopped,

(end)
QueenDawn1 is offline  
Old 09-04-2015, 10:16 PM   #8
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



okay I got the other scan to work at last


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Jenks (administrator) on JENKS-PC (03-09-2015 07:27:12)
Running from C:\Users\Jenks\Downloads
Loaded Profiles: Jenks (Available Profiles: Jenks)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell Photo P703w AIO Printer\Printer\Center\dlSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(iWin Inc.) C:\Program Files\iWin Games\iWinTrusted.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Dell Inc.) C:\Windows\System32\spool\drivers\w32x86\3\DLKAMUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [57344 2007-08-09] (Primax Electronics Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [DLKAStatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\DLKAMUI.exe [1331200 2009-09-05] (Dell Inc.)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-12] (SigmaTel, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-08-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Run: [GoogleChromeAutoLaunch_2279C6B37BEDCA0A05ED35B19AC84A13] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-11-29] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-06-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2011-06-08]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-12-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{BD1A4011-0564-4F16-B577-5ACFD0F386A8}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=1590&gct=hp
SearchScopes: HKLM -> DefaultScope {6BE0F4BA-F07E-45E6-8FCA-F05B27091DBB} URL =
SearchScopes: HKLM -> {a17cc547-016c-4a35-a95b-de64acafa170} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=NP01DF&PC=NP01&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=NP01DF&PC=NP01&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> {a17cc547-016c-4a35-a95b-de64acafa170} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-05] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default
FF SearchEngineOrder.1: Blekko
FF SelectedSearchEngine: WhiteSmoke New Customized Web Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3542476646-4194484312-2243041315-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Jenks\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3542476646-4194484312-2243041315-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\user.js [2011-07-15]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\searchplugins\4-loot.xml [2011-07-25]
FF SearchPlugin: C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\searchplugins\safesearch.xml [2015-08-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\search.xml [2012-05-10]
FF Extension: 4Loot Toolbar - C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\Extensions\{f5f7ac00-9939-4a64-9198-5d4a5cf5f149}.xpi [2011-07-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-09-03]
FF Extension: No Name - C:\Users\Jenks\AppData\Roaming\Mozilla\Firefox\Profiles\7ta98ef3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-06-07]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-08]
CHR Extension: (Google Docs) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-08]
CHR Extension: (Google Drive) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-08]
CHR Extension: (YouTube) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-08]
CHR Extension: (Adblock Plus) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-11]
CHR Extension: (Google Search) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-08]
CHR Extension: (Tampermonkey) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-07-08]
CHR Extension: (Block site) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-08]
CHR Extension: (Google Sheets) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-08]
CHR Extension: (Gmail) - C:\Users\Jenks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security Suite\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-08-12] (SUPERAntiSpyware.com)
R2 dlSvc; C:\Program Files\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe [28672 2008-11-17] (Dell Inc.) [File not signed]
R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [176848 2011-04-08] (iWin Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [235696 2015-06-26] (McAfee, Inc.)
R2 N360; C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1931632 2015-04-29] (Electronic Arts)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6324208 2015-08-19] (Reimage®)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx86.sys [1181936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1605020.00F\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-07-27] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20150902.001\IDSvix86.sys [580856 2015-08-28] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150902.002\NAVENG.SYS [104440 2015-08-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150902.002\NAVEX15.SYS [1645432 2015-08-26] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-11-29] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1605020.00F\SRTSP.SYS [711408 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1605020.00F\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\N360\1605020.00F\SYMEFASI.SYS [1286896 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-08-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1605020.00F\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1605020.00F\SYMTDIV.SYS [358104 2015-07-10] (Symantec Corporation)
S3 cpuz134; \??\C:\Users\Jenks\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 EraserUtilDrv11310; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11310.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-03 07:27 - 2015-09-03 07:28 - 00023096 _____ C:\Users\Jenks\Downloads\FRST.txt
2015-09-03 07:25 - 2015-09-03 07:27 - 00000000 ____D C:\FRST
2015-09-03 07:25 - 2015-09-03 07:25 - 01690624 _____ (Farbar) C:\Users\Jenks\Downloads\frst.exe
2015-09-02 07:10 - 2015-09-02 07:10 - 00010046 _____ C:\Users\Jenks\Desktop\attach.txt
2015-09-02 07:10 - 2015-09-02 07:09 - 00020006 _____ C:\Users\Jenks\Desktop\dds.txt
2015-09-02 07:08 - 2015-09-02 07:08 - 00688992 ____R (Swearware) C:\Users\Jenks\Downloads\dds.scr
2015-09-01 12:14 - 2015-09-01 12:14 - 00007340 _____ C:\Windows\PFRO.log
2015-09-01 08:45 - 2015-09-01 08:45 - 00000000 ____D C:\SUPERDelete
2015-09-01 07:55 - 2015-09-01 08:45 - 00000000 ____D C:\Program Files\Reimage
2015-09-01 07:55 - 2015-09-01 07:56 - 00000000 ____D C:\rei
2015-09-01 07:55 - 2015-09-01 07:55 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-09-01 07:54 - 2015-09-01 07:56 - 00000139 _____ C:\Windows\Reimage.ini
2015-09-01 07:54 - 2015-09-01 07:54 - 00772016 _____ (Reimage®) C:\Users\Jenks\Downloads\ReimageRepair.exe
2015-08-20 07:01 - 2015-08-14 19:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 07:01 - 2015-08-14 18:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-20 07:01 - 2015-08-14 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 13:58 - 2015-08-19 13:58 - 00008665 _____ C:\Users\Jenks\Downloads\CLERICAL VIDEO.mht
2015-08-17 11:26 - 2015-08-17 11:26 - 00342924 _____ C:\Users\Jenks\Downloads\payment.html
2015-08-14 15:46 - 2015-08-14 15:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jenks\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-14 15:46 - 2015-08-14 15:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jenks\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-14 00:23 - 2015-08-14 00:23 - 00000000 ____D C:\ProgramData\Emsisoft
2015-08-14 00:04 - 2015-08-14 15:42 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-08-14 00:03 - 2015-08-14 00:03 - 172891368 _____ (Emsisoft Ltd. ) C:\Users\Jenks\Downloads\EmsisoftAntiMalwareSetup.exe
2015-08-13 05:30 - 2015-07-21 16:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 05:30 - 2015-07-21 12:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 05:30 - 2015-07-21 12:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 05:30 - 2015-07-21 12:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-13 05:30 - 2015-07-21 12:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 05:30 - 2015-07-21 12:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-13 05:30 - 2015-07-21 12:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 05:30 - 2015-07-21 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 05:27 - 2015-07-31 15:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 05:27 - 2015-07-09 10:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-13 05:17 - 2015-07-11 11:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 04:55 - 2015-07-18 12:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 04:54 - 2015-07-10 15:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 04:54 - 2015-07-10 15:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 04:53 - 2015-07-31 18:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 04:53 - 2015-07-31 17:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-13 04:53 - 2015-07-31 17:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-13 04:53 - 2015-07-31 17:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-13 04:53 - 2015-07-31 17:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-13 04:53 - 2015-07-31 16:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 04:53 - 2015-07-31 16:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-13 04:53 - 2015-07-31 16:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-13 04:53 - 2015-07-31 16:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 04:53 - 2015-07-31 16:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 04:53 - 2015-07-31 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 04:53 - 2015-07-31 16:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 04:52 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 04:52 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 04:52 - 2015-07-01 11:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 04:51 - 2015-07-21 12:04 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 16:40 - 2015-08-12 16:40 - 00001357 _____ C:\Users\Jenks\Downloads\dirty-dancing_633.ics
2015-08-12 10:23 - 2015-07-22 16:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 10:23 - 2015-07-22 16:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 10:23 - 2015-07-22 16:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-12 10:23 - 2015-07-22 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 10:23 - 2015-07-22 16:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 10:23 - 2015-07-22 16:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 10:23 - 2015-07-22 16:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 10:23 - 2015-07-22 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 10:23 - 2015-07-22 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 10:23 - 2015-07-22 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-12 10:23 - 2015-07-22 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-12 10:23 - 2015-07-22 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-12 10:22 - 2015-07-22 16:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 10:22 - 2015-07-22 16:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 10:22 - 2015-07-22 16:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 10:22 - 2015-07-22 16:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 10:22 - 2015-07-22 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 10:22 - 2015-07-22 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 10:22 - 2015-07-22 16:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 07:17 - 2015-08-11 07:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-08-07 14:21 - 2015-08-07 14:21 - 00128580 _____ C:\Users\Jenks\Downloads\PGRDeclarationsPage.html
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-03 07:22 - 2006-11-02 06:33 - 00758946 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-03 07:18 - 2011-06-08 07:34 - 01832633 _____ C:\Windows\WindowsUpdate.log
2015-09-03 07:14 - 2011-07-27 10:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-03 07:14 - 2011-07-27 10:49 - 00000308 _____ C:\Windows\Tasks\WinMaximizer-Jenks-Startup.job
2015-09-03 07:14 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 07:14 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 07:14 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 00:56 - 2011-06-08 07:35 - 00002051 _____ C:\Windows\bthservsdp.dat
2015-09-03 00:56 - 2006-11-02 09:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-03 00:14 - 2012-04-21 08:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-02 23:36 - 2011-07-27 10:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 17:15 - 2012-12-13 21:54 - 00002627 _____ C:\Users\Jenks\Desktop\Microsoft Word.lnk
2015-09-01 09:00 - 2015-03-25 14:44 - 00000000 ____D C:\Windows\Minidump
2015-09-01 09:00 - 2011-07-06 20:42 - 00000000 ____D C:\Users\Jenks\AppData\Local\CrashDumps
2015-09-01 09:00 - 2009-04-11 13:03 - 00000000 ____D C:\Windows\Panther
2015-08-31 09:49 - 2011-07-25 23:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-30 21:08 - 2011-06-08 13:21 - 00000000 ____D C:\Users\Jenks\Documents\Bluetooth Exchange Folder
2015-08-23 08:50 - 2013-03-28 21:16 - 00000000 ____D C:\Program Files\TomTom HOME 2
2015-08-23 08:50 - 2011-06-08 14:15 - 00000000 ____D C:\Program Files\iWin Games
2015-08-20 22:32 - 2015-07-08 18:02 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-14 15:39 - 2006-11-02 08:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-14 15:38 - 2011-06-10 08:55 - 00000000 ____D C:\Program Files\Bonjour
2015-08-13 06:15 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-13 06:01 - 2006-11-02 08:47 - 00271672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 06:00 - 2011-07-03 17:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 05:58 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-13 05:31 - 2011-08-10 22:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 05:30 - 2011-07-03 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 05:14 - 2013-07-11 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 04:56 - 2006-11-02 06:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 14:14 - 2012-04-21 08:46 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 14:14 - 2011-06-08 17:21 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 06:18 - 2011-06-08 13:06 - 00000000 ____D C:\Program Files\Digital Line Detect
2015-08-11 23:14 - 2011-07-04 00:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-08-11 07:20 - 2011-07-04 00:01 - 00000000 ____D C:\ProgramData\Norton
2015-08-11 07:17 - 2013-11-26 13:58 - 00002100 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-08-11 07:17 - 2011-07-04 00:02 - 00000000 ____D C:\Windows\system32\Drivers\N360
2015-08-10 13:28 - 2011-07-04 00:03 - 00103152 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2015-08-10 13:28 - 2011-07-04 00:03 - 00008178 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2015-08-08 10:44 - 2011-06-08 14:16 - 00000000 ____D C:\ProgramData\TEMP
2015-08-05 04:09 - 2011-07-04 00:01 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== Files in the root of some directories =======

2013-07-01 14:36 - 2013-07-01 14:36 - 0000036 _____ () C:\Users\Jenks\AppData\Roaming\mbam.context.scan
2012-12-25 15:59 - 2013-01-21 17:30 - 0000663 _____ () C:\Users\Jenks\AppData\Local\cookies.ini
2011-06-26 18:30 - 2013-10-17 00:10 - 0000680 _____ () C:\Users\Jenks\AppData\Local\d3d9caps.dat
2011-06-15 17:15 - 2013-08-11 09:14 - 0015872 _____ () C:\Users\Jenks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-23 11:33 - 2011-06-23 11:42 - 0077538 _____ () C:\Users\Jenks\AppData\Local\installer.log
2011-06-08 17:41 - 2011-06-08 17:41 - 0005003 _____ () C:\ProgramData\gtxhlulu.rrk
2012-01-14 13:04 - 2012-01-14 13:04 - 0005007 _____ () C:\ProgramData\vmkofzys.vtc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-03 07:21

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Jenks (2015-09-03 07:28:23)
Running from C:\Users\Jenks\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3542476646-4194484312-2243041315-500 - Administrator - Disabled)
Guest (S-1-5-21-3542476646-4194484312-2243041315-501 - Limited - Disabled)
Jenks (S-1-5-21-3542476646-4194484312-2243041315-1000 - Administrator - Enabled) => C:\Users\Jenks

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
aiofw (Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
aioocr (Version: 1.00.0000.0001 - kodak) Hidden
aioprnt (Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (Version: 2.00.0000.0000 - Dell Inc.) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.1116.2137 - )
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.2.0.6 - )
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
BOTOHOLIC (HKLM\...\BOTOHOLIC) (Version: 1.0 - Breakpoint Software Development)
Build-a-lot 2: Town of the Year (HKLM\...\BFG-Build-a-lot 2 - Town of the Year) (Version: - )
ccc-core-static (Version: 2007.1116.2138.38649 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
center (Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Cooking Academy (HKLM\...\BFG-Cooking Academy) (Version: - )
Cooking Academy 2 (remove only) (HKLM\...\Cooking Academy 2) (Version: - )
Cooking Academy 3: Recipe For Success (HKLM\...\Cooking Academy 3: Recipe For Success) (Version: 32.0.0.0 - Shockwave.com)
Cooking Dash (remove only) (HKLM\...\Cooking Dash) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Daycare Nightmare (remove only) (HKLM\...\Daycare Nightmare) (Version: - )
Dell Driver Download Manager (HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Photo P703w AIO Printer (HKLM\...\{DF56288E-E66B-4F3F-81FE-03AE4F63F049}) (Version: 2.0.0.0 - Dell Company)
Dell Photo P703w WiFi Config Utility (Version: 1.0.4 - Dell) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dreamscapes: The Sandman (HKLM\...\Dreamscapes: The Sandman) (Version: 4.0.1.62181 - iWin.com)
Escape From Paradise (HKLM\...\BFG-Escape From Paradise) (Version: - )
FrostWire 5.1.5 (HKLM\...\FrostWire 5) (Version: 5.1.5.0 - FrostWire Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Grimm Reaper: Hidden Tales (HKLM\...\BFG-Grimm Reaper Hidden Tales) (Version: - )
Help_CTR (Version: 2.00.0000.000 - Eastman Kodak Company) Hidden
helpug (Version: 2.00.0000.0000 - kodak) Hidden
Home Sweet Home 2: Kitchens and Baths (HKLM\...\Home Sweet Home 2: Kitchens and Baths) (Version: - iWin.com)
Home Sweet Home: Christmas Edition (remove only) (HKLM\...\Home Sweet Home: Christmas Edition) (Version: - )
Hot Dish (HKLM\...\BFG-Hot Dish) (Version: - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections 12.1.12.4 (HKLM\...\PROSetDX) (Version: - Dell)
iTunes (HKLM\...\{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}) (Version: 10.3.1.55 - Apple Inc.)
iWin Games (remove only) (HKLM\...\iWinArcade) (Version: - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
ksDIP (Version: 2.00.0000.0000 - Dell Inc.) Hidden
Learning Lodge Navigator (HKLM\...\VTechDownloadManager) (Version: - VTech)
Luxor 2 (remove only) (HKLM\...\Luxor 2) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Miss Management (HKLM\...\BFG-Miss Management) (Version: - )
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.28.0 - Dell)
Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
Mozilla Firefox 8.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 8.0.1 (x86 en-US)) (Version: 8.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Norton Security Suite (HKLM\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OLYMPUS Raw Codec (HKLM\...\{5EA05D7F-5645-4068-A60F-0DCF8FBFD267}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SFR (Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
Skins (Version: 2007.1116.2138.38649 - ATI) Hidden
Spa Mania (HKLM\...\BFG-Spa Mania) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.55.1000 - SUPERAntiSpyware.com)
Supple (remove only) (HKLM\...\Supple) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tropix 1.5 (HKLM\...\Tropix) (Version: 1.5 - Robot Super Brain, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Villagers: New Believers (HKLM\...\BFG-Virtual Villagers - New Believers) (Version: - )
VoiceOver Kit (HKLM\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
Wedding Dash (HKLM\...\BFG-Wedding Dash) (Version: - )
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yard Sale Hidden Treasures: Lucky Junction (HKLM\...\BFG-Yard Sale Hidden Treasures - Lucky Junction) (Version: - )
Yard Sale Hidden Treasures: Sunnyville (HKLM\...\BFG-Yard Sale Hidden Treasures - Sunnyville) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3542476646-4194484312-2243041315-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jenks\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

05-08-2015 00:20:39 Scheduled Checkpoint
06-08-2015 00:11:43 Scheduled Checkpoint
07-08-2015 00:00:02 Scheduled Checkpoint
08-08-2015 00:51:14 Scheduled Checkpoint
09-08-2015 00:00:02 Scheduled Checkpoint
10-08-2015 02:55:10 Scheduled Checkpoint
13-08-2015 04:50:59 Windows Update
14-08-2015 15:37:10 Removed Bonjour
20-08-2015 06:59:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2015-07-31 12:15 - 00000791 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018ED58E-48A9-4399-9069-AEF89C439FB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {18EB154D-321E-4D1C-9FB2-A1056DB32059} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {2A55FD9F-DA11-4EB9-9F3C-8A553AF44406} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {7C85FAFE-4A97-45A5-BEB3-A3808DA74478} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {89B23AC6-C815-44EE-B8A6-38E957133CC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8B0DC45E-B684-4B6C-9662-F98360D1D11B} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {90EFEB85-72D2-4124-AF03-3D22BCBEB439} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {9B5C1F7A-C158-4BE8-A6B2-71F7F6B8DD88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {9E058E08-0A86-4E15-A0D9-1B154FFAEB71} - System32\Tasks\{D549D8B8-65CF-4000-A292-DCDFDFF807C7} => pcalua.exe -a "C:\Program Files\BOTOHOLIC\Uninstall.exe"
Task: {A4E431AB-7DD3-42FC-BC14-DF5F1DE4A65C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BBC24312-BE0F-415A-9AC9-B6143A666869} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {C0E65225-69E8-41AB-A04E-F045D0444E1B} - System32\Tasks\WinMaximizer-Jenks-Startup => C:\Program Files\WinMaximizer\WinMaximizer.exe
Task: {DA08A52C-8BAC-4861-A860-BA94B53CDDF0} - System32\Tasks\LAUNCH CDPCO => C:\Program Files\CyberDefender\PC Optimizer\CDPCO.exe
Task: {FA472A2C-C817-42FA-A5B3-88353EDEB0EA} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe [2011-04-08] (iWin Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WinMaximizer-Jenks-Startup.job => C:\Program Files\WinMaximizer\WinMaximizer.exe

==================== Loaded Modules (Whitelisted) ==============

2011-06-07 16:59 - 2008-02-14 04:13 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-05-26 13:42 - 2011-05-26 13:42 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-05 05:40 - 2012-11-05 04:50 - 00377800 _____ () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
2012-11-05 05:40 - 2010-06-23 21:16 - 02150400 _____ () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
2012-11-05 05:40 - 2010-07-13 09:07 - 07826432 _____ () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
2012-11-05 05:40 - 2010-06-01 22:29 - 00934912 _____ () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
2012-11-05 05:40 - 2010-06-01 22:28 - 00335360 _____ () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
2012-11-05 05:40 - 2012-08-06 05:54 - 09843640 _____ () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
2012-11-05 05:40 - 2010-06-01 22:56 - 00232960 _____ () C:\Program Files\VTech\DownloadManager\System\phonon4.dll
2012-11-05 05:40 - 2010-06-01 22:54 - 02530816 _____ () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-11-05 05:40 - 2010-07-05 05:19 - 00116736 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-11-05 05:40 - 2010-11-11 05:24 - 00028160 _____ () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
2012-11-05 05:40 - 2010-06-02 01:05 - 00119808 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2007-02-13 12:14 - 2007-02-13 12:14 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2007-02-13 12:33 - 2007-02-13 12:33 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-08-20 22:32 - 2015-08-18 01:23 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:008FE370
AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:021703B2
AlternateDataStreams: C:\ProgramData\TEMP:02172F27
AlternateDataStreams: C:\ProgramData\TEMP:0474F714
AlternateDataStreams: C:\ProgramData\TEMP:07C99568
AlternateDataStreams: C:\ProgramData\TEMP:0AF3C3DF
AlternateDataStreams: C:\ProgramData\TEMP:0B55751B
AlternateDataStreams: C:\ProgramData\TEMP:0BACBDD9
AlternateDataStreams: C:\ProgramData\TEMP:0DFE2AE1
AlternateDataStreams: C:\ProgramData\TEMP:0FAE191E
AlternateDataStreams: C:\ProgramData\TEMP:1379054C
AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6
AlternateDataStreams: C:\ProgramData\TEMP:15734396
AlternateDataStreams: C:\ProgramData\TEMP:15D9664E
AlternateDataStreams: C:\ProgramData\TEMP:18897B1D
AlternateDataStreams: C:\ProgramData\TEMP:18B241CC
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2339C9FD
AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:282CE153
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:29058F8B
AlternateDataStreams: C:\ProgramData\TEMP:298B8F0F
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2D2461E7
AlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6
AlternateDataStreams: C:\ProgramData\TEMP:31F2397C
AlternateDataStreams: C:\ProgramData\TEMP:345A9A38
AlternateDataStreams: C:\ProgramData\TEMP:355DEA9D
AlternateDataStreams: C:\ProgramData\TEMP:393F7B1E
AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:3D1D487A
AlternateDataStreams: C:\ProgramData\TEMP:3D922890
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:42C1964D
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:43982D5E
AlternateDataStreams: C:\ProgramData\TEMP:48FEA089
AlternateDataStreams: C:\ProgramData\TEMP:4D51EA2B
AlternateDataStreams: C:\ProgramData\TEMP:50868536
AlternateDataStreams: C:\ProgramData\TEMP:5539129F
AlternateDataStreams: C:\ProgramData\TEMP:55C54F7C
AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2
AlternateDataStreams: C:\ProgramData\TEMP:60A4BB64
AlternateDataStreams: C:\ProgramData\TEMP:66AEA02C
AlternateDataStreams: C:\ProgramData\TEMP:69F562A6
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0
AlternateDataStreams: C:\ProgramData\TEMP:6BEADDC0
AlternateDataStreams: C:\ProgramData\TEMP:6DA18708
AlternateDataStreams: C:\ProgramData\TEMP:6ECD2470
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:709E81D4
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:76682252
AlternateDataStreams: C:\ProgramData\TEMP:80B291A7
AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA
AlternateDataStreams: C:\ProgramData\TEMP:848CC150
AlternateDataStreams: C:\ProgramData\TEMP:8866C899
AlternateDataStreams: C:\ProgramData\TEMP:8DA9DB01
AlternateDataStreams: C:\ProgramData\TEMP:95079543
AlternateDataStreams: C:\ProgramData\TEMP:9510DF8F
AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
AlternateDataStreams: C:\ProgramData\TEMP:99515FFA
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:9C3AAD57
AlternateDataStreams: C:\ProgramData\TEMP:9CD3B6D1
AlternateDataStreams: C:\ProgramData\TEMP:9E05DEB0
AlternateDataStreams: C:\ProgramData\TEMP:9E3E060F
AlternateDataStreams: C:\ProgramData\TEMP:A13B696A
AlternateDataStreams: C:\ProgramData\TEMP:A2B3764A
AlternateDataStreams: C:\ProgramData\TEMP:A561576B
AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AE0B4487
AlternateDataStreams: C:\ProgramData\TEMP:B093E177
AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69
AlternateDataStreams: C:\ProgramData\TEMP:B317D7ED
AlternateDataStreams: C:\ProgramData\TEMP:B33464A5
AlternateDataStreams: C:\ProgramData\TEMP:B3C7433B
AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D
AlternateDataStreams: C:\ProgramData\TEMP:B61767F5
AlternateDataStreams: C:\ProgramData\TEMP:B80659FA
AlternateDataStreams: C:\ProgramData\TEMP:BB718C46
AlternateDataStreams: C:\ProgramData\TEMP:C370B84F
AlternateDataStreams: C:\ProgramData\TEMP:C3AD9507
AlternateDataStreams: C:\ProgramData\TEMP:C76BA037
AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D434342F
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D4F5419A
AlternateDataStreams: C:\ProgramData\TEMP:D53D29CC
AlternateDataStreams: C:\ProgramData\TEMP:D6D87980
AlternateDataStreams: C:\ProgramData\TEMP:D7DA89B1
AlternateDataStreams: C:\ProgramData\TEMP:DB2BB17F
AlternateDataStreams: C:\ProgramData\TEMP:DD24DCF8
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:DFFB9E98
AlternateDataStreams: C:\ProgramData\TEMP:E7730732
AlternateDataStreams: C:\ProgramData\TEMP:E8B61305
AlternateDataStreams: C:\ProgramData\TEMP:E8BE0B80
AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66
AlternateDataStreams: C:\ProgramData\TEMP:E94FA418
AlternateDataStreams: C:\ProgramData\TEMP:E9900C74
AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553
AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047
AlternateDataStreams: C:\ProgramData\TEMP:EA701346
AlternateDataStreams: C:\ProgramData\TEMP:EBFD4E6F
AlternateDataStreams: C:\ProgramData\TEMP:ED92736E
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE9B2879
AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33
AlternateDataStreams: C:\ProgramData\TEMP:F1381B87
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F2EDC57C
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF
AlternateDataStreams: C:\ProgramData\TEMP:F67AAFC5
AlternateDataStreams: C:\ProgramData\TEMP:F7BF538D
AlternateDataStreams: C:\ProgramData\TEMP:F817E159
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\Users\Jenks\Downloads\Fwd Are you the couple for me - w4mw - 43 (lansing).msg.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3542476646-4194484312-2243041315-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jenks\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{33398398-C3CC-4A83-BE41-AE8EC3D4F609}] => (Allow) LPort=80
FirewallRules: [{D0D1FB9B-D2DA-4A8F-8EEA-21638BEEAA20}] => (Allow) LPort=80
FirewallRules: [{B51268C6-208C-4229-B663-323A73FE4C05}] => (Allow) LPort=80
FirewallRules: [{40023BBD-710E-4DBE-9509-72209178E9C1}] => (Allow) C:\Program Files\iWin Games\iWinGames.exe
FirewallRules: [{08EA8DEA-3FD8-4B8A-BE6E-F4DCE7AC9B13}] => (Allow) C:\Program Files\iWin Games\iWinGames.exe
FirewallRules: [{53DDC66C-4B36-41E8-A404-DDB5739DF6FA}] => (Allow) C:\Program Files\iWin Games\WebUpdater.exe
FirewallRules: [{15BF93E1-D35E-4C5E-A775-865A0E95C39B}] => (Allow) C:\Program Files\iWin Games\WebUpdater.exe
FirewallRules: [{5A7A0712-631F-476A-A4C5-376F22E9C76F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB3D899D-B6C2-4246-AB88-F7F245D2029A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{069EF0CA-B275-43B4-9037-AF128AB4FDC3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{75AB2BC9-29C1-437A-B75B-26CE5B3E7323}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{B2E65F20-1FC2-41A9-9BA2-F88F4195899A}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{913AF5AB-F7B5-45BA-93AD-9350A73D2998}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{02A84122-9ACE-48C6-BC80-C7EBB117BAB3}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{9FCBFE68-4CD6-4FB9-939B-B7DD31EF80B3}] => (Allow) C:\Program Files\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{1CBC7D12-6E92-45F5-9C7D-6FBC49C68D7A}] => (Allow) C:\Program Files\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{8E0F7666-6C30-44C8-8268-3D16B31C9EB4}] => (Allow) C:\Program Files\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{735A6575-2F62-48FB-83D0-8A0C42805DC7}] => (Allow) C:\Program Files\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{624E7ACB-834B-4332-A8C0-114FD2EA060C}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{C712622E-6D87-47E9-A412-6547B497598A}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{4396CED0-46AD-4DB0-8C54-D592D7BB8D1F}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{79DBE733-C341-45A4-A937-818649A03393}] => (Allow) LPort=2869
FirewallRules: [{D45F3967-E5EC-4953-A317-626E1C16B9FB}] => (Allow) LPort=1900
FirewallRules: [{AA0BF2A6-1542-4E5B-A9BE-0C5625781C28}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5BC756E8-A43D-4271-89C9-70EBF7CFCF95}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2015 07:29:37 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:29:37 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:16:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 07:15:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 07:15:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/03/2015 12:56:28 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (09/03/2015 07:16:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (09/03/2015 07:14:56 AM) (Source: Dhcpv6) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address &B@ on the Network Card with network address 001D091F1F3F.

Error: (09/02/2015 09:57:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (09/02/2015 09:56:24 PM) (Source: Dhcpv6) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address &B@ on the Network Card with network address 001D091F1F3F.

Error: (09/02/2015 09:56:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:33:52 PM on 9/2/2015 was unexpected.

Error: (09/02/2015 09:27:22 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/02/2015 09:23:52 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/02/2015 09:20:52 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/02/2015 09:17:52 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/02/2015 09:14:52 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-09-01 08:46:36.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:36.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:36.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:35.991
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:21.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:20.844
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:20.544
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:20.260
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:06.586
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-01 08:46:06.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 3325.03 MB
Available physical RAM: 1684.52 MB
Total Virtual: 6853.07 MB
Available Virtual: 5226.41 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.41 GB) (Free:69.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=916.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
QueenDawn1 is offline  
Old 09-06-2015, 11:34 PM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Ok. Please do the following instruction. Then tell me, How is the machine behaving now? What problems do you still have?

Please download ComboFix and Save it to your Desktop.

Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Please make sure you disable your security applications before running ComboFix. Get help here
Double-click ComboFix.exe and follow the prompts to run it.
If a message window opens to install the Microsoft Windows Recovery Console, click the yes button.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.
Please re-enable your antivirus before posting the ComboFix.txt log.
NOTE: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe
Next, go File > New Task(Run...) and type explorer then press 'Enter'. or just reboot the computer.
__________________
tekir06 is offline  
Old 09-10-2015, 08:26 PM   #10
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



Hi Sorry it has taken me so long to get back to you just been real busy ..... okay so the computer is still freezing and has to be restarted by pushing the power button if I don't power it off before I leave for 30 or more minutes ....so I downloaded combofix shut down virus software and tried running combofix but I keep getting error messages of ......nircmd has stopped working & setpath.3xe has stopped & rmbr.3xe has stopped & handle viewer has stopped working.... first time I just closed the popup boxes and ran combo fix but then my computer froze because I was "inactive" so I had to shut down the computer and start over well I did that and thought I shut down my virus software but it kept detecting it so I stopped running combo fix and now do not know what to do ..... Thanks for your help I really appreciate it
QueenDawn1 is offline  
Old 09-15-2015, 04:18 AM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again.

Sorry for delay. Please do the following steps.

STEP 1

Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.3.1001.zip and save it to your desktop.
Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
Double-click mbar.exe inside the mbar folder then click 'Next'.
Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
Click 'Update'.
When finished updating, click 'Next' then 'Scan'.
If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
With some infections, you may see two messages boxes:
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.

If malware is found, do NOT press the' Cleanup' button yet. Click 'Exit'.
Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

STEP 2

Please re-run FRST tool and attach fresh FRST.txt and Addition.txt.
__________________
tekir06 is offline  
Old 09-18-2015, 02:04 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello QueenDawn1,

Are you still with us? If you don't respond, this thread will be closed in 24 hours.
__________________
tekir06 is offline  
Old 09-19-2015, 04:33 AM   #13
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



Hi yep I'm still here just been working and have not had a chance to do the last step will get to it today ..... Sorry
QueenDawn1 is offline  
Old 09-19-2015, 06:56 AM   #14
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



this is the only log that came up so here it is





Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Update, Bad md5 or size: akadomains, 11,
Error, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Update, Bad md5 or size: akaips, 11,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 9/4/2015 10:38:19 AM, SYSTEM, JENKS-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.2.1,
Update, 9/4/2015 10:38:20 AM, SYSTEM, JENKS-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,
Update, 9/4/2015 10:38:21 AM, SYSTEM, JENKS-PC, Manual, Malware Database, 2015.6.3.3, 2015.9.4.5,
Scan, 9/4/2015 10:55:42 AM, SYSTEM, JENKS-PC, Manual, Start:9/4/2015 10:38:37 AM, Duration:16 min 14 sec, Threat Scan, Completed, 0 Malware Detections, 4 Non-Malware Detections,
Error, 9/4/2015 10:59:04 AM, SYSTEM, JENKS-PC, Protection, IsLicensed, 13,
Protection, 9/4/2015 10:59:04 AM, SYSTEM, JENKS-PC, Protection, Malware Protection, Stopping,
Protection, 9/4/2015 10:59:04 AM, SYSTEM, JENKS-PC, Protection, Malware Protection, Stopped,

(end)
QueenDawn1 is offline  
Old 09-19-2015, 06:59 AM   #15
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



disregard the last one I think I posted the wrong thing :/ sorry here is the log that was in the file hope it is right


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 3486547968, free: 1687568384

Downloaded database version: v2015.09.19.03
Downloaded database version: v2015.09.18.01
Downloaded database version: v2015.09.16.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
09/19/2015 09:20:16
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\N360\1605020.00F\SYMEFASI.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\N360\1605020.00F\ccSetx86.sys
\SystemRoot\System32\Drivers\N360\1605020.00F\SRTSP.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\N360\1605020.00F\SRTSPX.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\N360\1605020.00F\Ironx86.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150918.018\NAVEX15.SYS
\??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20150918.018\NAVENG.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\N360\1605020.00F\SYMTDIV.SYS
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20150918.002\IDSvix86.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\WinUSB.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.09.19.03
rootkit: v2015.09.18.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86e46560, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d43d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86e46560, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85d09028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8000000

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 208782
Partition is not bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 208896 Numsec = 31457280
Partition is not bootable
Partition file system is NTFS

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31666176 Numsec = 1921855488
Partition is bootable
Partition file system is NTFS

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff88342a50, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88365a58, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88342a50, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff883639a8, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff883423b0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff883619a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883423b0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88361cb8, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff88393030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88393d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88393030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88361630, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff883935e0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88386cb0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883935e0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88361030, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-208896-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-31666176-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
QueenDawn1 is offline  
Old 09-20-2015, 10:44 AM   #16
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



Well the computer completly crashed and now I have tried to restore it and it will not allow me to do so. so I am serching for a windows vista recovery dissc or another way to restore it
QueenDawn1 is offline  
Old 09-28-2015, 11:10 PM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

I apologize for being late to reply.

Exactly what type of restore? System restore? Or a recovery from the recovery partition if there is one? What exact error message?
__________________
tekir06 is offline  
Old 09-30-2015, 01:32 AM   #18
Registered Member
 
Join Date: May 2008
Posts: 32
OS: xp



Hi Thanks for all of your help but I have sent the computer out to be repaired because I couldn't even access anything on it .So I will not be needing anymore help at this time
QueenDawn1 is offline  
Old 09-30-2015, 01:43 AM   #19
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

You're welcome
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:56 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts