Please read attachments - Problem first
Problem.txt 1.26KB 226 downloads
aswMBR.txt 1.78KB 192 downloads
FRST.txt 90.51KB 309 downloads
Posted 30 June 2019 - 01:28 PM
Please read attachments - Problem first
Problem.txt 1.26KB 226 downloads
aswMBR.txt 1.78KB 192 downloads
FRST.txt 90.51KB 309 downloads
Register to Remove
Posted 01 July 2019 - 06:11 AM
Posted 01 July 2019 - 06:52 AM
Thanks so much for your reply. Here is my Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by Jim (30-06-2019 08:54:04)
Running from C:\Users\Jim\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-03-19 12:44:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1410203692-3413734974-1764055963-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1410203692-3413734974-1764055963-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1410203692-3413734974-1764055963-1006 - Limited - Enabled)
Jim (S-1-5-21-1410203692-3413734974-1764055963-1000 - Administrator - Enabled) => C:\Users\Jim
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
100% Hidden Objects (HKLM-x32\...\BFG-100 Percent Hidden Objects) (Version: - )
1912: Titanic Mystery (HKLM-x32\...\BFG-1912 - Titanic Mystery) (Version: - )
3D Aquarium Screensaver version 1.0 (HKLM-x32\...\{E2E5DB65-4740-4387-BF23-B918FA6E4A56}_is1) (Version: 1.0 - YesFreeScreensavers.com)
3D Snow version 5.0 (HKLM-x32\...\3D Snow Screensaver_is1) (Version: - All-Sweets)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Amazon Games (HKLM-x32\...\Amazon Games_is1) (Version: 2.3.0.0 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{257CF3C8-DB9E-6C1A-FE68-B0840E53D098}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Home Edition 5.1.2 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - Aomei Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 4.0.1) (Version: 4.0.1 - Avery Products Corporation)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Dell SupportAssist (HKLM\...\{806422F1-FC4E-4D7C-8855-05748AEFC031}) (Version: 3.2.2.119 - Dell Inc.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Easy Photo Scan (HKLM-x32\...\{9E3F2EC3-7E4F-4F20-A56F-7A24D6E3D39B}) (Version: 1.00.0017 - Seiko Epson Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{6DBFDAF8-20AE-46AE-940E-4F769ACDF4BB}) (Version: 3.11.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EPSON XP-440 Series Printer Uninstall (HKLM\...\EPSON XP-440 Series) (Version: - Seiko Epson Corporation)
EPSON XP-850 Series Printer Uninstall (HKLM\...\EPSON XP-850 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
Eraser 6.2.0.2971 (HKLM\...\{F0B4C9BD-D61B-4AE5-A345-F4BB5F452B5B}) (Version: 6.2.2971 - The Eraser Project)
Fishdom 3 (HKLM-x32\...\Fishdom 3_is1) (Version: - My Real Games Ltd)
Flip Words 2 (HKLM-x32\...\Flip Words 2) (Version: 32.0.0.0 - Shockwave.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2281 - Intel Corporation)
iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.)
Jigsaw365 (HKLM-x32\...\BFG-Jigsaw365) (Version: - )
LightScribe Applications (HKLM-x32\...\{61F25370-7465-4404-BE28-4629BF808699}) (Version: 1.18.15.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Macrium Reflect Free Edition (HKLM\...\{77A97A7F-31F6-496A-9625-589717602062}) (Version: 6.3.1821 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Manor Memoirs (HKLM-x32\...\Manor Memoirs_is1) (Version: - My Real Games Ltd)
MediaWiper (HKLM-x32\...\{6BAA87E9-8820-416E-B2DF-A294D1883367}) (Version: (Build 09.30.09) - WhiteCanyon, Inc.)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MiniReminder (HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\MiniReminder) (Version: - )
MiniTool Partition Wizard Professional Edition 9.1 (HKLM\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 67.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.4 (x64 en-US)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
Mozilla Thunderbird 60.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.7.2 (x86 en-US)) (Version: 60.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.3.50 - Symantec Corporation)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.22 - VIA Technologies, Inc.) Hidden
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.19.52 - Quicken)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7484 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Roxio Creator 2010 (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.0 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
SmartSound Quicktracks Plugin (HKLM-x32\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unreal Tournament 3 (HKLM-x32\...\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games) Hidden
Unreal Tournament 3 (HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)
Unreal Tournament G.O.T.Y. Edition (HKLM-x32\...\UnrealTournament) (Version: - )
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinUtilities Free Edition 11.33 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.33 - YL Computing, Inc)
YouTube Downloader 4.6.1020 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions -> Sonic Solutions)
CustomCLSID: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000_Classes\CLSID\{BC9B776A-90D7-4476-A791-79D835F30650}\InprocServer32 -> C:\Program Files\Eraser\Eraser.Shell.dll (Heidi Computers Ltd -> The Eraser Project)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] () [File not signed]
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] () [File not signed]
ContextMenuHandlers1_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1_S-1-5-21-1410203692-3413734974-1764055963-1000: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions -> Sonic Solutions)
ContextMenuHandlers2_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2_S-1-5-21-1410203692-3413734974-1764055963-1000: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions -> Sonic Solutions)
ContextMenuHandlers4_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6_S-1-5-21-1410203692-3413734974-1764055963-1000: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions -> Sonic Solutions)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
==================== Loaded Modules (Whitelisted) ==============
2012-09-04 17:27 - 2012-01-09 22:44 - 000193536 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2010-11-07 19:00 - 2010-11-07 19:00 - 000143360 _____ () [File not signed] C:\Users\Jim\MiniReminder\MiniReminder.exe
2012-01-25 15:32 - 2012-01-25 15:32 - 000299008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2012-04-09 17:13 - 2012-04-09 17:13 - 000299008 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2010-06-29 17:12 - 2010-06-29 17:12 - 000158720 ____N (Broadcom Corporation) [File not signed] C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
2013-01-16 13:15 - 2013-01-16 13:15 - 000033792 ____N (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2013-01-16 13:15 - 2013-01-16 13:15 - 000110592 ____N (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2013-01-16 13:15 - 2013-01-16 13:15 - 000073728 ____N (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2019-03-08 16:34 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2009-11-09 14:27 - 2009-11-09 14:27 - 005339136 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Office\OFFICE14\PROOF\1033\MSGR3EN.DLL
2018-03-26 13:07 - 2018-03-26 13:07 - 000126976 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2015-03-19 08:29 - 2015-03-19 08:29 - 000065536 ____N (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
2014-01-22 09:54 - 2006-12-19 19:23 - 000094208 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
2014-01-22 09:54 - 2006-08-30 02:02 - 000106496 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll
2014-03-02 20:00 - 2007-09-18 17:44 - 000421888 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBIPDev.dll
2014-03-02 20:00 - 2007-09-10 16:03 - 000110592 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBLPBidiDev.dll
2014-03-02 20:00 - 2006-12-26 15:58 - 000233544 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBMSDev.dll
2014-03-02 20:00 - 2004-11-17 17:56 - 000286720 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBNWDev.dll
2014-03-02 20:00 - 2007-09-10 16:32 - 000135168 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBRSVC.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000085504 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\EbpD4Fax.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000212992 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUADRFIL.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000278528 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCFG.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000430080 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCSR.DLL
2016-03-03 20:06 - 2012-02-29 02:00 - 000385024 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXLDB.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000536576 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXTIF.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000421888 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUIMGCDC.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000262144 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FULEPP.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000077824 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUSTMMSG.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000303104 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUSVCCLT.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000065536 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUUSBHLP.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000253952 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUVERDLG.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000065536 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDEVCOM.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000135168 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDRVUTL.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000335872 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUPRBDEV.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000229376 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUSNMPUT.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000081920 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000090112 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000241664 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000106496 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000077824 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2018-03-12 12:42 - 2008-11-11 10:00 - 000118784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_ILMHAA.DLL
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000786432 ____N (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENCM.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000278528 ____N (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENNW.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000299008 ____N (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENUTIL.dll
2019-06-26 15:08 - 2019-06-14 11:25 - 001024512 _____ (Vitzo Ltd.) [File not signed] C:\Program Files (x86)\YouTube Downloader\YouTubeDownloader.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [182]
AlternateDataStreams: C:\ProgramData\TEMP:1409277B [382]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:466FA8C3 [284]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [167]
AlternateDataStreams: C:\ProgramData\TEMP:A2CE35BE [266]
AlternateDataStreams: C:\ProgramData\TEMP:ACA2947B [257]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [496]
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C [462]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\roxio.com -> hxxp://roxio.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AOMEI Backupper
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: DDVRulesProcessor => 2
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{E5B25736-C0B6-4601-9E02-036BABF66F84}] => (Allow) LPort=1542
FirewallRules: [{F62C3945-49D6-416D-BBC8-6D981DD7617B}] => (Allow) LPort=1542
FirewallRules: [{25AA99C4-B20F-4C59-A712-30E41BC1252C}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (Cinemanow, Inc. -> CinemaNow Inc.)
FirewallRules: [{CAF3AC86-E784-4654-8B37-D8D8AE05C247}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (Cinemanow, Inc. -> CinemaNow Inc.)
FirewallRules: [{8C0EB31D-42F8-4878-968A-F1A57C6EB11E}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe (Sonic Solutions -> Sonic Solutions)
FirewallRules: [{43D12660-CD2A-405A-B403-AAFD3FDAFD1B}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe (Sonic Solutions -> Sonic Solutions)
FirewallRules: [UDP Query User{12DBB570-B296-40E7-9AFC-C1916F73B901}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{77B83E86-BDC7-4B04-BA6D-2F1013A38D9F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{98392298-1056-4646-B5E5-15AB6470F967}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADFDC62E-4B22-4334-B698-F09DCFAB05C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A493041E-AE9E-4D45-8D2B-C2B38194F794}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1450C394-7352-4E56-9225-EBC876FB3606}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{789201D5-9900-470F-9B0C-C7B7C6DC702A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{81A02E8B-6074-4B27-948C-48E99FD17386}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{0EBAF6DD-8B66-4115-AD26-146E085EB12A}] => (Allow) LPort=53
FirewallRules: [{598C37CD-FEBE-413F-A8E8-DC7FFD4067F0}] => (Allow) LPort=1542
FirewallRules: [{7A4352C4-2A76-45A4-9F14-C1C664603EB9}] => (Allow) LPort=1542
FirewallRules: [{32319A54-CA9A-440F-8BEF-25C710A2C34F}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8D6607CE-E11A-4D6F-BDC3-D6BBBE12644A}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DF270F76-D5B8-40C1-9546-A48AB27194FE}] => (Allow) LPort=7000
FirewallRules: [{7D878771-900D-47CD-92D2-546243F45918}] => (Allow) LPort=7000
FirewallRules: [{44A86E3E-967B-4EFF-AB91-79AFC56E3C09}] => (Allow) LPort=67
FirewallRules: [{421839E3-D4D8-4B57-B6EE-31A3E762A14B}] => (Allow) LPort=68
FirewallRules: [{6FC2A072-E701-48DC-9BD6-32130D6B8884}] => (Allow) LPort=53
FirewallRules: [{FC0A092C-37C6-4E7E-B209-336AF8CC6B20}] => (Allow) LPort=53
FirewallRules: [{52C97357-9A8C-46C9-93F5-1CFB43ACBCAE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C566901-510B-4651-80D4-C8FC0C1C0B18}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F0EFCBA-C22D-45B7-B906-981611C35858}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6A9BEAA9-827A-4F06-A391-EFC7B8C316F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82A80AE9-AD49-48AC-9FAB-DD211AD8A9F6}] => (Allow) C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe (Epic Games Inc. -> )
FirewallRules: [{1FD4F7A5-1327-441A-A2A8-4D75599C03B0}] => (Allow) C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe (Epic Games Inc. -> )
FirewallRules: [{EB5D42D6-0059-45DB-B00B-12ACCD3E4609}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7A444F1-CD5C-47B0-8C4C-83C9AA322025}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{471B15AD-C678-417F-8F99-30962B09A7D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AF3CBB85-4046-4F14-AE50-76BACEFE076A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{0FF8FBDC-A023-4CE0-A738-8526F1826553}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{46054168-B92B-4803-90BB-8560F2D85A0F}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{A39E688D-75F3-4F75-A851-659AB1D02E9C}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{330B640A-833F-4018-AF79-9A14822E8E5E}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{5E8B882B-D271-4ED7-A1B0-AAD0235C442C}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{7234D984-585F-4D16-A0CC-A50F2C5FD67C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{944162E7-4136-454C-8F93-24153C2D0D77}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{8BB37131-F391-4A42-A141-A66BA25DE06A}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{DE4422CE-66AE-45AC-A71A-A661AAB13BE7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
12-06-2019 13:07:39 Scheduled Checkpoint
12-06-2019 14:41:01 Installed EPSON Scan OCR Component
12-06-2019 15:07:44 Windows Update
14-06-2019 12:07:29 Installed Epson Software Updater
14-06-2019 12:09:25 Installed EPSON Scan OCR Component
21-06-2019 15:11:11 Scheduled Checkpoint
29-06-2019 19:10:06 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2019 05:15:08 AM) (Source: MsiInstaller) (EventID: 11706) (User: DELL380-ULT)
Description: Product: Roxio Burn Manager -- Error 1706. An installation package for the product Roxio Burn Manager cannot be found. Try the installation again using a valid copy of the installation package 'BurnMgr.MSI'.
Error: (06/30/2019 05:15:05 AM) (Source: MsiInstaller) (EventID: 11706) (User: DELL380-ULT)
Description: Product: Roxio Burn Manager -- Error 1706. An installation package for the product Roxio Burn Manager cannot be found. Try the installation again using a valid copy of the installation package 'BurnMgr.MSI'.
Error: (06/30/2019 05:14:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (06/29/2019 12:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631
Error: (06/29/2019 12:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631
Error: (06/29/2019 12:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2019 05:56:57 AM) (Source: MsiInstaller) (EventID: 11706) (User: DELL380-ULT)
Description: Product: Roxio Burn Manager -- Error 1706. An installation package for the product Roxio Burn Manager cannot be found. Try the installation again using a valid copy of the installation package 'BurnMgr.MSI'.
Error: (06/29/2019 05:56:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YouTubeDownloader.exe, version: 4.6.1020.0, time stamp: 0x5d037621
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24475, time stamp: 0x5cdd7d45
Exception code: 0xe0434352
Fault offset: 0x000000000000b87d
Faulting process id: 0xf80
Faulting application start time: 0x01d52e60f8b3a534
Faulting application path: C:\Program Files (x86)\YouTube Downloader\YouTubeDownloader.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 3ab847d4-9a54-11e9-aa6c-b8ac6fad7fe9
System errors:
=============
Error: (06/30/2019 05:17:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Service API service depends on the Dell Data Vault Collector service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (06/30/2019 05:17:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Collector service depends on the Dell Data Vault Processor service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (06/30/2019 05:17:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Collector service depends on the Dell Data Vault Processor service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (06/30/2019 05:15:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
Error: (06/29/2019 05:59:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Service API service depends on the Dell Data Vault Collector service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (06/29/2019 05:59:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Collector service depends on the Dell Data Vault Processor service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (06/29/2019 05:58:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Collector service depends on the Dell Data Vault Processor service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (06/29/2019 05:56:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
==================== Memory info ===========================
BIOS: Dell Inc. A07 06/13/2012
Motherboard: Dell Inc. 01TKCC
Processor: Intel® Core2 Quad CPU Q9650 @ 3.00GHz
Percentage of memory in use: 92%
Total physical RAM: 4029.65 MB
Available physical RAM: 286.3 MB
Total Virtual: 8057.44 MB
Available Virtual: 1888.03 MB
==================== Drives ================================
Drive c: (WINDOWS 7 ULTIMATE - 64 BIT) (Fixed) (Total:931.51 GB) (Free:736.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C0451C85)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Posted 01 July 2019 - 03:02 PM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Start::
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {9369C895-5F20-41E1-A9BD-6FB882347E91} - \AutoKMS -> No File <==== ATTENTION
Task: {D9F6AF04-1315-4916-82A2-F39AF027D45A} - \AutoKMSDaily -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.17.0.183&locale=en_US&guid=8414B998-C9A2-4238-845D-73152701C66D&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\Exts\Chrome.crx <not found>
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\ChromeHTML: -> <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [182]
AlternateDataStreams: C:\ProgramData\TEMP:1409277B [382]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:466FA8C3 [284]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [167]
AlternateDataStreams: C:\ProgramData\TEMP:A2CE35BE [266]
AlternateDataStreams: C:\ProgramData\TEMP:ACA2947B [257]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [496]
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C [462]
C:\Windows\Temp\*.*
End::
Posted 01 July 2019 - 07:01 PM
Juliet: Here is the Requested Information Logs:
FRST Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2019
Ran by Jim (01-07-2019 19:53:57) Run:1
Running from C:\Users\Jim\Downloads\Utilities\Hacker repair\First64
Loaded Profiles: Jim (Available Profiles: Jim & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {9369C895-5F20-41E1-A9BD-6FB882347E91} - \AutoKMS -> No File <==== ATTENTION
Task: {D9F6AF04-1315-4916-82A2-F39AF027D45A} - \AutoKMSDaily -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.17.0.183&locale=en_US&guid=8414B998-C9A2-4238-845D-73152701C66D&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\Exts\Chrome.crx <not found>
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\ChromeHTML: -> <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [182]
AlternateDataStreams: C:\ProgramData\TEMP:1409277B [382]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:466FA8C3 [284]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [167]
AlternateDataStreams: C:\ProgramData\TEMP:A2CE35BE [266]
AlternateDataStreams: C:\ProgramData\TEMP:ACA2947B [257]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [496]
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C [462]
C:\Windows\Temp\*.*
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9369C895-5F20-41E1-A9BD-6FB882347E91}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9369C895-5F20-41E1-A9BD-6FB882347E91}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9F6AF04-1315-4916-82A2-F39AF027D45A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9F6AF04-1315-4916-82A2-F39AF027D45A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily" => removed successfully
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
"HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000_Classes\ChromeHTML => removed successfully
C:\ProgramData\TEMP => ":036B81D9" ADS removed successfully
C:\ProgramData\TEMP => ":1409277B" ADS removed successfully
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully
C:\ProgramData\TEMP => ":466FA8C3" ADS removed successfully
C:\ProgramData\TEMP => ":7687A3E3" ADS removed successfully
C:\ProgramData\TEMP => ":A2CE35BE" ADS removed successfully
C:\ProgramData\TEMP => ":ACA2947B" ADS removed successfully
C:\ProgramData\TEMP => ":BC8E9899" ADS removed successfully
C:\ProgramData\TEMP => ":C72A744C" ADS removed successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\MSI11998.LOG => moved successfully
C:\Windows\Temp\MSI11999.LOG => moved successfully
C:\Windows\Temp\MSI17d88.LOG => moved successfully
C:\Windows\Temp\MSI17d89.LOG => moved successfully
C:\Windows\Temp\MSI21fcf.LOG => moved successfully
C:\Windows\Temp\MSI21fd0.LOG => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
The system needed a reboot.
==== End of Fixlog 19:54:58 ====
AdwCleaner Log:
-------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-01-2019
# Duration: 00:00:11
# OS: Windows 7 Ultimate
# Cleaned: 36
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Common Files\myturbopc.com
Deleted C:\Program Files (x86)\mipony
Deleted C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
Deleted C:\ProgramData\apn
Deleted C:\ProgramData\myturbopc.com
Deleted C:\Users\Jim\AppData\Local\Systweak
Deleted C:\Users\Jim\AppData\Roaming\DriverCure
Deleted C:\Users\Jim\AppData\Roaming\iWin
Deleted C:\Users\Jim\AppData\Roaming\mipony
Deleted C:\Users\Jim\AppData\Roaming\myturbopc.com
***** [ Files ] *****
Deleted C:\Users\Jim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
Deleted C:\Users\Jim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Free YouTube Downloader.lnk
Deleted C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ctry3evk.default\searchplugins\safesearch.xml
Deleted C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ctry3evk.default\searchplugins\yahoo_ff.xml
Deleted C:\Windows\Reimage.ini
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\ImInstaller
Deleted HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|WeatherBug.exe
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKCU\Software\MyTurboPC.com
Deleted HKCU\Software\Reimage
Deleted HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Reimage
Deleted HKLM\Software\Wow6432Node\ImInstaller
Deleted HKLM\Software\Wow6432Node\MyTurboPC.com
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKU\.DEFAULT\Software\AskPartnerNetwork
Deleted HKU\S-1-5-18\Software\AskPartnerNetwork
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [4418 octets] - [01/07/2019 20:06:09]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Rogue Killer Log:
RogueKiller Anti-Malware V13.3.1.0 (x64) [Jul 1 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/d...ad/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Jim [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190701_063258, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/07/01 20:48:23 (Duration : 00:23:39)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\IncrediMail -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1410203692-3413734974-1764055963-1000\Software\IM -- -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-21-1410203692-3413734974-1764055963-1000\Software\IncrediMail -- -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\IncrediMail -- -> Deleted
[PUP.SysTweak (Potentially Malicious)] Advanced Identity Protector -- %_Jim_appdata%\Advanced Identity Protector -> Deleted
[PUP.Gen1 (Potentially Malicious)] Free YouTube Downloader -- %localappdata%\Free YouTube Downloader -> Deleted
[PUP.IncrediMail (Potentially Malicious)] IncrediMail -- %programdata%\IncrediMail -> Deleted
Posted 02 July 2019 - 03:25 AM
Posted 02 July 2019 - 06:11 AM
Information Logs Requested:
Malwarebytes Log:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 7/2/19
Scan Time: 7:07 AM
Log File: 9db91156-9cb9-11e9-af44-b8ac6fad7fe9.json
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11362
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DELL380-ULT\Jim
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 304344
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 6 min, 1 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 2
Adware.NeoBar, HKLM\SOFTWARE\WOW6432NODE\ADNPR\ANTIMALWARE\key, Quarantined, [1341], [469673],1.0.11362
Adware.NeoBar, HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\SOFTWARE\ADNPR\ANTIMALWARE\key, Quarantined, [1341], [469679],1.0.11362
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 2
PUP.Optional.Spigot, C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CTRY3EVK.DEFAULT\PREFS.JS, Replaced, [162], [303258],1.0.11362
PUP.Optional.APNToolBar, C:\USERS\JIM\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{05B91CE4-CA5C-4607-9729-372F8CB3AD30}\THE WEATHER CHANNEL APP.MSI, Quarantined, [593], [76243],1.0.11362
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Emsisoft Emergency Kit -
Emsisoft Anti-Malware Trial 2019.6.0.9533 stable [en-us]
OS: Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Forensics log
Date Component Action Details
7/2/2019 7:44:59 AM Core Mode changed Auto-Silent mode disabled.
7/2/2019 7:44:24 AM Core Protection started Version 2019.6.0.9533.
7/2/2019 7:41:07 AM Operating System Shutdown received System initiated shutdown.
7/2/2019 7:39:34 AM Core Mode changed Auto-Silent mode enabled.
7/2/2019 7:38:17 AM Core Notification "Updates were downloaded and installed successfully.".
7/2/2019 7:37:42 AM Scheduler Update Downloaded and installed 7 files (31 kb) (7 sec.).
7/2/2019 7:37:35 AM Core Notification "Recommended Reading:9 critical cyber safety lessons to teach your kids".
7/2/2019 7:37:34 AM User DELL380-ULT\Jim Setting modified "On access extensions list" has been changed to "|.asp|.bat|.cab|.cgi|.chm|.cla|.class|.cmd|.com|.cpl|.ini|.css|.dll|.elf|.exe|.hlp|.hta|.htm|.html|.zip|.wh|.jar|.jpe|.jpeg|.jpg|.js|.jse|.lnk|.ocx|.php|.pif|.rar|.xpi|.reg|.scr|.sh|.shs|.src|.sys|.txt|.vbs|.vxd|.wmf|.doc|.docx|.xls|.xlsx|.ppt|.pptx|.pdf|".
7/2/2019 7:37:31 AM Core Setting modified "Unwanted hosts default action" has been changed to "Block and notify".
7/2/2019 7:37:31 AM Core Setting modified "PUP default action" has been changed to "Quarantine with notification".
7/2/2019 7:37:31 AM Core Setting modified License key has been activated.
7/2/2019 7:37:31 AM Core Setting modified "Detect PUPs" has been changed to "Enabled".
7/2/2019 7:37:22 AM Core Protection started Version 2019.6.0.9533.
Juliet,
The computer seems to be running fine. I can't thank you enough. In your expert opinion, was this computer seriously hacked and what can I do to avoid this problem in the future. I installed Norton thinking that protection would safeguard me from this type of problem - obviously, I was wrong. As far as the email situation goes, I still don't understand what went on and Microsoft is no help.
Posted 02 July 2019 - 12:36 PM
Juliet,
The computer seems to be running fine. I can't thank you enough. In your expert opinion, was this computer seriously hacked and what can I do to avoid this problem in the future. I installed Norton thinking that protection would safeguard me from this type of problem - obviously, I was wrong. As far as the email situation goes, I still don't understand what went on and Microsoft is no help.
Posted 02 July 2019 - 02:01 PM
Great news this wasn't a serious hacking problem. Again I thank you so much for your help.
Posted 03 July 2019 - 04:38 AM
Before you go, I'd like to mention that since you let someone log onto this computer you need to change all of your passwords.
Just to be on the safe side.
Posted 03 July 2019 - 06:00 AM
Thanks Juliet,
I started that process right away. I was worried about that. If I hadn't been so stupid in the first place this might not have been a problem. I'm sure you find that in a lot of cases.
Thanks Again
Posted 03 July 2019 - 06:25 AM
Posted 04 July 2019 - 04:34 AM
0 members, 0 guests, 0 anonymous users