Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hacked?


  • This topic is locked This topic is locked
12 replies to this topic

#1 Tech2

Tech2

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 30 June 2019 - 01:28 PM

Please read attachments - Problem first

 

 

Attached File  Problem.txt   1.26KB   226 downloads

Attached File  aswMBR.txt   1.78KB   192 downloads

Attached File  FRST.txt   90.51KB   309 downloads


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 01 July 2019 - 06:11 AM

Hi and welcome

When Farbar Recovery Scan Tool was run it should had also created Addition.txt
Can you locate this and post it in your next reply.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Tech2

Tech2

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 July 2019 - 06:52 AM

Thanks so much for your reply. Here is my Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by Jim (30-06-2019 08:54:04)
Running from C:\Users\Jim\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-03-19 12:44:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1410203692-3413734974-1764055963-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1410203692-3413734974-1764055963-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1410203692-3413734974-1764055963-1006 - Limited - Enabled)
Jim (S-1-5-21-1410203692-3413734974-1764055963-1000 - Administrator - Enabled) => C:\Users\Jim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

100% Hidden Objects (HKLM-x32\...\BFG-100 Percent Hidden Objects) (Version:  - )
1912: Titanic Mystery (HKLM-x32\...\BFG-1912 - Titanic Mystery) (Version:  - )
3D Aquarium Screensaver version 1.0 (HKLM-x32\...\{E2E5DB65-4740-4387-BF23-B918FA6E4A56}_is1) (Version: 1.0 - YesFreeScreensavers.com)
3D Snow version 5.0 (HKLM-x32\...\3D Snow Screensaver_is1) (Version:  - All-Sweets)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Amazon Games (HKLM-x32\...\Amazon Games_is1) (Version: 2.3.0.0 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{257CF3C8-DB9E-6C1A-FE68-B0840E53D098}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Home Edition 5.1.2 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - Aomei Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 4.0.1) (Version: 4.0.1 - Avery Products Corporation)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Dell SupportAssist (HKLM\...\{806422F1-FC4E-4D7C-8855-05748AEFC031}) (Version: 3.2.2.119 - Dell Inc.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Easy Photo Scan (HKLM-x32\...\{9E3F2EC3-7E4F-4F20-A56F-7A24D6E3D39B}) (Version: 1.00.0017 - Seiko Epson Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{6DBFDAF8-20AE-46AE-940E-4F769ACDF4BB}) (Version: 3.11.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EPSON XP-440 Series Printer Uninstall (HKLM\...\EPSON XP-440 Series) (Version:  - Seiko Epson Corporation)
EPSON XP-850 Series Printer Uninstall (HKLM\...\EPSON XP-850 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
Eraser 6.2.0.2971 (HKLM\...\{F0B4C9BD-D61B-4AE5-A345-F4BB5F452B5B}) (Version: 6.2.2971 - The Eraser Project)
Fishdom 3 (HKLM-x32\...\Fishdom 3_is1) (Version:  - My Real Games Ltd)
Flip Words 2 (HKLM-x32\...\Flip Words 2) (Version: 32.0.0.0 - Shockwave.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2281 - Intel Corporation)
iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.)
Jigsaw365 (HKLM-x32\...\BFG-Jigsaw365) (Version:  - )
LightScribe Applications (HKLM-x32\...\{61F25370-7465-4404-BE28-4629BF808699}) (Version: 1.18.15.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Macrium Reflect Free Edition (HKLM\...\{77A97A7F-31F6-496A-9625-589717602062}) (Version: 6.3.1821 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Manor Memoirs (HKLM-x32\...\Manor Memoirs_is1) (Version:  - My Real Games Ltd)
MediaWiper (HKLM-x32\...\{6BAA87E9-8820-416E-B2DF-A294D1883367}) (Version: (Build 09.30.09) - WhiteCanyon, Inc.)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MiniReminder (HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\MiniReminder) (Version:  - )
MiniTool Partition Wizard Professional Edition 9.1 (HKLM\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 67.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.4 (x64 en-US)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
Mozilla Thunderbird 60.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.7.2 (x86 en-US)) (Version: 60.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.3.50 - Symantec Corporation)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.22 - VIA Technologies, Inc.) Hidden
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.19.52 - Quicken)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7484 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Roxio Creator 2010 (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.0 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SmartSound Quicktracks Plugin (HKLM-x32\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unreal Tournament 3 (HKLM-x32\...\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games) Hidden
Unreal Tournament 3 (HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)
Unreal Tournament G.O.T.Y. Edition (HKLM-x32\...\UnrealTournament) (Version:  - )
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinUtilities Free Edition 11.33 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.33 - YL Computing, Inc)
YouTube Downloader 4.6.1020 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions -> Sonic Solutions)
CustomCLSID: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000_Classes\CLSID\{BC9B776A-90D7-4476-A791-79D835F30650}\InprocServer32 -> C:\Program Files\Eraser\Eraser.Shell.dll (Heidi Computers Ltd -> The Eraser Project)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] () [File not signed]
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-01-09] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-01-09] () [File not signed]
ContextMenuHandlers1_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1_S-1-5-21-1410203692-3413734974-1764055963-1000: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions -> Sonic Solutions)
ContextMenuHandlers2_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2_S-1-5-21-1410203692-3413734974-1764055963-1000: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions -> Sonic Solutions)
ContextMenuHandlers4_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6_S-1-5-21-1410203692-3413734974-1764055963-1000: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-10-16] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6_S-1-5-21-1410203692-3413734974-1764055963-1000: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions -> Sonic Solutions)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

==================== Loaded Modules (Whitelisted) ==============

2012-09-04 17:27 - 2012-01-09 22:44 - 000193536 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2010-11-07 19:00 - 2010-11-07 19:00 - 000143360 _____ () [File not signed] C:\Users\Jim\MiniReminder\MiniReminder.exe
2012-01-25 15:32 - 2012-01-25 15:32 - 000299008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2012-04-09 17:13 - 2012-04-09 17:13 - 000299008 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2010-06-29 17:12 - 2010-06-29 17:12 - 000158720 ____N (Broadcom Corporation) [File not signed] C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
2013-01-16 13:15 - 2013-01-16 13:15 - 000033792 ____N (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2013-01-16 13:15 - 2013-01-16 13:15 - 000110592 ____N (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2013-01-16 13:15 - 2013-01-16 13:15 - 000073728 ____N (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2019-03-08 16:34 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2009-11-09 14:27 - 2009-11-09 14:27 - 005339136 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Office\OFFICE14\PROOF\1033\MSGR3EN.DLL
2018-03-26 13:07 - 2018-03-26 13:07 - 000126976 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2015-03-19 08:29 - 2015-03-19 08:29 - 000065536 ____N (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
2014-01-22 09:54 - 2006-12-19 19:23 - 000094208 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
2014-01-22 09:54 - 2006-08-30 02:02 - 000106496 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll
2014-03-02 20:00 - 2007-09-18 17:44 - 000421888 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBIPDev.dll
2014-03-02 20:00 - 2007-09-10 16:03 - 000110592 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBLPBidiDev.dll
2014-03-02 20:00 - 2006-12-26 15:58 - 000233544 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBMSDev.dll
2014-03-02 20:00 - 2004-11-17 17:56 - 000286720 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBNWDev.dll
2014-03-02 20:00 - 2007-09-10 16:32 - 000135168 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBRSVC.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000085504 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\EbpD4Fax.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000212992 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUADRFIL.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000278528 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCFG.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000430080 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCSR.DLL
2016-03-03 20:06 - 2012-02-29 02:00 - 000385024 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXLDB.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000536576 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXTIF.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000421888 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUIMGCDC.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000262144 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FULEPP.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000077824 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUSTMMSG.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000303104 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUSVCCLT.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000065536 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUUSBHLP.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000253952 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\FUVERDLG.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000065536 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDEVCOM.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000135168 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDRVUTL.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000335872 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUPRBDEV.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000229376 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUSNMPUT.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000081920 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000090112 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000241664 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000106496 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2016-03-03 20:06 - 2012-02-28 12:00 - 000077824 ____N (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2018-03-12 12:42 - 2008-11-11 10:00 - 000118784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_ILMHAA.DLL
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000786432 ____N (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENCM.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000278528 ____N (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENNW.dll
2016-03-03 20:06 - 2012-02-29 02:00 - 000299008 ____N (SEIKO EPSON) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENUTIL.dll
2019-06-26 15:08 - 2019-06-14 11:25 - 001024512 _____ (Vitzo Ltd.) [File not signed] C:\Program Files (x86)\YouTube Downloader\YouTubeDownloader.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [182]
AlternateDataStreams: C:\ProgramData\TEMP:1409277B [382]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:466FA8C3 [284]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [167]
AlternateDataStreams: C:\ProgramData\TEMP:A2CE35BE [266]
AlternateDataStreams: C:\ProgramData\TEMP:ACA2947B [257]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [496]
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C [462]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\roxio.com -> hxxp://roxio.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AOMEI Backupper
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: DDVRulesProcessor => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E5B25736-C0B6-4601-9E02-036BABF66F84}] => (Allow) LPort=1542
FirewallRules: [{F62C3945-49D6-416D-BBC8-6D981DD7617B}] => (Allow) LPort=1542
FirewallRules: [{25AA99C4-B20F-4C59-A712-30E41BC1252C}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (Cinemanow, Inc. -> CinemaNow Inc.)
FirewallRules: [{CAF3AC86-E784-4654-8B37-D8D8AE05C247}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (Cinemanow, Inc. -> CinemaNow Inc.)
FirewallRules: [{8C0EB31D-42F8-4878-968A-F1A57C6EB11E}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe (Sonic Solutions -> Sonic Solutions)
FirewallRules: [{43D12660-CD2A-405A-B403-AAFD3FDAFD1B}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe (Sonic Solutions -> Sonic Solutions)
FirewallRules: [UDP Query User{12DBB570-B296-40E7-9AFC-C1916F73B901}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{77B83E86-BDC7-4B04-BA6D-2F1013A38D9F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{98392298-1056-4646-B5E5-15AB6470F967}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADFDC62E-4B22-4334-B698-F09DCFAB05C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A493041E-AE9E-4D45-8D2B-C2B38194F794}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1450C394-7352-4E56-9225-EBC876FB3606}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{789201D5-9900-470F-9B0C-C7B7C6DC702A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{81A02E8B-6074-4B27-948C-48E99FD17386}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{0EBAF6DD-8B66-4115-AD26-146E085EB12A}] => (Allow) LPort=53
FirewallRules: [{598C37CD-FEBE-413F-A8E8-DC7FFD4067F0}] => (Allow) LPort=1542
FirewallRules: [{7A4352C4-2A76-45A4-9F14-C1C664603EB9}] => (Allow) LPort=1542
FirewallRules: [{32319A54-CA9A-440F-8BEF-25C710A2C34F}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8D6607CE-E11A-4D6F-BDC3-D6BBBE12644A}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DF270F76-D5B8-40C1-9546-A48AB27194FE}] => (Allow) LPort=7000
FirewallRules: [{7D878771-900D-47CD-92D2-546243F45918}] => (Allow) LPort=7000
FirewallRules: [{44A86E3E-967B-4EFF-AB91-79AFC56E3C09}] => (Allow) LPort=67
FirewallRules: [{421839E3-D4D8-4B57-B6EE-31A3E762A14B}] => (Allow) LPort=68
FirewallRules: [{6FC2A072-E701-48DC-9BD6-32130D6B8884}] => (Allow) LPort=53
FirewallRules: [{FC0A092C-37C6-4E7E-B209-336AF8CC6B20}] => (Allow) LPort=53
FirewallRules: [{52C97357-9A8C-46C9-93F5-1CFB43ACBCAE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C566901-510B-4651-80D4-C8FC0C1C0B18}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F0EFCBA-C22D-45B7-B906-981611C35858}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6A9BEAA9-827A-4F06-A391-EFC7B8C316F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82A80AE9-AD49-48AC-9FAB-DD211AD8A9F6}] => (Allow) C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe (Epic Games Inc. -> )
FirewallRules: [{1FD4F7A5-1327-441A-A2A8-4D75599C03B0}] => (Allow) C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe (Epic Games Inc. -> )
FirewallRules: [{EB5D42D6-0059-45DB-B00B-12ACCD3E4609}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7A444F1-CD5C-47B0-8C4C-83C9AA322025}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{471B15AD-C678-417F-8F99-30962B09A7D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AF3CBB85-4046-4F14-AE50-76BACEFE076A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{0FF8FBDC-A023-4CE0-A738-8526F1826553}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{46054168-B92B-4803-90BB-8560F2D85A0F}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{A39E688D-75F3-4F75-A851-659AB1D02E9C}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{330B640A-833F-4018-AF79-9A14822E8E5E}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{5E8B882B-D271-4ED7-A1B0-AAD0235C442C}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{7234D984-585F-4D16-A0CC-A50F2C5FD67C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{944162E7-4136-454C-8F93-24153C2D0D77}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{8BB37131-F391-4A42-A141-A66BA25DE06A}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{DE4422CE-66AE-45AC-A71A-A661AAB13BE7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-06-2019 13:07:39 Scheduled Checkpoint
12-06-2019 14:41:01 Installed EPSON Scan OCR Component
12-06-2019 15:07:44 Windows Update
14-06-2019 12:07:29 Installed Epson Software Updater
14-06-2019 12:09:25 Installed EPSON Scan OCR Component
21-06-2019 15:11:11 Scheduled Checkpoint
29-06-2019 19:10:06 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2019 05:15:08 AM) (Source: MsiInstaller) (EventID: 11706) (User: DELL380-ULT)
Description: Product: Roxio Burn Manager -- Error 1706. An installation package for the product Roxio Burn Manager cannot be found. Try the installation again using a valid copy of the installation package 'BurnMgr.MSI'.

Error: (06/30/2019 05:15:05 AM) (Source: MsiInstaller) (EventID: 11706) (User: DELL380-ULT)
Description: Product: Roxio Burn Manager -- Error 1706. An installation package for the product Roxio Burn Manager cannot be found. Try the installation again using a valid copy of the installation package 'BurnMgr.MSI'.

Error: (06/30/2019 05:14:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2019 12:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (06/29/2019 12:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (06/29/2019 12:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2019 05:56:57 AM) (Source: MsiInstaller) (EventID: 11706) (User: DELL380-ULT)
Description: Product: Roxio Burn Manager -- Error 1706. An installation package for the product Roxio Burn Manager cannot be found. Try the installation again using a valid copy of the installation package 'BurnMgr.MSI'.

Error: (06/29/2019 05:56:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YouTubeDownloader.exe, version: 4.6.1020.0, time stamp: 0x5d037621
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24475, time stamp: 0x5cdd7d45
Exception code: 0xe0434352
Fault offset: 0x000000000000b87d
Faulting process id: 0xf80
Faulting application start time: 0x01d52e60f8b3a534
Faulting application path: C:\Program Files (x86)\YouTube Downloader\YouTubeDownloader.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 3ab847d4-9a54-11e9-aa6c-b8ac6fad7fe9

System errors:
=============
Error: (06/30/2019 05:17:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Service API service depends on the Dell Data Vault Collector service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/30/2019 05:17:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Collector service depends on the Dell Data Vault Processor service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/30/2019 05:17:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Collector service depends on the Dell Data Vault Processor service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/30/2019 05:15:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (06/29/2019 05:59:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Service API service depends on the Dell Data Vault Collector service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/29/2019 05:59:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Collector service depends on the Dell Data Vault Processor service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/29/2019 05:58:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Collector service depends on the Dell Data Vault Processor service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/29/2019 05:56:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

==================== Memory info ===========================

BIOS: Dell Inc. A07 06/13/2012
Motherboard: Dell Inc. 01TKCC
Processor: Intel® Core™2 Quad CPU Q9650 @ 3.00GHz
Percentage of memory in use: 92%
Total physical RAM: 4029.65 MB
Available physical RAM: 286.3 MB
Total Virtual: 8057.44 MB
Available Virtual: 1888.03 MB

==================== Drives ================================

Drive c: (WINDOWS 7 ULTIMATE - 64 BIT) (Fixed) (Total:931.51 GB) (Free:736.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C0451C85)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 01 July 2019 - 03:02 PM

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 

Start::
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {9369C895-5F20-41E1-A9BD-6FB882347E91} - \AutoKMS -> No File <==== ATTENTION
Task: {D9F6AF04-1315-4916-82A2-F39AF027D45A} - \AutoKMSDaily -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.17.0.183&locale=en_US&guid=8414B998-C9A2-4238-845D-73152701C66D&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\Exts\Chrome.crx <not found>
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\ChromeHTML: -> <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [182]
AlternateDataStreams: C:\ProgramData\TEMP:1409277B [382]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:466FA8C3 [284]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [167]
AlternateDataStreams: C:\ProgramData\TEMP:A2CE35BE [266]
AlternateDataStreams: C:\ProgramData\TEMP:ACA2947B [257]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [496]
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C [462]
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
~~~

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
created by Aura

~~~~

Please post these 3 logs when finished.
  • Tech2 likes this
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 Tech2

Tech2

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 July 2019 - 07:01 PM

Juliet: Here is the Requested Information Logs:

 

FRST Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2019

Ran by Jim (01-07-2019 19:53:57) Run:1
Running from C:\Users\Jim\Downloads\Utilities\Hacker repair\First64
Loaded Profiles: Jim (Available Profiles: Jim & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {9369C895-5F20-41E1-A9BD-6FB882347E91} - \AutoKMS -> No File <==== ATTENTION
Task: {D9F6AF04-1315-4916-82A2-F39AF027D45A} - \AutoKMSDaily -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.17.0.183&locale=en_US&guid=8414B998-C9A2-4238-845D-73152701C66D&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-1410203692-3413734974-1764055963-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.17.3.50\Exts\Chrome.crx <not found>
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\...\ChromeHTML: -> <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [182]
AlternateDataStreams: C:\ProgramData\TEMP:1409277B [382]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:466FA8C3 [284]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [167]
AlternateDataStreams: C:\ProgramData\TEMP:A2CE35BE [266]
AlternateDataStreams: C:\ProgramData\TEMP:ACA2947B [257]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [496]
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C [462]
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9369C895-5F20-41E1-A9BD-6FB882347E91}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9369C895-5F20-41E1-A9BD-6FB882347E91}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9F6AF04-1315-4916-82A2-F39AF027D45A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9F6AF04-1315-4916-82A2-F39AF027D45A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily" => removed successfully
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
"HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKU\S-1-5-21-1410203692-3413734974-1764055963-1000_Classes\ChromeHTML => removed successfully
C:\ProgramData\TEMP => ":036B81D9" ADS removed successfully
C:\ProgramData\TEMP => ":1409277B" ADS removed successfully
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully
C:\ProgramData\TEMP => ":466FA8C3" ADS removed successfully
C:\ProgramData\TEMP => ":7687A3E3" ADS removed successfully
C:\ProgramData\TEMP => ":A2CE35BE" ADS removed successfully
C:\ProgramData\TEMP => ":ACA2947B" ADS removed successfully
C:\ProgramData\TEMP => ":BC8E9899" ADS removed successfully
C:\ProgramData\TEMP => ":C72A744C" ADS removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\MSI11998.LOG => moved successfully
C:\Windows\Temp\MSI11999.LOG => moved successfully
C:\Windows\Temp\MSI17d88.LOG => moved successfully
C:\Windows\Temp\MSI17d89.LOG => moved successfully
C:\Windows\Temp\MSI21fcf.LOG => moved successfully
C:\Windows\Temp\MSI21fd0.LOG => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

 

The system needed a reboot.

==== End of Fixlog 19:54:58 ====

 

 

 

AdwCleaner Log:

 

-------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-01-2019
# Duration: 00:00:11
# OS:       Windows 7 Ultimate
# Cleaned:  36
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Common Files\myturbopc.com
Deleted       C:\Program Files (x86)\mipony
Deleted       C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
Deleted       C:\ProgramData\apn
Deleted       C:\ProgramData\myturbopc.com
Deleted       C:\Users\Jim\AppData\Local\Systweak
Deleted       C:\Users\Jim\AppData\Roaming\DriverCure
Deleted       C:\Users\Jim\AppData\Roaming\iWin
Deleted       C:\Users\Jim\AppData\Roaming\mipony
Deleted       C:\Users\Jim\AppData\Roaming\myturbopc.com

***** [ Files ] *****

Deleted       C:\Users\Jim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
Deleted       C:\Users\Jim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Free YouTube Downloader.lnk
Deleted       C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ctry3evk.default\searchplugins\safesearch.xml
Deleted       C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ctry3evk.default\searchplugins\yahoo_ff.xml
Deleted       C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\ImInstaller
Deleted       HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|WeatherBug.exe
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKCU\Software\MyTurboPC.com
Deleted       HKCU\Software\Reimage
Deleted       HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Reimage
Deleted       HKLM\Software\Wow6432Node\ImInstaller
Deleted       HKLM\Software\Wow6432Node\MyTurboPC.com
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKU\.DEFAULT\Software\AskPartnerNetwork
Deleted       HKU\S-1-5-18\Software\AskPartnerNetwork

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4418 octets] - [01/07/2019 20:06:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

Rogue Killer Log:

 

RogueKiller Anti-Malware V13.3.1.0 (x64) [Jul  1 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/d...ad/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Jim [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190701_063258, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/07/01 20:48:23 (Duration : 00:23:39)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\IncrediMail --  -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1410203692-3413734974-1764055963-1000\Software\IM --  -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-21-1410203692-3413734974-1764055963-1000\Software\IncrediMail --  -> Deleted
[PUP.IncrediMail (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\IncrediMail --  -> Deleted
[PUP.SysTweak (Potentially Malicious)] Advanced Identity Protector -- %_Jim_appdata%\Advanced Identity Protector -> Deleted
[PUP.Gen1 (Potentially Malicious)] Free YouTube Downloader -- %localappdata%\Free YouTube Downloader -> Deleted
[PUP.IncrediMail (Potentially Malicious)] IncrediMail -- %programdata%\IncrediMail -> Deleted



#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 02 July 2019 - 03:25 AM

OK good

Let's check for remnants

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
  • After the installation IS complete let it update if it asks.
  • Under SETTINGS.....APPLICATIONS leave everything at default
  • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
  • Then go to the Dashboard and click on SCAN NOW
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
  • Then click on POST
  • Exit Malwarebytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
  • Once the extraction is complete, the EEK folder will open. Right-click on G0tu5D9.pngstart emergency kit scanner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, open EEK again (in the C:\EEK folder);
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Please post these 2 logs when finished.

Also, tell me how the computer is now.
  • Tech2 likes this
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 Tech2

Tech2

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 02 July 2019 - 06:11 AM

Information Logs Requested:

 

Malwarebytes Log:

 

Malwarebytes

www.malwarebytes.com

-Log Details-
Scan Date: 7/2/19
Scan Time: 7:07 AM
Log File: 9db91156-9cb9-11e9-af44-b8ac6fad7fe9.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11362
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DELL380-ULT\Jim

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 304344
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 6 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
Adware.NeoBar, HKLM\SOFTWARE\WOW6432NODE\ADNPR\ANTIMALWARE\key, Quarantined, [1341], [469673],1.0.11362
Adware.NeoBar, HKU\S-1-5-21-1410203692-3413734974-1764055963-1000\SOFTWARE\ADNPR\ANTIMALWARE\key, Quarantined, [1341], [469679],1.0.11362

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.Spigot, C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CTRY3EVK.DEFAULT\PREFS.JS, Replaced, [162], [303258],1.0.11362
PUP.Optional.APNToolBar, C:\USERS\JIM\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{05B91CE4-CA5C-4607-9729-372F8CB3AD30}\THE WEATHER CHANNEL APP.MSI, Quarantined, [593], [76243],1.0.11362

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

 

Emsisoft Emergency Kit -

 

Emsisoft Anti-Malware Trial 2019.6.0.9533 stable [en-us]

OS: Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)

Forensics log

Date Component Action Details
7/2/2019 7:44:59 AM Core Mode changed Auto-Silent mode disabled.
7/2/2019 7:44:24 AM Core Protection started Version 2019.6.0.9533.
7/2/2019 7:41:07 AM Operating System Shutdown received System initiated shutdown.
7/2/2019 7:39:34 AM Core Mode changed Auto-Silent mode enabled.
7/2/2019 7:38:17 AM Core Notification "Updates were downloaded and installed successfully.".
7/2/2019 7:37:42 AM Scheduler Update Downloaded and installed 7 files (31 kb) (7 sec.).
7/2/2019 7:37:35 AM Core Notification "Recommended Reading:9 critical cyber safety lessons to teach your kids".
7/2/2019 7:37:34 AM User DELL380-ULT\Jim Setting modified "On access extensions list" has been changed to "|.asp|.bat|.cab|.cgi|.chm|.cla|.class|.cmd|.com|.cpl|.ini|.css|.dll|.elf|.exe|.hlp|.hta|.htm|.html|.zip|.wh|.jar|.jpe|.jpeg|.jpg|.js|.jse|.lnk|.ocx|.php|.pif|.rar|.xpi|.reg|.scr|.sh|.shs|.src|.sys|.txt|.vbs|.vxd|.wmf|.doc|.docx|.xls|.xlsx|.ppt|.pptx|.pdf|".
7/2/2019 7:37:31 AM Core Setting modified "Unwanted hosts default action" has been changed to "Block and notify".
7/2/2019 7:37:31 AM Core Setting modified "PUP default action" has been changed to "Quarantine with notification".
7/2/2019 7:37:31 AM Core Setting modified License key has been activated.
7/2/2019 7:37:31 AM Core Setting modified "Detect PUPs" has been changed to "Enabled".
7/2/2019 7:37:22 AM Core Protection started Version 2019.6.0.9533.

 

Juliet,

 

The computer seems to be running fine. I can't thank you enough. In your expert opinion, was this computer seriously hacked and what can I do to avoid this problem in the future. I installed Norton thinking that protection would safeguard me from this type of problem - obviously, I was wrong. As far as the email situation goes, I still don't understand what went on and Microsoft is no help.



#8 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 02 July 2019 - 12:36 PM

Juliet,
 
The computer seems to be running fine. I can't thank you enough. In your expert opinion, was this computer seriously hacked and what can I do to avoid this problem in the future. I installed Norton thinking that protection would safeguard me from this type of problem - obviously, I was wrong. As far as the email situation goes, I still don't understand what went on and Microsoft is no help.


Good to hear its running better.

I don't think you were seriously hacked at all.
I think, from what was found, you acquired bits and pieces of malware from items you downloaded. <-- opinion of course.

One thing I think you should do is to reset your router.
Steps to Reboot a Router & Modem

Unplug power down your router
Wait at least 30 seconds. ...
Plug the router back in. ...
Wait at least 60 seconds. ...
Plug the router back in. ...
Wait at least 2 minutes. ...then connect to the internet.

Let's remove tools and quarantine folders.
  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system.
    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
    ).
*********

Additional information
  • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
  • EG85Vjt.pngMalwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • 6YRrgUC.pngMalwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • jv4nhMJ.pngNoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.pngSecunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • j1OLIec.pngSpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • sHjS79L.pngUnchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

  • Tech2 likes this
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 Tech2

Tech2

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 02 July 2019 - 02:01 PM

Great news this wasn't a serious hacking problem. Again I thank you so much for your help.



#10 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 03 July 2019 - 04:38 AM

Before you go, I'd like to mention that since you let someone log onto this computer you need to change all of your passwords.
Just to be on the safe side.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#11 Tech2

Tech2

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 03 July 2019 - 06:00 AM

Thanks Juliet,

I started that process right away. I was worried about that. If I hadn't been so stupid in the first place this might not have been a problem. I'm sure you find that in a lot of cases.

 

Thanks Again



#12 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 03 July 2019 - 06:25 AM

I'm not sure if your a gamer, play games connecting to a server, for a while now I've had a thought connected to this that it's not as safe as it used to be.

For an example, read over the below article
https://www.bleeping...infect-players/

the above might be for an old vulnerability but, I think it's something that will probably become rampant or used on many different gaming servers, including game hacks and cheats.
For more information you can Google 'infected game servers'

Safe surfing SakDYGv.gif
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#13 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 04 July 2019 - 04:34 AM

Glad we could help. SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users