New unknown startup item

[Tony D]

When this machine boots, WinPatrol say there's a new unknown program in the startup. It's a number starting with 14900xxxxx. The xxxxx digits are different each time. Each time it boots, I click WinPatol's Reject button. Here's an example.


Logs are attached.

 

[starbuck]

Hi Tony

Unfortunately you ran JRT and AdwCleaner after running FRST.
The report will have changed because of this.
Please let me have a fresh set of FRST reports.

Thanks

 

[Tony D]

Sorry about that. Attached is the fresh set of the FRST reports.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by KLUCAS (administrator) on KLUCAS-PC (21-03-2017 07:29:52)
Running from C:\Users\KLUCAS\Desktop
Loaded Profiles: KLUCAS (Available Profiles: KLUCAS)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dlbccoms.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\...\MountPoints2: {332bbb95-df3a-11dd-9de8-001d09a0ff72} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\...\MountPoints2: {eddb7673-fa8e-11e1-9099-001d09a0ff72} - G:\LaunchU3.exe -a
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-30] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0E0C2BEB-FAF8-46BC-9780-B3DACF56BD14}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3402600103-2626558384-1099160823-1000 -> DefaultScope {E3EFC8AE-D9BE-400B-BC14-8A872ABBBA77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3402600103-2626558384-1099160823-1000 -> {E3EFC8AE-D9BE-400B-BC14-8A872ABBBA77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-20] (Oracle Corporation)
BHO: Verizon Broadband Toolbar -> {A057A204-BACC-4D26-8398-26FADCF27386} -> C:\Program Files\verizon_broad\verizon_broad.dll [2008-05-30] (Verizon Online. )
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-20] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27] (Hewlett-Packard Co.)
Toolbar: HKLM - Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll [2008-05-30] (Verizon Online. )
Toolbar: HKU\S-1-5-21-3402600103-2626558384-1099160823-1000 -> Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll [2008-05-30] (Verizon Online. )
Toolbar: HKU\S-1-5-21-3402600103-2626558384-1099160823-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\KLUCAS\AppData\Roaming\Mozilla\Firefox\Profiles\0uxde7hp.default [2017-03-20]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\KLUCAS\AppData\Roaming\Mozilla\Firefox\Profiles\0uxde7hp.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-26] [not signed]
FF Extension: (Adblock Plus) - C:\Users\KLUCAS\AppData\Roaming\Mozilla\Firefox\Profiles\0uxde7hp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-02]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-04-14] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-08] [not signed]
FF HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-03-03] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2015-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2015-05-04] (Apple Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 dlbc_device; C:\Windows\system32\dlbccoms.exe [538096 2007-03-01] ( )
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-30] (Google)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [304408 2017-02-24] (RaMMicHaeL)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2017-03-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\KLUCAS\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] <==== ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-20 21:07 - 2017-03-20 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2017-03-20 20:52 - 2017-03-20 20:56 - 00000000 ____D C:\AdwCleaner
2017-03-20 20:50 - 2017-03-20 20:50 - 00005872 _____ C:\Users\KLUCAS\Desktop\JRT.txt
2017-03-20 20:43 - 2017-03-20 20:45 - 00038665 _____ C:\Users\KLUCAS\Desktop\Addition.txt
2017-03-20 20:42 - 2017-03-21 07:30 - 00039171 _____ C:\Users\KLUCAS\Desktop\FRST.txt
2017-03-20 20:42 - 2017-03-21 07:29 - 00000000 ____D C:\FRST
2017-03-20 20:41 - 2017-03-20 20:41 - 04031440 _____ C:\Users\KLUCAS\Desktop\AdwCleaner.exe
2017-03-20 20:41 - 2017-03-20 20:41 - 01663904 _____ (Malwarebytes) C:\Users\KLUCAS\Desktop\JRT.exe
2017-03-20 20:39 - 2017-03-20 20:39 - 01766912 _____ (Farbar) C:\Users\KLUCAS\Desktop\FRST.exe
2017-03-20 20:32 - 2017-03-20 20:32 - 00014608 _____ C:\Users\KLUCAS\Desktop\MBAM scan log.txt
2017-03-20 20:31 - 2017-03-20 20:31 - 00004476 _____ C:\Users\KLUCAS\Desktop\MBAM log.txt
2017-03-20 18:12 - 2017-03-20 18:12 - 00000000 ____D C:\Users\KLUCAS\AppData\Local\ESET
2017-03-20 16:56 - 2017-03-20 17:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-20 16:55 - 2017-03-20 16:55 - 00001804 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-03-20 16:55 - 2017-03-20 16:55 - 00000000 ____D C:\Users\KLUCAS\AppData\LocalLow\Adobe
2017-03-20 16:54 - 2017-03-20 16:55 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-03-20 16:54 - 2017-03-20 16:54 - 00000000 ____D C:\Program Files\Adobe
2017-03-20 16:33 - 2017-03-20 16:33 - 00000000 ____D C:\Windows\Sun
2017-03-20 16:31 - 2017-03-20 16:31 - 00000000 ____D C:\Program Files\Common Files\Java

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-21 07:28 - 2015-04-01 14:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-21 07:26 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-21 07:26 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-21 07:26 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-20 21:37 - 2006-11-02 08:58 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-20 21:03 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2017-03-20 21:03 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-20 21:00 - 2016-12-19 14:30 - 00000000 ____D C:\Users\KLUCAS\AppData\LocalLow\Mozilla
2017-03-20 17:59 - 2013-04-11 17:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-20 17:00 - 2008-07-02 14:47 - 00000000 ____D C:\ProgramData\Adobe
2017-03-20 16:55 - 2015-04-03 12:13 - 00000000 ____D C:\Users\KLUCAS\AppData\Local\Adobe
2017-03-20 16:55 - 2008-11-08 17:03 - 00000000 ____D C:\Users\KLUCAS\AppData\Roaming\Adobe
2017-03-20 16:37 - 2013-07-22 17:36 - 00000980 _____ C:\Users\Public\Desktop\Vz In-Home Agent.lnk
2017-03-20 16:37 - 2008-11-08 15:58 - 00000000 ____D C:\Program Files\Verizon
2017-03-20 16:37 - 2008-10-21 19:24 - 00000000 ____D C:\Users\KLUCAS
2017-03-20 16:33 - 2016-03-03 09:37 - 00000000 ____D C:\ProgramData\Oracle
2017-03-20 16:31 - 2016-03-03 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-20 16:28 - 2016-03-03 09:52 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-03-20 16:27 - 2016-03-03 10:34 - 00000000 ____D C:\ProgramData\Unchecky
2017-03-20 16:27 - 2008-07-02 14:43 - 00000000 ____D C:\Program Files\Java

==================== Files in the root of some directories =======

2013-07-16 22:24 - 2013-07-16 22:24 - 1358312 _____ () C:\Users\KLUCAS\AppData\Roaming\VzInHomeAgent.exe
2014-04-08 14:41 - 2015-03-03 09:41 - 0000145 _____ () C:\Users\KLUCAS\AppData\Roaming\WB.CFG
2008-10-21 20:17 - 2011-08-16 16:15 - 0000108 _____ () C:\Users\KLUCAS\AppData\Roaming\wklnhst.dat
2008-10-21 20:59 - 2014-04-06 10:00 - 0005216 _____ () C:\Users\KLUCAS\AppData\Local\d3d9caps.dat
2008-12-18 22:01 - 2014-02-09 09:51 - 0007168 _____ () C:\Users\KLUCAS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-04-14 11:26 - 2009-04-14 11:38 - 0000756 _____ () C:\ProgramData\hpzinstall.log
2012-04-09 16:15 - 2016-03-17 10:20 - 0001207 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2016-03-03 11:44 - 2016-02-01 13:21 - 1208776 _____ (Microsoft Corporation) C:\Users\KLUCAS\AppData\Local\Temp\dllnt_dump.dll
2016-01-30 04:10 - 2016-01-30 04:10 - 0736352 _____ (Oracle Corporation) C:\Users\KLUCAS\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-04-10 11:46 - 2016-04-10 11:46 - 0736320 _____ (Oracle Corporation) C:\Users\KLUCAS\AppData\Local\Temp\jre-8u77-windows-au.exe
2015-08-14 08:29 - 2015-07-29 16:08 - 0681097 _____ (SQLite Development Team) C:\Users\KLUCAS\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-21 07:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by KLUCAS (21-03-2017 07:31:12)
Running from C:\Users\KLUCAS\Desktop
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2008-07-02 13:35:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3402600103-2626558384-1099160823-500 - Administrator - Disabled)
Guest (S-1-5-21-3402600103-2626558384-1099160823-501 - Limited - Disabled)
KLUCAS (S-1-5-21-3402600103-2626558384-1099160823-1000 - Administrator - Enabled) => C:\Users\KLUCAS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 2.1.4 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 110.0.180.000 - Hewlett-Packard) Hidden
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
GPBaseService (Version: 110.0.180.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{86732AE7-CB91-4f15-B091-FBA3D3926CD6}) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.0 - HP)
HP Solution Center 11.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 11.0 - HP)
HP Update (HKLM\...\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}) (Version: 4.000.009.002 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 110.0.180.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 110.0.180.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM\...\{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}) (Version: 1.6.0 - Verizon)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
iTunes (HKLM\...\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}) (Version: 10.2.2.14 - Apple Inc.)
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.4 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.0.1 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.1 ESR (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
OCR Software by I.R.I.S. 11.0 (HKLM\...\HPOCR) (Version: 11.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 110.0.180.000 - Hewlett-Packard) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
PS_AIO_03_C4400_ProductContext (Version: 110.0.201.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software (Version: 110.0.201.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software_Min (Version: 110.0.201.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
SmartWebPrinting (Version: 110.0.182.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version: - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Unchecky v1.0.2 (HKLM\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Verizon Broadband Toolbar (IE only) (HKLM\...\verizon_broad) (Version: - )
Verizon FiOS Activation (HKLM\...\Verizon FiOS Activation_is1) (Version: - Verizon)
Verizon Online Help and Support (HKLM\...\Verizon Online Help and Support) (Version: - )
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
VoiceOver Kit (HKLM\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.93.0 - Verizon)
Vz In-Home Agent (HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\...\VzInHomeAgent) (Version: 9.0.35.0 - Verizon)
WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
Wrapper (HKLM\...\{394E7D98-28C7-4CD8-B503-7E43BC43A0F2}) (Version: 1.00.0000 - Verizon)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3402600103-2626558384-1099160823-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {306A24F1-8341-48A3-97FC-BCD24FFAFEC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-03] (Adobe Systems Incorporated)
Task: {399B879D-C421-41E5-A2CF-91B2F1EE6359} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {5861A001-E304-4F30-9EEB-390E514FC969} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {879C8518-1DFB-459A-919F-90D412B2FFA3} - System32\Tasks\{FC5ED9EE-72FB-4876-A615-3068B6E97D89} => pcalua.exe -a C:\Windows\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -c -dDell Photo Printer 720
Task: {89E6E377-087E-4321-BD9C-25D8DBA852FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BADED546-1E1D-44BC-99DE-9C73BA0711C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\KLUCAS\Favorites\Verizon Links\About Verizon.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_cor
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Links\Help.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_hel
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Links\Safety & Security.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=wc_safet
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Links\Search.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_allsearc
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Links\SuperPages.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_superp
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Links\Switching Tips.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_switc
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Links\Verizon Wireless.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_vzwireles
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Links\Welcome Page.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=wc_welcom
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Central\Broadband Beat.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_dslliv
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Central\E-Mail & More.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_webmai
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Central\Help.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_hel
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Central\My Account.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_myacc
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Central\My Web Space.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_mywebs
Shortcut: C:\Users\KLUCAS\Favorites\Verizon Central\Shop Verizon.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_shopv

ShortcutWithArgument: C:\Users\KLUCAS\Desktop\Verizon Webmail.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://webmail.verizon.net

==================== Loaded Modules (Whitelisted) ==============

2016-03-02 17:31 - 2007-01-31 23:11 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbcpp5c.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2017-03-21 07:26 - 00001961 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 5 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img17.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartAccess AutoStart => "C:\Program Files\Verizon\FIOS\smartaccess\FIOS.exe" /file:///C:/Program Files/Verizon/FIOS/sscommon/common/snapins/shell/ss_shell.htm ""
MSCONFIG\startupreg: Verizon_McciTrayApp => C:\Program Files\Verizon\McciTrayApp.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{3D84C16D-7FD3-4BE6-B87F-7370926AB057}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{2301A351-6981-428F-ADBE-C37C389A5F9D}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{46B64A67-CB28-4AB9-B064-F999909166EB}] => (Allow) C:\Windows\System32\dlbccoms.exe
FirewallRules: [{97BE632D-5A18-426F-943F-C5CEA9287294}] => (Allow) C:\Windows\System32\dlbccoms.exe
FirewallRules: [{20261853-16DC-4B69-B2F1-1491D840E007}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9B0B9E69-53AE-48CD-9F42-C550D788C253}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{58423259-57A1-4D34-AD19-F96D21FA250A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{CF8691CD-7B55-4405-B78A-9BB3F633D286}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FC3F9A50-625A-4F77-BE19-C15C3AB51412}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B24A9505-C3B1-4687-B5D9-65B33D224E4F}] => (Allow) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe
FirewallRules: [{5D075E2A-EDDE-4B88-89E6-70D48D787F87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{50EEDFD9-4498-425D-A924-35A3AC85B45A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{137944C8-7A6C-4515-9063-D705963A2BF3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{EE222D04-81FD-48DF-80AF-8AEA35D23B99}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{548B80A8-B1DA-4559-B8B7-5C203C8BF330}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{330A141D-0A6C-48CC-BFAF-279C74A0F267}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{0F3C0227-8DD1-45D0-A34C-FFE2AB2766FD}] => (Allow) LPort=80
FirewallRules: [{E0651634-7A86-4E1D-A6F8-324BB88D3C46}] => (Allow) LPort=80
FirewallRules: [{61FCFC9A-8A3F-423D-AF4F-ABD33D22C3C2}] => (Allow) LPort=80
FirewallRules: [{81A7253B-00C3-4DB7-AF67-1C4B00760CE6}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{874BBD58-E781-45CD-B387-E1EBD385FBC7}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{9E3E3E75-68F7-4895-8784-B5FF0AC278F6}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{C3705DF5-98E0-44F1-ABA5-F63E3BF04EA9}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{A4D1DC8E-D154-45B5-BBD6-D12DDC2221BC}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{221EC99A-6E06-4EEB-8906-4B5BD1C7F5E8}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{27E44BF8-5BA4-45AA-95F2-345886996943}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F3AAFD2-42C2-44BE-B837-26595738D174}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8E0675B9-DD69-458C-80D5-582CB219BA51}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F651ABA7-F1EE-4A05-BDF8-6DEF15EB99D0}] => (Allow) LPort=50000
FirewallRules: [{EAC200AA-1ED5-4C59-80DA-F168462554A3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C6A05375-00D4-48A4-BEAA-3E249A1092CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{23839F7F-D419-4B06-B335-D3F1413FAAA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C579178C-AC86-4808-9045-E2258B0CE8B3}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E7B48F29-810E-4C1F-9CCE-59DD503659BE}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{CADE7EAA-B815-4F6C-BDAD-A488216E6B3A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3FC0BF13-8789-489D-A474-67D7468F6560}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{39322250-808E-4045-B023-2FA66250FD1B}] => (Allow) LPort=50000
FirewallRules: [{E223AED9-6BA1-4914-B33E-66639AE19A81}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{B049BAFA-81F2-4D6E-B19D-6F1809A76A1B}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C042BDA6-A868-40F4-8A82-181D823D1EC7}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8B06766C-9C3C-4128-8BF7-A5A46732652A}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8E051C17-F324-421B-B20F-2E6ABCAD7992}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{84DBE278-497B-4692-8CE0-8F446BA35418}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

30-04-2016 10:35:01 Windows Update
07-05-2016 09:56:08 Windows Update
27-05-2016 14:38:04 Windows Update
05-06-2016 12:18:00 Windows Update
16-06-2016 11:19:03 Windows Update
16-06-2016 14:21:07 Windows Update
28-06-2016 09:17:57 Windows Update
06-07-2016 10:01:46 Windows Update
18-07-2016 09:10:29 Windows Update
29-07-2016 09:50:36 Windows Update
16-08-2016 08:36:58 Windows Update
16-09-2016 09:36:13 Windows Update
27-09-2016 09:48:27 Windows Update
03-11-2016 10:07:58 Windows Update
17-11-2016 09:29:46 Windows Update
02-12-2016 10:59:10 Windows Update
19-12-2016 12:41:37 Windows Update
29-12-2016 11:06:42 Windows Update
05-01-2017 09:25:17 Windows Update
15-01-2017 12:07:17 Windows Update
03-02-2017 12:39:33 Windows Update
16-02-2017 09:17:53 Windows Update
03-03-2017 11:34:34 Windows Update
17-03-2017 10:48:50 Windows Update
20-03-2017 16:34:58 Removed TECHNICAL
20-03-2017 20:48:51 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2017 07:28:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 08:59:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 08:27:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 06:01:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 05:44:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 05:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 04:20:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/17/2017 10:47:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/03/2017 11:32:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/24/2017 04:41:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/21/2017 07:28:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (03/21/2017 07:26:28 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412

Error: (03/20/2017 09:37:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.237.1420.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13504.0

Error code: 0x8024001e

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (03/20/2017 08:59:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (03/20/2017 08:57:41 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412

Error: (03/20/2017 08:56:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.237.1420.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13504.0

Error code: 0x8024001e

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (03/20/2017 08:56:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/20/2017 08:56:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

Error: (03/20/2017 08:56:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/20/2017 08:56:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-03-21 07:28:38.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 21:00:07.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 20:28:32.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 18:01:53.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:45:02.763
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:23:14.793
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:23:14.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:23:13.873
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:23:13.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:23:12.953
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 3316.27 MB
Available physical RAM: 1247.11 MB
Total Virtual: 6868.57 MB
Available Virtual: 4751.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:151.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[starbuck]

Hi Tony,

Seems the removal tools have cleaned up most of it.
Let's sort the rest out. ( not a lot to do )

Step 1
I see CryptoPrevent is installed.
Please don't be lead into thinking that this will stop all Ransomware.
It was really designed to stop one particular type.
As other Rannsomware has come along, different areas of the system could be targeted.
Also... CyrptoLocker has now been taken down.

QuickTime

Please uninstall Quicktime for Windows.

It is now a security risk:
Apple is deprecating QuickTime for Microsoft Windows.
They will no longer be issuing security updates for the product on the Windows Platform and as such they recommend users uninstall it.

And because Apple is no longer providing security updates for QuickTime on Windows, the present vulnerabilities are never going to be patched.

Malwarebytes Anti-Malware version 2.1.4.1018
This version is quite old now.
I recommend that you remove it and install the latest version.
My tutorial will explain how it should be installed:
Installing MalwareBytes V3


Step 2
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 3
I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

• Download esetsmartinstaller_enu.exe and save it to your Desktop
• Double click the icon
• Check YES, I accept the Terms of Use
• Click the Start button
• Accept any security warnings from your browser
• Click Advanced settings
• Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology​

• Click Start
• ESET will then download updates and begin scanning your computer
• If no threats are found simply click Uninstall application on close and hit Finish
• If threats are found click List of found threats
• Click Export to text file
• Save the file on your Desktop as ESET.txt
• Click Back
• Click Finish
• Close the ESET Online Scanner window
• Copy and paste the contents of ESET.txt in your reply

In your next reply, please submit:
Fixlog.txt
Eset scan report


Thanks.

 

[Tony D]

1) Thanks for the heads-up on CryptoPrevent.
2) QuickTime has been uninstalled.
3) If I install MBAM v3 per your instructions, will it pull the license from the registry? I can't find license information in HKLM\Software\Malwarebytes Antimalware. My notes say things changed with v2.

Here are the logs.

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by KLUCAS (21-03-2017 17:17:34) Run:1
Running from C:\Users\KLUCAS\Desktop
Loaded Profiles: KLUCAS (Available Profiles: KLUCAS)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3402600103-2626558384-1099160823-1000 -> DefaultScope {E3EFC8AE-D9BE-400B-BC14-8A872ABBBA77} URL =
Toolbar: HKU\S-1-5-21-3402600103-2626558384-1099160823-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
S3 cpuz134; \??\C:\Users\KLUCAS\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] <==== ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2016-03-03 11:44 - 2016-02-01 13:21 - 1208776 _____ (Microsoft Corporation) C:\Users\KLUCAS\AppData\Local\Temp\dllnt_dump.dll
2016-01-30 04:10 - 2016-01-30 04:10 - 0736352 _____ (Oracle Corporation) C:\Users\KLUCAS\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-04-10 11:46 - 2016-04-10 11:46 - 0736320 _____ (Oracle Corporation) C:\Users\KLUCAS\AppData\Local\Temp\jre-8u77-windows-au.exe
2015-08-14 08:29 - 2015-07-29 16:08 - 0681097 _____ (SQLite Development Team) C:\Users\KLUCAS\AppData\Local\Temp\sqlite3.dll
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-3402600103-2626558384-1099160823-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value removed successfully.
HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => key not found.
HKLM\System\CurrentControlSet\Services\cpuz134 => key removed successfully.
cpuz134 => service removed successfully.
HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully.
IpInIp => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully.
NwlnkFlt => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully.
NwlnkFwd => service removed successfully.
C:\Users\KLUCAS\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\KLUCAS\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Users\KLUCAS\AppData\Local\Temp\jre-8u77-windows-au.exe => moved successfully
C:\Users\KLUCAS\AppData\Local\Temp\sqlite3.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task => key removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8935320 B
Java, Flash, Steam htmlcache => 681 B
Windows/system/drivers => 236740771 B
Edge => 0 B
Chrome => 0 B
Firefox => 458852440 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 84327 B
LocalService => 66228 B
NetworkService => 779159681 B
KLUCAS => 64466337 B

RecycleBin => 3075274 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:18:32 ====


C:\GVTS\AdwCleaner\Quarantine\C\Program Files\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted
C:\GVTS\AdwCleaner\Quarantine\C\Users\KLUCAS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip.vir multiple threats deleted
C:\GVTS\AdwCleaner\Quarantine\C\Users\KLUCAS\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted

 

[Tony D]

Note: WinPatrol is still flagging an automatic startup entry as shown in my first post. The number changes with each restart. The number is increasing in value each time. Maybe this is a normal Vista thing.

One other question, will an anti-virus be required if MBAM v3 is installed?

Thanks,

 

[starbuck]

Hi Tony.

Just a quick reply as I'm in work now.
As v2 has to be completely removed first, you will need to know the license key beforehand.
Not sure what Winpatrol is seeing as nothing showing in the reports.
Malwarebytes v3 can be run alongside your AV or instead of it..... up to you.
Will get back to you after work.

 

[Tony D]

WinPatrol has reported the following numbered files, each is a new number which comes up on each boot:
1490046333
1490047176
1490055989
1490057874
1490095599
1490130591
1490131382
1490132419
1490140856
1490186479

WinPatrol says they are located in the System32 folder. I don't see them. Since the numbered file changes, it should show up if I sort the System32 folder by date modified. The changed files are perfh009.dat, perfc009.dat and PerfStringBackup. VirusTotal says each are clean.

Looking thru my notes, I first noticed this after I installed Acrobat Reader 11. I've now uninstalled Acrobat Reader XI and WinPatrol is no longer flagging a new startup item. I reinstalled Acrobat Reader 11 and those startup notices are coming up again. Even if I Accept the Change, on next boot, there's another message from WinPatrol with a new number.

 

[Tony D]

To follow up, I tried to install Acrobat DC instead of the Reader. Adobe said a newer version is already installed. Well, there's no version listed in Programs and Features.

I ran Revo and Total Uninstall. They didn't see Acrobat Reader or DC installed. (btw: anyone know what the DC stands for?)

I installed Foxit Reader. Seems OK, except svchost is high. It's wuauserv again.

 

[starbuck]

Hi Tony,

I reinstalled Acrobat Reader 11 and those startup notices are coming up again.

The latest version is: 2015.023.20070

I see that your version of Adobe Flash Player is out of date as well:

Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)

Latest version is: 24.0.0.227

Check my thread here: Latest Adobe versions I always try and keep it updated.

After reading what you have said about Adobe, I did some searches.
Seems that Winpatrol has had numerous issues in the past when a newer version of Adobe has been released.

btw: anyone know what the DC stands for?

Adobe DC = Adobe Document Cloud (DC) services.

except svchost is high. It's wuauserv again.

The old Windows Update service taking forever to find updates again.
Seeing as Windows Vista reaches its ‘End of Life’ on 11th April 2017 ( meaning there will be no more updates from MS) you haven't much to lose by turning off Windows Updates.
To turn off the Windows Update service..... use the keyboard shortcut: Win key + R to bring up the run window.
Type in services.msc then click OK.
Scroll down the list and double click on Windows Update.
Stop the service and change the service type to Disabled
Click Apply... OK.

 

[Tony D]

I pulled Acrobat Reader right from Adobe's site. When selecting the OS: XP, 7, 8, and 10 were listed, but not Vista. I chose W7. Version XI is the one that Adobe gave me. Wonder if that had something to do with it.

Thanks for the heads up on Flash, I'll take care of that.

Thanks for explaining DC = Document Cloud.

What do you think about installing Avast or Avira Free AV to run along MBAM. She doesn't have the MBAM key so I won't be upgrading MBAM from v2 to v3.

Also, she uses this machine mostly to do her taxes using Turbo Tax. I don't think she even has an email account. She brought the computer to me last year at this same time because it was slow. I added RAM at that time.

 

[starbuck]

pulled Acrobat Reader right from Adobe's site. When selecting the OS: XP, 7, 8, and 10 were listed, but not Vista.

When you use the link in my post, it will detect your OS and browser and give you the correct version.

What do you think about installing Avast or Avira Free AV to run along MBAM. She doesn't have the MBAM key so I won't be upgrading MBAM from v2 to v3.

I personally would go for Avira.

MBAM v2 will still work ..... it's just slower compared to the latest version.
You could send MalwareBytes an email and ask about the license ... nothing to lose.

 

[Tony D]

Thanks, I was thinking Avira.

When you use the link in my post, it will detect your OS and browser and give you the correct version.

Maybe on newer machines, but not on her Vista using Firefox. I just tested on my XP machine using IE, Chrome, and FF. Adobe doesn't detect the OS when accessed via any of those browsers. The user has to choose and Vista is not in the list. They keep changing things.

 

[starbuck]

Maybe on newer machines, but not on her Vista using Firefox. I just tested on my XP machine using IE, Chrome, and FF. Adobe doesn't detect the OS when accessed via any of those browsers.

I'll give it a try on my Win7 and Win 8.1 later and see what I get.
This is what I get from my Win10 system:

 

[Tony D]

Those links are working perfectly on my W7 with Chrome, IE, and FF.

 

[starbuck]

Those links are working perfectly on my W7 with Chrome, IE, and FF.

Then it would seem that you are right about the info not showing on older out of date systems.