Hello, I've got a Laptop user, who complains about e-mail usage. Problem is that e-mail provider is blocking access to email through POP3 service. When contacted provider, they complain about malishouse e-mails sent from this e-mail. E-mail is handled by Mozilla Thunderbird 38.2.0 (up to date). I've clenaed system with Ccleaner (temporary files and registry), then scanned and cleaned with Malwarebytes Anti-malware (free edition). After I called to provider - they unblocked e-mail and it worked for couple of weeks. Than the same user came with the same problem.
Here is a FRST.txt content:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Genutele (administrator) on GENUTELE-PC (28-09-2015 11:13:29)
Running from C:\Users\Genutele\Desktop
Loaded Profiles: Genutele (Available Profiles: Genutele)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Anglų (Jungtinės Valstijos)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3440398987-2860638947-3812047613-1000\...\MountPoints2: {eeea2b64-3978-11e4-8821-b870f4c9e713} - G:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk [2011-09-09]
ShortcutTarget: Bluetooth Monitor.lnk -> C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe (TOSHIBA CORPORATION)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 212.59.1.1 192.168.1.1
Tcpip\..\Interfaces\{221CC702-E268-48A3-9429-C4036CD51903}: [DhcpNameServer] 212.59.1.1 212.59.2.2
Tcpip\..\Interfaces\{D050B2AD-1DE3-4092-9B95-BA42779D9087}: [DhcpNameServer] 212.59.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3440398987-2860638947-3812047613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.lt/
HKU\S-1-5-21-3440398987-2860638947-3812047613-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3440398987-2860638947-3812047613-1000 -> DefaultScope {CE3D9B55-C915-47DD-80A1-F6FF2AE6B129} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
FireFox:
========
FF ProfilePath: C:\Users\Genutele\AppData\Roaming\Mozilla\Firefox\Profiles\zww4xyjx.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll [2013-12-10] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-09-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll [2012-10-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll [2012-10-03] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-3440398987-2860638947-3812047613-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-09]
FF Extension: Address Bar Search - C:\Users\Genutele\AppData\Roaming\Mozilla\Firefox\Profiles\zww4xyjx.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-19]
Chrome:
=======
CHR Profile: C:\Users\Genutele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Genutele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-03]
CHR Extension: (Google Search) - C:\Users\Genutele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-03]
CHR Extension: (Gmail) - C:\Users\Genutele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2012-10-03] („Google Inc.“)
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2012-10-03] („Google Inc.“)
S4 IconMan_R; C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-28] (Realsil Microelectronics Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] („Microsoft Corporation“)
S3 Program Manager; C:\Program Files\Common Files\ProgramManager\ProgramManager.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 CeKbFilter; C:\Windows\System32\DRIVERS\CeKbFilter.sys [17520 2011-09-09] (Compal Electronics, INC.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-28 11:11 - 2015-09-28 11:12 - 00022472 _____ C:\Users\Genutele\Desktop\Addition.txt
2015-09-28 11:10 - 2015-09-28 11:13 - 00010404 _____ C:\Users\Genutele\Desktop\FRST.txt
2015-09-28 11:10 - 2015-09-28 11:13 - 00000000 ____D C:\FRST
2015-09-28 11:10 - 2015-09-28 11:10 - 00000796 _____ C:\Windows\setupact.log
2015-09-28 11:10 - 2015-09-28 11:10 - 00000000 _____ C:\Windows\setuperr.log
2015-09-28 11:10 - 2015-09-28 10:46 - 01696256 _____ (Farbar) C:\Users\Genutele\Desktop\FRST.exe
2015-09-21 20:19 - 2015-09-21 20:20 - 00000000 ____D C:\Users\Genutele\Documents\Dviratis eko patrulis
2015-09-21 20:14 - 2015-09-27 16:04 - 00000000 ____D C:\Users\Genutele\Documents\Rajono mokytojų metod
2015-09-21 20:12 - 2015-09-21 20:14 - 00000000 ____D C:\Users\Genutele\Documents\Kalėdos
2015-09-21 20:05 - 2015-09-21 20:18 - 00000000 ____D C:\Users\Genutele\Documents\Neformalus ugdymas
2015-09-21 19:58 - 2015-09-21 20:19 - 00000000 ____D C:\Users\Genutele\Documents\Įvairių dainų žodžiai
2015-09-21 19:53 - 2015-09-26 15:17 - 00000000 ____D C:\Users\Genutele\Documents\individualizuotos programos
2015-09-21 19:45 - 2015-09-21 20:07 - 00000000 ____D C:\Users\Genutele\Documents\Tado dainos
2015-09-21 19:41 - 2015-09-22 21:46 - 00000000 ____D C:\Users\Genutele\Documents\NVŠ
2015-09-20 09:23 - 2015-09-20 09:23 - 00000000 ____D C:\Users\Genutele\Desktop\Betliejus2015
2015-09-13 15:53 - 2015-09-21 20:12 - 00000000 ____D C:\Users\Genutele\Documents\olimpiada
2015-09-13 15:50 - 2015-09-13 15:51 - 00000000 ____D C:\Users\Genutele\Documents\betliejaus žvaigždė
2015-09-13 15:39 - 2015-09-21 20:09 - 00000000 ____D C:\Users\Genutele\Documents\būreliai
2015-09-13 15:38 - 2015-09-13 15:49 - 00000000 ____D C:\Users\Genutele\Documents\birutės
2015-09-11 14:47 - 2015-09-11 19:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-11 14:42 - 2015-09-11 14:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-09-11 14:27 - 2015-09-11 14:27 - 00462770 _____ C:\Users\Genutele\AppData\Local\census.cache
2015-09-11 14:27 - 2015-09-11 14:27 - 00158766 _____ C:\Users\Genutele\AppData\Local\ars.cache
2015-09-11 12:19 - 2015-09-11 12:19 - 00000010 _____ C:\Users\Genutele\AppData\Local\sponge.last.runtime.cache
2015-09-11 12:12 - 2015-09-11 12:12 - 00000036 _____ C:\Users\Genutele\AppData\Local\housecall.guid.cache
2015-09-11 12:12 - 2015-05-29 10:43 - 00303744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-09-11 10:58 - 2015-09-11 10:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-11 10:57 - 2015-09-11 10:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Genutele\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-09 20:43 - 2015-09-02 05:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 20:43 - 2015-09-02 05:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 20:43 - 2015-09-02 05:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 20:43 - 2015-09-02 05:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 20:43 - 2015-09-02 04:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 20:43 - 2015-09-02 04:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 20:43 - 2015-08-27 20:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 20:43 - 2015-08-27 20:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 20:43 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 20:43 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 20:43 - 2015-08-05 20:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 20:43 - 2015-08-05 20:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 20:43 - 2015-08-05 20:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 20:43 - 2015-08-04 20:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 20:43 - 2015-08-04 20:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 20:43 - 2015-08-04 20:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 20:43 - 2015-08-04 20:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 20:43 - 2015-08-04 20:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 20:43 - 2015-08-04 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 20:42 - 2015-08-18 04:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 20:42 - 2015-08-15 09:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 20:42 - 2015-08-15 08:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 20:42 - 2015-08-15 08:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 20:42 - 2015-08-15 08:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 20:42 - 2015-08-15 08:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 20:42 - 2015-08-15 08:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 20:42 - 2015-08-15 08:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 20:42 - 2015-08-15 08:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 20:42 - 2015-08-15 08:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 20:42 - 2015-08-15 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 20:42 - 2015-08-15 08:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 20:42 - 2015-08-15 08:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 20:42 - 2015-08-15 08:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 20:42 - 2015-08-15 08:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 20:42 - 2015-08-15 08:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 20:42 - 2015-08-15 08:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 20:42 - 2015-08-15 08:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 20:42 - 2015-08-15 08:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 20:42 - 2015-08-15 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 20:42 - 2015-08-15 08:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 20:42 - 2015-08-15 08:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 20:42 - 2015-08-15 08:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 20:42 - 2015-08-15 08:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 20:42 - 2015-08-15 08:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 20:42 - 2015-08-15 08:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 20:42 - 2015-08-15 08:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 20:42 - 2015-08-15 08:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 20:42 - 2015-08-15 08:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 20:42 - 2015-08-15 07:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 20:42 - 2015-08-15 07:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 20:42 - 2015-08-15 07:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 20:42 - 2015-07-22 20:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 20:42 - 2015-07-22 20:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 20:42 - 2015-07-22 20:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 20:42 - 2015-07-22 20:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 20:42 - 2015-07-22 20:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 20:42 - 2015-07-22 20:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 20:42 - 2015-07-22 20:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 20:42 - 2015-07-22 20:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 20:42 - 2015-07-22 20:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 20:42 - 2015-07-22 20:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 20:42 - 2015-07-22 20:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 20:42 - 2015-07-22 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 20:42 - 2015-07-22 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 20:42 - 2015-07-22 19:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 20:42 - 2015-07-22 19:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 20:42 - 2015-07-22 19:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 20:42 - 2015-07-22 19:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 20:42 - 2015-07-09 20:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 20:42 - 2015-07-09 20:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 20:41 - 2015-08-26 20:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 20:41 - 2015-08-26 20:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 20:41 - 2015-08-26 20:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 20:41 - 2015-08-26 20:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 20:41 - 2015-07-15 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 20:41 - 2015-06-25 12:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 20:41 - 2015-06-25 12:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 20:41 - 2015-06-25 12:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-28 11:12 - 2010-11-21 00:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-28 11:11 - 2011-09-09 03:12 - 01948045 _____ C:\Windows\WindowsUpdate.log
2015-09-28 11:06 - 2011-09-10 03:42 - 00000000 ____D C:\ProgramData\MFAData
2015-09-28 11:01 - 2014-09-11 09:53 - 00000270 _____ C:\Windows\Tasks\AutoKMS.job
2015-09-28 11:01 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-28 07:20 - 2009-07-14 07:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-28 07:20 - 2009-07-14 07:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-23 20:54 - 2013-05-12 17:39 - 00000000 ____D C:\Users\Genutele\AppData\Roaming\vlc
2015-09-16 19:26 - 2015-07-09 08:52 - 00000935 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-16 19:26 - 2015-03-06 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-11 19:04 - 2012-11-22 20:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-11 12:29 - 2014-11-06 23:48 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-09-11 11:52 - 2015-07-09 08:54 - 00000000 ____D C:\Users\Genutele\AppData\Local\Avg2015
2015-09-11 08:58 - 2009-07-14 07:53 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-10 20:22 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-10 08:07 - 2009-07-14 07:33 - 00336448 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 08:05 - 2010-11-21 03:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 08:04 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\lt-LT
2015-09-09 21:39 - 2014-09-11 09:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 21:33 - 2013-08-14 21:25 - 00000000 ____D C:\Windows\system32\MRT
2015-08-29 08:32 - 2012-04-28 12:44 - 00000000 ____D C:\Users\Genutele\.umplayer
==================== Files in the root of some directories =======
2015-09-11 14:27 - 2015-09-11 14:27 - 0158766 _____ () C:\Users\Genutele\AppData\Local\ars.cache
2015-09-11 14:27 - 2015-09-11 14:27 - 0462770 _____ () C:\Users\Genutele\AppData\Local\census.cache
2015-09-11 12:12 - 2015-09-11 12:12 - 0000036 _____ () C:\Users\Genutele\AppData\Local\housecall.guid.cache
2015-09-11 12:19 - 2015-09-11 12:19 - 0000010 _____ () C:\Users\Genutele\AppData\Local\sponge.last.runtime.cache
2012-04-28 13:22 - 2012-10-03 19:09 - 0001534 _____ () C:\ProgramData\ss.ini
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-08 11:06
==================== End of FRST.txt ============================