Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

E-mail provider is blocking connection to e-mail service. [Closed]

Started by Vyc , Sep 28 2015 03:13 AM

  • This topic is locked This topic is locked

#1
Vyc
Posted 28 September 2015 - 03:13 AM

Vyc

    New Member

  • Member
  • Pip
  • 2 posts

Hello, I've got a Laptop user, who complains about e-mail usage. Problem is that e-mail provider is blocking access to email through POP3 service. When contacted provider, they complain about malishouse e-mails sent from this e-mail. E-mail is handled by Mozilla Thunderbird 38.2.0 (up to date). I've clenaed system with Ccleaner (temporary files and registry), then scanned and cleaned with Malwarebytes Anti-malware (free edition). After I called to provider - they unblocked e-mail and it worked for couple of weeks. Than the same user came with the same problem.

 

Here is a FRST.txt content:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Genutele (administrator) on GENUTELE-PC (28-09-2015 11:13:29)
Running from C:\Users\Genutele\Desktop
Loaded Profiles: Genutele (Available Profiles: Genutele)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Anglų (Jungtinės Valstijos)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3440398987-2860638947-3812047613-1000\...\MountPoints2: {eeea2b64-3978-11e4-8821-b870f4c9e713} - G:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk [2011-09-09]
ShortcutTarget: Bluetooth Monitor.lnk -> C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe (TOSHIBA CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.59.1.1 192.168.1.1
Tcpip\..\Interfaces\{221CC702-E268-48A3-9429-C4036CD51903}: [DhcpNameServer] 212.59.1.1 212.59.2.2
Tcpip\..\Interfaces\{D050B2AD-1DE3-4092-9B95-BA42779D9087}: [DhcpNameServer] 212.59.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3440398987-2860638947-3812047613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.lt/
HKU\S-1-5-21-3440398987-2860638947-3812047613-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3440398987-2860638947-3812047613-1000 -> DefaultScope {CE3D9B55-C915-47DD-80A1-F6FF2AE6B129} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Genutele\AppData\Roaming\Mozilla\Firefox\Profiles\zww4xyjx.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll [2013-12-10] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-09-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll [2012-10-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll [2012-10-03] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-3440398987-2860638947-3812047613-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-09]
FF Extension: Address Bar Search - C:\Users\Genutele\AppData\Roaming\Mozilla\Firefox\Profiles\zww4xyjx.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-19]

Chrome:
=======
CHR Profile: C:\Users\Genutele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Genutele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-03]
CHR Extension: (Google Search) - C:\Users\Genutele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-03]
CHR Extension: (Gmail) - C:\Users\Genutele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2012-10-03] („Google Inc.“)
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2012-10-03] („Google Inc.“)
S4 IconMan_R; C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-28] (Realsil Microelectronics Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] („Microsoft Corporation“)
S3 Program Manager; C:\Program Files\Common Files\ProgramManager\ProgramManager.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 CeKbFilter; C:\Windows\System32\DRIVERS\CeKbFilter.sys [17520 2011-09-09] (Compal Electronics, INC.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-28 11:11 - 2015-09-28 11:12 - 00022472 _____ C:\Users\Genutele\Desktop\Addition.txt
2015-09-28 11:10 - 2015-09-28 11:13 - 00010404 _____ C:\Users\Genutele\Desktop\FRST.txt
2015-09-28 11:10 - 2015-09-28 11:13 - 00000000 ____D C:\FRST
2015-09-28 11:10 - 2015-09-28 11:10 - 00000796 _____ C:\Windows\setupact.log
2015-09-28 11:10 - 2015-09-28 11:10 - 00000000 _____ C:\Windows\setuperr.log
2015-09-28 11:10 - 2015-09-28 10:46 - 01696256 _____ (Farbar) C:\Users\Genutele\Desktop\FRST.exe
2015-09-21 20:19 - 2015-09-21 20:20 - 00000000 ____D C:\Users\Genutele\Documents\Dviratis eko patrulis
2015-09-21 20:14 - 2015-09-27 16:04 - 00000000 ____D C:\Users\Genutele\Documents\Rajono mokytojų metod
2015-09-21 20:12 - 2015-09-21 20:14 - 00000000 ____D C:\Users\Genutele\Documents\Kalėdos
2015-09-21 20:05 - 2015-09-21 20:18 - 00000000 ____D C:\Users\Genutele\Documents\Neformalus ugdymas
2015-09-21 19:58 - 2015-09-21 20:19 - 00000000 ____D C:\Users\Genutele\Documents\Įvairių dainų žodžiai
2015-09-21 19:53 - 2015-09-26 15:17 - 00000000 ____D C:\Users\Genutele\Documents\individualizuotos programos
2015-09-21 19:45 - 2015-09-21 20:07 - 00000000 ____D C:\Users\Genutele\Documents\Tado dainos
2015-09-21 19:41 - 2015-09-22 21:46 - 00000000 ____D C:\Users\Genutele\Documents\NVŠ
2015-09-20 09:23 - 2015-09-20 09:23 - 00000000 ____D C:\Users\Genutele\Desktop\Betliejus2015
2015-09-13 15:53 - 2015-09-21 20:12 - 00000000 ____D C:\Users\Genutele\Documents\olimpiada
2015-09-13 15:50 - 2015-09-13 15:51 - 00000000 ____D C:\Users\Genutele\Documents\betliejaus žvaigždė
2015-09-13 15:39 - 2015-09-21 20:09 - 00000000 ____D C:\Users\Genutele\Documents\būreliai
2015-09-13 15:38 - 2015-09-13 15:49 - 00000000 ____D C:\Users\Genutele\Documents\birutės
2015-09-11 14:47 - 2015-09-11 19:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-11 14:42 - 2015-09-11 14:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-09-11 14:27 - 2015-09-11 14:27 - 00462770 _____ C:\Users\Genutele\AppData\Local\census.cache
2015-09-11 14:27 - 2015-09-11 14:27 - 00158766 _____ C:\Users\Genutele\AppData\Local\ars.cache
2015-09-11 12:19 - 2015-09-11 12:19 - 00000010 _____ C:\Users\Genutele\AppData\Local\sponge.last.runtime.cache
2015-09-11 12:12 - 2015-09-11 12:12 - 00000036 _____ C:\Users\Genutele\AppData\Local\housecall.guid.cache
2015-09-11 12:12 - 2015-05-29 10:43 - 00303744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-09-11 10:58 - 2015-09-11 10:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-11 10:57 - 2015-09-11 10:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Genutele\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-09 20:43 - 2015-09-02 05:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 20:43 - 2015-09-02 05:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 20:43 - 2015-09-02 05:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 20:43 - 2015-09-02 05:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 20:43 - 2015-09-02 04:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 20:43 - 2015-09-02 04:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 20:43 - 2015-08-27 20:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 20:43 - 2015-08-27 20:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 20:43 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 20:43 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 20:43 - 2015-08-05 20:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 20:43 - 2015-08-05 20:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 20:43 - 2015-08-05 20:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 20:43 - 2015-08-04 20:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 20:43 - 2015-08-04 20:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 20:43 - 2015-08-04 20:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 20:43 - 2015-08-04 20:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 20:43 - 2015-08-04 20:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 20:43 - 2015-08-04 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 20:42 - 2015-08-18 04:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 20:42 - 2015-08-15 09:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 20:42 - 2015-08-15 08:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 20:42 - 2015-08-15 08:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 20:42 - 2015-08-15 08:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 20:42 - 2015-08-15 08:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 20:42 - 2015-08-15 08:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 20:42 - 2015-08-15 08:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 20:42 - 2015-08-15 08:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 20:42 - 2015-08-15 08:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 20:42 - 2015-08-15 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 20:42 - 2015-08-15 08:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 20:42 - 2015-08-15 08:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 20:42 - 2015-08-15 08:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 20:42 - 2015-08-15 08:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 20:42 - 2015-08-15 08:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 20:42 - 2015-08-15 08:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 20:42 - 2015-08-15 08:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 20:42 - 2015-08-15 08:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 20:42 - 2015-08-15 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 20:42 - 2015-08-15 08:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 20:42 - 2015-08-15 08:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 20:42 - 2015-08-15 08:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 20:42 - 2015-08-15 08:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 20:42 - 2015-08-15 08:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 20:42 - 2015-08-15 08:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 20:42 - 2015-08-15 08:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 20:42 - 2015-08-15 08:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 20:42 - 2015-08-15 08:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 20:42 - 2015-08-15 07:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 20:42 - 2015-08-15 07:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 20:42 - 2015-08-15 07:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 20:42 - 2015-07-22 20:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 20:42 - 2015-07-22 20:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 20:42 - 2015-07-22 20:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 20:42 - 2015-07-22 20:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 20:42 - 2015-07-22 20:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 20:42 - 2015-07-22 20:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 20:42 - 2015-07-22 20:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 20:42 - 2015-07-22 20:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 20:42 - 2015-07-22 20:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 20:42 - 2015-07-22 20:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 20:42 - 2015-07-22 20:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 20:42 - 2015-07-22 20:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 20:42 - 2015-07-22 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 20:42 - 2015-07-22 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 20:42 - 2015-07-22 19:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 20:42 - 2015-07-22 19:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 20:42 - 2015-07-22 19:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 20:42 - 2015-07-22 19:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 20:42 - 2015-07-09 20:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 20:42 - 2015-07-09 20:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 20:41 - 2015-08-26 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 20:41 - 2015-08-26 20:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 20:41 - 2015-08-26 20:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 20:41 - 2015-08-26 20:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 20:41 - 2015-08-26 20:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 20:41 - 2015-07-15 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 20:41 - 2015-06-25 12:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 20:41 - 2015-06-25 12:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 20:41 - 2015-06-25 12:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-28 11:12 - 2010-11-21 00:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-28 11:11 - 2011-09-09 03:12 - 01948045 _____ C:\Windows\WindowsUpdate.log
2015-09-28 11:06 - 2011-09-10 03:42 - 00000000 ____D C:\ProgramData\MFAData
2015-09-28 11:01 - 2014-09-11 09:53 - 00000270 _____ C:\Windows\Tasks\AutoKMS.job
2015-09-28 11:01 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-28 07:20 - 2009-07-14 07:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-28 07:20 - 2009-07-14 07:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-23 20:54 - 2013-05-12 17:39 - 00000000 ____D C:\Users\Genutele\AppData\Roaming\vlc
2015-09-16 19:26 - 2015-07-09 08:52 - 00000935 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-16 19:26 - 2015-03-06 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-11 19:04 - 2012-11-22 20:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-11 12:29 - 2014-11-06 23:48 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-09-11 11:52 - 2015-07-09 08:54 - 00000000 ____D C:\Users\Genutele\AppData\Local\Avg2015
2015-09-11 08:58 - 2009-07-14 07:53 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-10 20:22 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-10 08:07 - 2009-07-14 07:33 - 00336448 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 08:05 - 2010-11-21 03:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 08:04 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\lt-LT
2015-09-09 21:39 - 2014-09-11 09:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 21:33 - 2013-08-14 21:25 - 00000000 ____D C:\Windows\system32\MRT
2015-08-29 08:32 - 2012-04-28 12:44 - 00000000 ____D C:\Users\Genutele\.umplayer

==================== Files in the root of some directories =======

2015-09-11 14:27 - 2015-09-11 14:27 - 0158766 _____ () C:\Users\Genutele\AppData\Local\ars.cache
2015-09-11 14:27 - 2015-09-11 14:27 - 0462770 _____ () C:\Users\Genutele\AppData\Local\census.cache
2015-09-11 12:12 - 2015-09-11 12:12 - 0000036 _____ () C:\Users\Genutele\AppData\Local\housecall.guid.cache
2015-09-11 12:19 - 2015-09-11 12:19 - 0000010 _____ () C:\Users\Genutele\AppData\Local\sponge.last.runtime.cache
2012-04-28 13:22 - 2012-10-03 19:09 - 0001534 _____ () C:\ProgramData\ss.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-08 11:06

==================== End of FRST.txt ============================


  • 0

Advertisements

#2
Essexboy
Posted 28 September 2015 - 08:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did the user change the passwords for e-mail ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-09]
S3 Program Manager; C:\Program Files\Common Files\ProgramManager\ProgramManager.exe [X]
C:\Program Files\Common Files\ProgramManager
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy
Posted 02 October 2015 - 11:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP