Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Removing Taboola adds from friend's computer/home page [Solved]


  • This topic is locked This topic is locked

#1
JEISEN

JEISEN

    Member

  • Member
  • PipPipPip
  • 167 posts

I'm finally off the road. Here is the log file from her PC:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Rose (administrator) on ROSE-PC (23-06-2016 14:17:44)
Running from C:\Users\Rose\Downloads
Loaded Profiles: Rose (Available Profiles: Rose)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2010-06-14] (Analog Devices, Inc.)
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2015-11-07]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v3 Genie.lnk [2016-04-11]
ShortcutTarget: NETGEAR WNDA3100v3 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE (NETGEAR)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.85.30.3 172.85.30.5
Tcpip\..\Interfaces\{2007EEF5-2412-42DC-8FDA-E5F04BAFD448}: [DhcpNameServer] 173.44.120.40 173.44.120.41
Tcpip\..\Interfaces\{5A365DA6-A0B7-4593-A2D8-97906C55A9CE}: [DhcpNameServer] 172.85.30.3 172.85.30.5

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\mrqq39a6.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Remove It Permanently - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\mrqq39a6.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2016-05-09]
FF Extension: Search Engine Ad Remover - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\mrqq39a6.default\Extensions\@searchengineadremover.xpi [2016-06-02]
FF Extension: Pop-up Controller - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\mrqq39a6.default\Extensions\[email protected] [2016-04-28]
FF Extension: Strict Pop-up Blocker - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\mrqq39a6.default\Extensions\[email protected] [2016-04-28]
FF Extension: New Tab Homepage - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\mrqq39a6.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-01-27]
FF Extension: Adblock Plus - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\mrqq39a6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [279296 2016-05-17] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 WNDA3100v3; C:\Windows\System32\DRIVERS\WNDA3100v3.sys [2225808 2014-12-08] (MediaTek Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-23 14:17 - 2016-06-23 14:18 - 00008986 _____ C:\Users\Rose\Downloads\FRST.txt
2016-06-23 14:16 - 2016-06-23 14:17 - 00000000 ____D C:\FRST
2016-06-23 14:15 - 2016-06-23 14:15 - 02387456 _____ (Farbar) C:\Users\Rose\Downloads\FRST64.exe
2016-06-17 13:14 - 2016-06-17 13:14 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-15 10:16 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 10:16 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 10:16 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 10:16 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 10:16 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 10:16 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 10:16 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 10:16 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 10:16 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 10:16 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 10:16 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 10:16 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 10:16 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 10:16 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 10:16 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 10:16 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 10:16 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 10:16 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 10:16 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 10:16 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 10:16 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 10:16 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 10:16 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 10:16 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 10:16 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 10:16 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 10:16 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 10:16 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 10:16 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 10:16 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 10:16 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 10:16 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 10:16 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 10:16 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 10:16 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 10:16 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 10:16 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 10:16 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 10:16 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 10:16 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 10:16 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 10:16 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 10:16 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 10:16 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 10:16 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 10:16 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 10:16 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 10:16 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 10:16 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 10:16 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 10:16 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 10:16 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 10:16 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 10:16 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 10:16 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 10:16 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 10:15 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 10:15 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 10:15 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 10:15 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 10:15 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 10:15 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 10:15 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 10:15 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 10:15 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 10:15 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 10:15 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 10:15 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 10:15 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 10:15 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 10:15 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 10:15 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 10:15 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 10:15 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 10:15 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 10:15 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 10:15 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 10:15 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 10:15 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 10:15 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 10:15 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 10:15 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 10:15 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 10:15 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 10:15 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 10:15 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 10:15 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 10:15 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 10:15 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 10:15 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 10:15 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 10:15 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 10:15 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 10:15 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 10:15 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 10:15 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 10:15 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 10:15 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 10:15 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 10:15 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 10:15 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 10:15 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 10:15 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 10:15 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 10:15 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 10:15 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 10:15 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 10:15 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 10:15 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 10:15 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 10:15 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 10:15 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 10:15 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 10:15 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 10:15 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 10:15 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 10:15 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 10:15 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 10:15 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 10:15 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 10:15 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 10:15 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-09 23:24 - 2016-06-11 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-26 18:02 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-05-26 18:02 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-05-26 18:02 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-05-26 18:02 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-05-26 18:02 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-05-26 18:02 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-05-26 18:02 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-05-26 18:02 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-05-26 18:02 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-05-26 18:02 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-05-26 18:02 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-05-26 18:02 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-05-26 18:02 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-26 18:02 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-05-26 18:02 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-26 18:02 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-05-26 18:02 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-26 18:02 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-26 08:03 - 2016-06-23 14:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-26 08:03 - 2016-05-26 08:03 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-26 08:03 - 2016-05-26 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-26 08:03 - 2016-05-26 08:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-26 08:03 - 2016-05-26 08:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-26 08:03 - 2016-03-10 17:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-26 08:03 - 2016-03-10 17:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-26 08:03 - 2016-03-10 17:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-26 08:01 - 2016-05-26 08:02 - 22851472 _____ (Malwarebytes ) C:\Users\Rose\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-26 07:56 - 2016-05-26 07:56 - 03678272 _____ C:\Users\Rose\Downloads\adwcleaner_5.118.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-23 14:14 - 2015-07-07 14:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-23 13:47 - 2015-11-07 12:02 - 00000000 ____D C:\ProgramData\MFAData
2016-06-23 09:29 - 2009-07-14 00:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-23 09:29 - 2009-07-14 00:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-23 09:20 - 2016-04-11 19:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-06-23 09:19 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 13:14 - 2015-07-07 14:15 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 13:14 - 2015-07-07 14:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 13:14 - 2015-07-07 14:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 12:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-06-16 11:02 - 2009-07-14 00:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-16 10:59 - 2015-07-07 13:12 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-16 00:01 - 2015-07-07 11:06 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 23:56 - 2015-07-07 11:06 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 10:16 - 2015-11-07 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-11 10:28 - 2015-11-07 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-03 12:57 - 2015-07-07 14:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-27 11:18 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-27 11:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-26 21:11 - 2016-05-06 03:13 - 00000000 ____D C:\Windows\SysWOW64\GWX
2016-05-26 21:11 - 2016-01-05 04:37 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 07:57 - 2016-05-09 19:54 - 00000000 ____D C:\AdwCleaner

Some files in TEMP:
====================
C:\Users\Rose\AppData\Local\Temp\avguirn_081247668940.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_081635537688.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_082013740879.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_082084462725.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_08238857032.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_08276474042.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_08454881608.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_08574558967.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_0880885172.exe
C:\Users\Rose\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Rose\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-18 09:59

==================== End of FRST.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,890 posts
  • MVP
Best to post logs as you get them.
 
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     

     
    Run FRST again as before( right click and run as admin).  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 1

    #3
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts

    Thank you sorry for the late reply. I kept waiting for an email alert of a reply. Which seems it should be an automatic default thing to happen if you are posting a problem. Instead of clicking this or that. Waiting for replies have delayed my answering sooner in past posts as well-anyway- I will pay her a visit and post result as soon as I can.


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,890 posts
    • MVP

    Delay are no problem but you should have gotten an email.  Make sure that your email address is correct in your profile and also check your spam folder.  Every once in a while gmail decides to send all of my G2G mail to the spam folder.


    • 1

    #5
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts

    I did get email notice of your reply (this one) last night. Funny you mention gmail problems. I've had random off topic things that have happened. I do make an effort to look through the spam folder. It was probably put in there the weeks I was gone and deleted en masse. When I'm on the road I don't have time to check any emails. So there's always a catch up and wait factor. So thanks for the replies/help and hangin' in there with me!

     

    Not getting an email is odd. I see I have been following this all along. I should be one of the three following .lol


    Edited by JEISEN, 06 July 2016 - 09:43 AM.

    • 0

    #6
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts
    # AdwCleaner v5.201 - Logfile created 08/07/2016 at 14:07:59
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-08.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Rose - ROSE-PC
    # Running from : C:\Users\Rose\Downloads\AdwCleaner.exe
    # Option : Scan
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [11650 bytes] - [09/05/2016 20:02:53]
    C:\AdwCleaner\AdwCleaner[S1].txt - [11139 bytes] - [09/05/2016 19:54:40]
    C:\AdwCleaner\AdwCleaner[S2].txt - [941 bytes] - [26/05/2016 07:57:55]
    C:\AdwCleaner\AdwCleaner[S3].txt - [860 bytes] - [08/07/2016 14:07:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [932 bytes] ##########
    • 0

    #7
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts
    Here is the second scan:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by Rose (Administrator) on Fri 07/08/2016 at 14:18:11.28
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 25

    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C61AXIE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A864DDYX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9RVLMR9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGZOG6ZE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\prefetch\FREECELL.EXE-B8D57695.pf (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C61AXIE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A864DDYX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9RVLMR9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGZOG6ZE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109 (Temporary Internet Files Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 07/08/2016 at 14:22:23.64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • 0

    #8
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts

    I never did get this resolved :(


    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,890 posts
    • MVP

    You never posted the new FRST log:

     

    Run FRST again as before( right click and run as admin).  Make sure Addition.txt is checked and hit Scan.  Post both logs.


    • 1

    #10
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts

    You never posted the new FRST log:

     

    Run FRST again as before( right click and run as admin).  Make sure Addition.txt is checked and hit Scan.  Post both logs.

    Sorry I wasn't aware I was supposed to submit a new FRST log. I did as instructed with the two scans and posted results and waited for a reply. I didn't want to be pushy and post "bump" like I've seen others do. So this issue was forgotten until she had a problem with  Outlook. So I thought I would try Taboola issue again. I won't have access to her computer until after Noon EST. I will post both logs then, thanks!!


    • 0

    Advertisements


    #11
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
    Ran by Rose (administrator) on ROSE-PC (10-01-2017 13:56:56)
    Running from C:\Users\Rose\Downloads
    Loaded Profiles: Rose (Available Profiles: Rose)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFCA.EXE
    (© 2015 Microsoft Corporation) C:\Users\Rose\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe
    (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
    HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2010-06-14] (Analog Devices, Inc.)
    HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\...\Run: [EPSON NX410 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\...\Run: [BingSvc] => C:\Users\Rose\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2015-11-07]
    ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v3 Genie.lnk [2016-04-11]
    ShortcutTarget: NETGEAR WNDA3100v3 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE (NETGEAR)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 172.85.30.3 172.85.30.5
    Tcpip\..\Interfaces\{2007EEF5-2412-42DC-8FDA-E5F04BAFD448}: [DhcpNameServer] 173.44.120.40 173.44.120.41
    Tcpip\..\Interfaces\{5A365DA6-A0B7-4593-A2D8-97906C55A9CE}: [DhcpNameServer] 172.85.30.3 172.85.30.5

    Internet Explorer:
    ==================

    FireFox:
    ========
    FF ProfilePath: C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445 [2017-01-10]
    FF Homepage: Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445 -> hxxp://www.msn.com/?pfr=1
    FF Extension: (New Tab Homepage) - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-01-04]
    FF Extension: (Adblock Plus) - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-09]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
    R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
    R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
    R3 WNDA3100v3; C:\Windows\System32\DRIVERS\WNDA3100v3.sys [2225808 2014-12-08] (MediaTek Inc.)
    S3 athur; system32\DRIVERS\athurx.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-10 13:45 - 2017-01-10 13:45 - 00000000 ____D C:\Users\Rose\Downloads\FRST-OlderVersion
    2017-01-04 10:49 - 2017-01-04 10:49 - 00000000 ____D C:\searchplugins
    2017-01-04 10:49 - 2017-01-04 10:49 - 00000000 ____D C:\extensions
    2017-01-04 10:48 - 2017-01-04 10:48 - 02569592 _____ (Microsoft Corporation) C:\Users\Rose\Downloads\DefaultPack(1).EXE
    2017-01-04 10:47 - 2017-01-04 10:47 - 02569592 _____ (Microsoft Corporation) C:\Users\Rose\Downloads\DefaultPack.EXE
    2017-01-04 10:30 - 2017-01-04 10:30 - 02519416 _____ (Microsoft Corporation) C:\Users\Rose\Downloads\MSNHomepage.EXE
    2017-01-04 00:09 - 2017-01-04 00:09 - 00000000 ____D C:\Users\Rose\Desktop\Old Firefox Data
    2016-12-14 10:57 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-12-14 10:57 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-12-14 10:57 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-12-14 10:56 - 2016-11-21 13:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-12-14 10:56 - 2016-11-21 13:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-12-14 10:56 - 2016-11-21 13:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-12-14 10:56 - 2016-11-21 13:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-12-14 10:56 - 2016-11-20 11:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-12-14 10:56 - 2016-11-20 11:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-12-14 10:56 - 2016-11-20 11:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-12-14 10:56 - 2016-11-20 11:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2016-12-14 10:56 - 2016-11-20 11:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-12-14 10:56 - 2016-11-20 11:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-12-14 10:56 - 2016-11-20 11:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-12-14 10:56 - 2016-11-20 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-12-14 10:56 - 2016-11-20 10:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-12-14 10:56 - 2016-11-20 10:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-12-14 10:56 - 2016-11-20 10:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-12-14 10:56 - 2016-11-20 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-12-14 10:56 - 2016-11-20 10:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-12-14 10:56 - 2016-11-20 09:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-12-14 10:56 - 2016-11-17 11:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2016-12-14 10:56 - 2016-11-14 18:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-12-14 10:56 - 2016-11-14 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-12-14 10:56 - 2016-11-12 14:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-12-14 10:56 - 2016-11-12 14:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-12-14 10:56 - 2016-11-12 14:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-12-14 10:56 - 2016-11-12 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-12-14 10:56 - 2016-11-12 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-12-14 10:56 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-12-14 10:56 - 2016-11-12 14:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-12-14 10:56 - 2016-11-12 14:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-12-14 10:56 - 2016-11-12 14:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-12-14 10:56 - 2016-11-12 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-12-14 10:56 - 2016-11-12 14:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-12-14 10:56 - 2016-11-12 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-12-14 10:56 - 2016-11-12 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-12-14 10:56 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-12-14 10:56 - 2016-11-12 14:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-12-14 10:56 - 2016-11-12 13:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-12-14 10:56 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-12-14 10:56 - 2016-11-12 13:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-12-14 10:56 - 2016-11-12 13:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-12-14 10:56 - 2016-11-12 13:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-12-14 10:56 - 2016-11-12 13:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-12-14 10:56 - 2016-11-12 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-12-14 10:56 - 2016-11-12 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-12-14 10:56 - 2016-11-12 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-12-14 10:56 - 2016-11-12 13:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-12-14 10:56 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-12-14 10:56 - 2016-11-12 13:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-12-14 10:56 - 2016-11-12 13:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-12-14 10:56 - 2016-11-12 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-12-14 10:56 - 2016-11-12 13:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-12-14 10:56 - 2016-11-12 13:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-12-14 10:56 - 2016-11-12 13:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-12-14 10:56 - 2016-11-12 13:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-12-14 10:56 - 2016-11-12 13:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-12-14 10:56 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-12-14 10:56 - 2016-11-12 13:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-12-14 10:56 - 2016-11-12 13:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-12-14 10:56 - 2016-11-12 13:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-12-14 10:56 - 2016-11-12 13:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-12-14 10:56 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-12-14 10:56 - 2016-11-12 13:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-12-14 10:56 - 2016-11-12 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-12-14 10:56 - 2016-11-12 13:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-12-14 10:56 - 2016-11-12 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-12-14 10:56 - 2016-11-12 12:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-12-14 10:56 - 2016-11-12 12:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-12-14 10:56 - 2016-11-12 12:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-12-14 10:56 - 2016-11-12 12:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-12-14 10:56 - 2016-11-12 12:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-12-14 10:56 - 2016-11-12 12:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-12-14 10:56 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-12-14 10:56 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-12-14 10:56 - 2016-11-12 12:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-12-14 10:56 - 2016-11-12 12:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-12-14 10:56 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-12-14 10:56 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-12-14 10:56 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-12-14 10:56 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-12-14 10:56 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-12-14 10:56 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-12-14 10:56 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-12-14 10:56 - 2016-11-10 11:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-12-14 10:56 - 2016-11-10 11:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2016-12-14 10:56 - 2016-11-09 11:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-12-14 10:56 - 2016-11-09 11:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-12-14 10:56 - 2016-11-09 11:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-12-14 10:56 - 2016-11-09 11:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-12-14 10:56 - 2016-11-09 11:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-12-14 10:56 - 2016-11-09 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-12-14 10:56 - 2016-11-09 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-12-14 10:56 - 2016-11-09 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-12-14 10:56 - 2016-11-09 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-12-14 10:56 - 2016-11-09 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-12-14 10:56 - 2016-11-09 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-12-14 10:56 - 2016-11-09 11:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-12-14 10:56 - 2016-11-09 11:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-12-14 10:56 - 2016-11-09 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-12-14 10:56 - 2016-11-06 11:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-12-14 10:56 - 2016-11-06 11:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-12-14 10:56 - 2016-11-06 11:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-12-14 10:56 - 2016-10-27 10:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2016-12-14 10:56 - 2016-10-27 10:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2016-12-14 10:56 - 2016-10-11 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-12-14 10:56 - 2016-10-11 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-12-14 10:56 - 2016-10-11 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-12-14 10:56 - 2016-10-11 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-12-14 10:56 - 2016-10-11 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-12-14 10:56 - 2016-10-11 10:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-12-14 10:56 - 2016-10-11 10:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-12-14 10:56 - 2016-10-11 10:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-12-14 10:56 - 2016-10-11 10:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-12-14 10:56 - 2016-10-11 09:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-12-14 10:56 - 2016-10-11 09:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-12-14 10:56 - 2016-10-11 09:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2016-12-14 10:56 - 2016-10-11 09:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-12-14 10:56 - 2016-10-11 09:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-12-14 10:56 - 2016-10-11 09:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-12-14 10:56 - 2016-10-11 09:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-12-14 10:56 - 2016-10-11 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-12-14 10:56 - 2016-10-11 09:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 09:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-12-14 10:56 - 2016-10-11 08:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
    2016-12-14 10:56 - 2016-10-11 08:17 - 00419648 _____ C:\Windows\system32\locale.nls
    2016-12-14 10:56 - 2016-10-08 08:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-12-14 10:56 - 2016-10-04 10:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-12-14 10:56 - 2016-10-04 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-12-14 10:56 - 2016-10-04 10:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-12-14 10:56 - 2016-10-04 10:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-12-14 10:56 - 2016-10-04 10:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2016-12-14 10:56 - 2016-10-04 10:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2016-12-14 10:56 - 2016-10-04 10:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2016-12-14 10:56 - 2016-10-04 10:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-10 13:58 - 2016-06-23 13:17 - 00008597 _____ C:\Users\Rose\Downloads\FRST.txt
    2017-01-10 13:56 - 2016-06-23 13:16 - 00000000 ____D C:\FRST
    2017-01-10 13:45 - 2016-06-23 13:15 - 02419200 _____ (Farbar) C:\Users\Rose\Downloads\FRST64.exe
    2017-01-10 13:39 - 2016-11-18 21:01 - 00000000 ____D C:\Users\Rose\AppData\LocalLow\Mozilla
    2017-01-10 13:14 - 2015-07-07 13:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-01-10 10:15 - 2015-11-07 11:02 - 00000000 ____D C:\ProgramData\MFAData
    2017-01-10 09:14 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-01-10 09:14 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-01-10 08:53 - 2016-04-11 18:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2017-01-10 08:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-01-09 15:56 - 2016-09-20 17:13 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
    2017-01-09 15:03 - 2009-07-14 00:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-01-09 15:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2017-01-02 22:32 - 2015-11-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2016-12-17 10:25 - 2016-11-18 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-12-17 10:25 - 2015-11-07 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-12-17 10:25 - 2010-11-20 22:47 - 00030904 _____ C:\Windows\PFRO.log
    2016-12-15 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2016-12-15 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
    2016-12-15 11:47 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\assembly
    2016-12-15 09:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\winsxs
    2016-12-15 09:25 - 2009-07-13 21:34 - 00262144 ____H C:\Users\Default\NTUSER.DAT.LOG1
    2016-12-15 09:24 - 2009-07-13 23:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-12-15 09:22 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Internet Explorer
    2016-12-15 09:22 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
    2016-12-15 09:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
    2016-12-15 09:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
    2016-12-15 09:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\en-US
    2016-12-15 09:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Boot
    2016-12-15 09:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppPatch
    2016-12-15 00:17 - 2015-07-07 10:06 - 00000000 ____D C:\Windows\system32\MRT
    2016-12-15 00:11 - 2015-07-07 10:06 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-12-15 00:08 - 2015-07-07 13:20 - 00773560 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-12-14 10:23 - 2016-04-14 19:57 - 00000000 ____D C:\Windows\system32\catroot2
    2016-12-13 18:14 - 2015-07-07 13:15 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-12-13 18:14 - 2015-07-07 13:15 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-12-13 18:14 - 2015-07-07 13:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-12-13 18:14 - 2015-07-07 13:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-12-13 18:14 - 2015-07-07 13:15 - 00000000 ____D C:\Windows\system32\Macromed

    Some files in TEMP:
    ====================
    C:\Users\Rose\AppData\Local\Temp\avguirn_081247668940.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_081486885703.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_081635537688.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_082013740879.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_082084462725.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_08238857032.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_08276474042.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_0828183126.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_08454881608.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_08574558967.exe
    C:\Users\Rose\AppData\Local\Temp\avguirn_0880885172.exe
    C:\Users\Rose\AppData\Local\Temp\BSvcProcessor.exe
    C:\Users\Rose\AppData\Local\Temp\BSvcUpdater.exe
    C:\Users\Rose\AppData\Local\Temp\GLB1A2B.EXE
    C:\Users\Rose\AppData\Local\Temp\Setup.exe
    C:\Users\Rose\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\Rose\AppData\Local\Temp\_is3180.exe
    C:\Users\Rose\AppData\Local\Temp\_isCF0.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-01-03 08:59

    ==================== End of FRST.txt ============================


    • 0

    #12
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
    Ran by Rose (10-01-2017 13:59:09)
    Running from C:\Users\Rose\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2015-11-07 18:19:48)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1687921294-1965150460-3559065622-500 - Administrator - Disabled)
    Guest (S-1-5-21-1687921294-1965150460-3559065622-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1687921294-1965150460-3559065622-1002 - Limited - Enabled)
    Rose (S-1-5-21-1687921294-1965150460-3559065622-1000 - Administrator - Enabled) => C:\Users\Rose

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
    AVG (Version: 16.141.7996 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.141.7996 - AVG Technologies)
    AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
    Bingo Master (HKLM-x32\...\Bingo Master) (Version:  - )
    Collector's Edition 251 (HKLM-x32\...\Collector's Edition 251) (Version:  - )
    Cook'n for PC (HKLM-x32\...\Cook'n for PC) (Version:  - )
    Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
    Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
    EPSON NX410 Series Printer Uninstall (HKLM\...\EPSON NX410 Series) (Version:  - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
    FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
    GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
    NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
    NETGEAR WNDA3100v3 (x32 Version: 1.0.0.10 - NETGEAR) Hidden
    NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{60C50FCC-545B-4D5D-B0D1-4A773143BCE7}) (Version: 1.0.0.10 - NETGEAR)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
    World's Best Board Games (HKLM-x32\...\{D990DBB3-510C-4EC6-8299-CEF4CE949E69}_is1) (Version:  - cerasus.media GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {076E087B-7010-48E9-A7DB-794605E821D2} - System32\Tasks\{46554341-4BCE-43BF-A382-0CFB202FA300} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {07CC30AC-7C95-4FDD-9D5D-5521B43282BB} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {22716027-2775-4E35-8598-2A8E521B51D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {27673857-73E9-411B-A4E0-48BF922918BC} - System32\Tasks\{DDA78F91-84FD-4006-9D47-23339E6E157C} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {312D93F3-C6E9-4826-BBBB-59D4B2188168} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
    Task: {342A65E5-FC19-44BC-8E45-EEDFA359FB32} - System32\Tasks\{FA2D65EE-6DC5-44DB-A582-061E95297D7D} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {376B2BBD-FD01-4A20-A8C1-E5661631F8E0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {39ED8473-E3A2-40C1-AF5D-DE99969A2DAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {43A0C19B-8A4F-4A35-BB76-2CC2B9D208D9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {462E3576-22E2-4425-8E2D-7CA4230BC706} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {699DEAA5-6457-4F78-A32B-1817E6EDF3FD} - System32\Tasks\{2FAA0E06-03D1-471D-BA17-1E3F052C92E1} => pcalua.exe -a C:\Users\Rose\Downloads\epson13422.exe -d C:\Users\Rose\Downloads
    Task: {796A6EF9-41A9-4FE5-AD53-88CA1179C7E8} - System32\Tasks\{89381C7A-9154-4ECB-AD70-D9EB3139F283} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {94EF0B0D-0EA7-4C81-A57B-A962DF3069DF} - System32\Tasks\{00BA0C0A-676E-4AF3-8C46-3A0081535BE8} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {9A6A6566-CEBA-44A1-88DB-A1AF7BFF7A42} - System32\Tasks\{F53AC796-83E8-49D3-8536-742A55972953} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {9DF7D7DD-CACE-4843-9B99-D1824DB211AD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B373C8FC-2A40-40DC-9CBD-54AB0E3E7259} - System32\Tasks\{646A3B40-24AA-43D1-9068-0E7BDF369158} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {BA047E7A-DD8F-4FE6-A3F3-3709B7257740} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {BFBE67F7-7AB0-447C-8D6C-B25F96F34EEF} - System32\Tasks\{D186FD19-A47D-4E5A-903B-5820D519AA62} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {C18077C7-1543-4663-8B75-46797E1A436F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {CA80646C-BCE3-4F1A-8670-184B7644F1BD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {CC000D40-8537-4834-9F06-7F09749D8793} - System32\Tasks\{1BF940F6-A9B6-45B1-862B-49A40E1CE5B9} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {D953EA11-F66A-42CD-A138-CF4F19F3B257} - System32\Tasks\{304FE325-B2C6-4CEA-BCEE-478D306F12E8} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {F52AFB60-6F34-4431-9984-99EE5E5AA982} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {F5D22763-B6BC-400B-886F-321BBD2DD224} - System32\Tasks\{0E600EDF-77EA-4D2A-883C-120CCE397E8C} => pcalua.exe -a D:\SetupWizard.exe -d D:\
    Task: {F69044FA-CE27-42FD-B792-DDD2E4D4C073} - System32\Tasks\{74B804BA-EE20-4B28-8980-DA08181CE808} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-12-22 09:03 - 2014-12-22 12:03 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\Ralink.dll
    2012-11-21 17:26 - 2012-11-21 20:26 - 01204224 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\RaWLAPI.dll
    2016-06-25 12:29 - 2009-03-12 14:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    2016-06-25 12:29 - 2008-11-21 12:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
    2016-11-28 16:28 - 2016-11-28 16:27 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\techinline.net -> hxxps://*.techinline.net
    IE trusted site: HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\...\fixme.it -> hxxps://fixme.it
    IE trusted site: HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\...\techinline.net -> hxxps://*.techinline.net

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 172.85.30.3 - 172.85.30.5
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{4F1E18F5-067F-494E-BB82-FC196A691F40}E:\snapy drivers'\sdi_r167.exe] => E:\snapy drivers'\sdi_r167.exe
    FirewallRules: [UDP Query User{77ED0BC5-A97D-4C49-8C3C-3106769608E0}E:\snapy drivers'\sdi_r167.exe] => E:\snapy drivers'\sdi_r167.exe
    FirewallRules: [{B6FEF0F3-971E-4FB2-B157-7609D9E59D08}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F968AB03-AB6D-4D64-A7AD-F4A12587C8D4}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{246E0C6C-39A8-49BC-8EC8-EFA5967E4DE6}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{FE340FBB-36C4-49F8-A52D-E38222A4BACE}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [TCP Query User{92FBD79C-4633-4548-845B-CD2944AC5D4E}C:\users\rose\appdata\local\dvo\cook'n10app\cook'n.exe] => C:\users\rose\appdata\local\dvo\cook'n10app\cook'n.exe
    FirewallRules: [UDP Query User{0A0B5702-1B1F-4E3F-B71B-14524957413F}C:\users\rose\appdata\local\dvo\cook'n10app\cook'n.exe] => C:\users\rose\appdata\local\dvo\cook'n10app\cook'n.exe
    FirewallRules: [{5F4FF82F-497D-4CAA-B618-D38A182B8666}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{97150B0C-E684-4D5F-9ABE-D8B8E9A218E2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{A19B2D93-C3D8-4326-8612-96793793A668}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{E4025C45-A020-418E-9B7C-817564568D1F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [TCP Query User{046AE693-5F4D-4A5A-AD1D-32C0EF85603C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{048DB2EE-7636-4734-991B-91E2C2165FD2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{1E721C11-BF87-4400-8EB3-8C3EC8BBD69F}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{B28A4B67-B5F1-4C43-8667-C241DF24F250}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{56F27ACF-F5F9-4D87-A941-046B0A6F6016}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{C27FB072-6559-44D9-A28A-30FA287027C0}] => C:\Program Files (x86)\AVG\Av\avgemca.exe

    ==================== Restore Points =========================

    22-12-2016 10:52:35 Scheduled Checkpoint
    30-12-2016 10:05:41 Scheduled Checkpoint
    06-01-2017 14:35:34 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/10/2017 11:44:41 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: LMS Service lost connection to HECI driver

    Error: (01/10/2017 10:56:16 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WNA1100.exe, version: 1.1.4.27, time stamp: 0x4e2fbdc9
    Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a979a47
    Exception code: 0xc0000005
    Fault offset: 0x10019faf
    Faulting process id: 0x89c
    Faulting application start time: 0x01d26b48dbedf7ce
    Faulting application path: C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    Faulting module path: WifiSvcLib.dll
    Report Id: 515bbb79-d74d-11e6-9e92-001aa08692ce

    Error: (01/10/2017 08:54:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/09/2017 03:11:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program E_IARNFCA.EXE version 5.0.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 13cc

    Start Time: 01d26ab37d4bf2af

    Termination Time: 0

    Application Path: C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNFCA.EXE

    Report Id: cecdb6df-d6a7-11e6-87bc-001aa08692ce

    Error: (01/09/2017 10:16:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WNA1100.exe, version: 1.1.4.27, time stamp: 0x4e2fbdc9
    Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a979a47
    Exception code: 0xc0000005
    Fault offset: 0x10019faf
    Faulting process id: 0x838
    Faulting application start time: 0x01d26a81ff550368
    Faulting application path: C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    Faulting module path: WifiSvcLib.dll
    Report Id: 89c3b5bf-d67e-11e6-87bc-001aa08692ce

    Error: (01/09/2017 09:36:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d
    Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950
    Exception code: 0xc0000005
    Fault offset: 0x0000000000023c00
    Faulting process id: 0xd54
    Faulting application start time: 0x01d26a82b2398aab
    Faulting application path: C:\Windows\system32\CompatTelRunner.exe
    Faulting module path: C:\Windows\system32\devinv.dll
    Report Id: 11d58cba-d679-11e6-87bc-001aa08692ce

    Error: (01/09/2017 09:10:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/08/2017 11:28:03 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: LMS Service lost connection to HECI driver

    Error: (01/08/2017 11:26:21 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: LMS Service lost connection to HECI driver

    Error: (01/08/2017 11:25:02 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: LMS Service lost connection to HECI driver


    System errors:
    =============
    Error: (01/10/2017 08:53:17 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/10/2017 08:53:00 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/09/2017 11:47:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/09/2017 09:09:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/09/2017 09:09:35 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/09/2017 12:15:42 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/08/2017 08:56:01 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/08/2017 08:55:44 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/08/2017 12:05:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.

    Error: (01/07/2017 11:53:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    Access is denied.


    ==================== Memory info ===========================

    Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
    Percentage of memory in use: 85%
    Total physical RAM: 2004.61 MB
    Available physical RAM: 288.47 MB
    Total Virtual: 4009.23 MB
    Available Virtual: 2021.89 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:142.28 GB) (Free:104.92 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5F88294C)
    Partition 1: (Active) - (Size=6.8 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=142.3 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,890 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   7.82KB   31 downloads
     
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
    Also go into Firefox, and click on the ADP stop sign.  It should offer you a choice: Options.  Click on it and
    UNCHECK Allow some non-intrusive advertising
     
    Turns out Taboola bribes Adblock Plus to let their ads get through.
     
    If you are going to provide support in the future you might want to get the free TeamViewer program and set it up so you can remote control the PC any time they have a problem.
     
    Then you just need to install it on your PC and you can log on anytime their PC is online.  You can also set it up so that they have to manually start the program if they want.  More secure that way. 
     
     

    • 1

    #14
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts

    Thanks for the help!! It might be a day or two before I can post results. I dropped in on her today not knowing she was a little sick.

    Thanks for the ABP tip! She has followed some of my suggestions. I got her to switch to FF from IE. She really likes ABP. When I was out of town she had a tech come fix a problem she was having. He deleted her ABP. She's happy to have it back!

    I did drop a few hints about this Taboola problem. I would say things like. "I use Gmail-it has NO ads!" "I search with Google. IT HAS NO ADS!" Some people just won't take hints!!

     

    Shame on ABP!!!

     

    YES TeamViewer is AWESOME!! I've been using it for a long time. I've been trying to find the right way to explain how TV could help her/us and get things done quicker for her. Here in New England..well..the weather sucks!! Teens yesterday, 20-30 today. Fixing things from my place would be ideal!

         I'll post logs ASAP!


    • 0

    #15
    JEISEN

    JEISEN

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 167 posts

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
    Ran by Rose (13-01-2017 14:07:17) Run:1
    Running from C:\Users\Rose\Downloads
    Loaded Profiles: Rose (Available Profiles: Rose)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    FF Extension: (New Tab Homepage) - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-01-04]
    S3 athur; system32\DRIVERS\athurx.sys [X]
    Task: {076E087B-7010-48E9-A7DB-794605E821D2} - System32\Tasks\{46554341-4BCE-43BF-A382-0CFB202FA300} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {27673857-73E9-411B-A4E0-48BF922918BC} - System32\Tasks\{DDA78F91-84FD-4006-9D47-23339E6E157C} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {312D93F3-C6E9-4826-BBBB-59D4B2188168} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
    Task: {342A65E5-FC19-44BC-8E45-EEDFA359FB32} - System32\Tasks\{FA2D65EE-6DC5-44DB-A582-061E95297D7D} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {376B2BBD-FD01-4A20-A8C1-E5661631F8E0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {39ED8473-E3A2-40C1-AF5D-DE99969A2DAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {43A0C19B-8A4F-4A35-BB76-2CC2B9D208D9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {462E3576-22E2-4425-8E2D-7CA4230BC706} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {796A6EF9-41A9-4FE5-AD53-88CA1179C7E8} - System32\Tasks\{89381C7A-9154-4ECB-AD70-D9EB3139F283} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {94EF0B0D-0EA7-4C81-A57B-A962DF3069DF} - System32\Tasks\{00BA0C0A-676E-4AF3-8C46-3A0081535BE8} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {9A6A6566-CEBA-44A1-88DB-A1AF7BFF7A42} - System32\Tasks\{F53AC796-83E8-49D3-8536-742A55972953} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {9DF7D7DD-CACE-4843-9B99-D1824DB211AD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B373C8FC-2A40-40DC-9CBD-54AB0E3E7259} - System32\Tasks\{646A3B40-24AA-43D1-9068-0E7BDF369158} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {BA047E7A-DD8F-4FE6-A3F3-3709B7257740} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {BFBE67F7-7AB0-447C-8D6C-B25F96F34EEF} - System32\Tasks\{D186FD19-A47D-4E5A-903B-5820D519AA62} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {C18077C7-1543-4663-8B75-46797E1A436F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {CA80646C-BCE3-4F1A-8670-184B7644F1BD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {CC000D40-8537-4834-9F06-7F09749D8793} - System32\Tasks\{1BF940F6-A9B6-45B1-862B-49A40E1CE5B9} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {D953EA11-F66A-42CD-A138-CF4F19F3B257} - System32\Tasks\{304FE325-B2C6-4CEA-BCEE-478D306F12E8} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: {F52AFB60-6F34-4431-9984-99EE5E5AA982} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {F5D22763-B6BC-400B-886F-321BBD2DD224} - System32\Tasks\{0E600EDF-77EA-4D2A-883C-120CCE397E8C} => pcalua.exe -a D:\SetupWizard.exe -d D:\
    Task: {F69044FA-CE27-42FD-B792-DDD2E4D4C073} - System32\Tasks\{74B804BA-EE20-4B28-8980-DA08181CE808} => C:\Program Files (x86)\eGames\Bingo Master\gbrowser.exe [2000-08-24] (eGames, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"



    *****************

    C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi => moved successfully
    HKLM\System\CurrentControlSet\Services\athur => key removed successfully
    athur => service removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{076E087B-7010-48E9-A7DB-794605E821D2} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{076E087B-7010-48E9-A7DB-794605E821D2} => key removed successfully
    C:\Windows\System32\Tasks\{46554341-4BCE-43BF-A382-0CFB202FA300} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{46554341-4BCE-43BF-A382-0CFB202FA300} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27673857-73E9-411B-A4E0-48BF922918BC} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27673857-73E9-411B-A4E0-48BF922918BC} => key removed successfully
    C:\Windows\System32\Tasks\{DDA78F91-84FD-4006-9D47-23339E6E157C} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DDA78F91-84FD-4006-9D47-23339E6E157C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{312D93F3-C6E9-4826-BBBB-59D4B2188168} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{312D93F3-C6E9-4826-BBBB-59D4B2188168} => key removed successfully
    C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{342A65E5-FC19-44BC-8E45-EEDFA359FB32} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{342A65E5-FC19-44BC-8E45-EEDFA359FB32} => key removed successfully
    C:\Windows\System32\Tasks\{FA2D65EE-6DC5-44DB-A582-061E95297D7D} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA2D65EE-6DC5-44DB-A582-061E95297D7D} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{376B2BBD-FD01-4A20-A8C1-E5661631F8E0} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{376B2BBD-FD01-4A20-A8C1-E5661631F8E0} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39ED8473-E3A2-40C1-AF5D-DE99969A2DAF} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39ED8473-E3A2-40C1-AF5D-DE99969A2DAF} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43A0C19B-8A4F-4A35-BB76-2CC2B9D208D9} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43A0C19B-8A4F-4A35-BB76-2CC2B9D208D9} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{462E3576-22E2-4425-8E2D-7CA4230BC706} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{462E3576-22E2-4425-8E2D-7CA4230BC706} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{796A6EF9-41A9-4FE5-AD53-88CA1179C7E8} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{796A6EF9-41A9-4FE5-AD53-88CA1179C7E8} => key removed successfully
    C:\Windows\System32\Tasks\{89381C7A-9154-4ECB-AD70-D9EB3139F283} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{89381C7A-9154-4ECB-AD70-D9EB3139F283} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94EF0B0D-0EA7-4C81-A57B-A962DF3069DF} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94EF0B0D-0EA7-4C81-A57B-A962DF3069DF} => key removed successfully
    C:\Windows\System32\Tasks\{00BA0C0A-676E-4AF3-8C46-3A0081535BE8} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{00BA0C0A-676E-4AF3-8C46-3A0081535BE8} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A6A6566-CEBA-44A1-88DB-A1AF7BFF7A42} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A6A6566-CEBA-44A1-88DB-A1AF7BFF7A42} => key removed successfully
    C:\Windows\System32\Tasks\{F53AC796-83E8-49D3-8536-742A55972953} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F53AC796-83E8-49D3-8536-742A55972953} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF7D7DD-CACE-4843-9B99-D1824DB211AD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF7D7DD-CACE-4843-9B99-D1824DB211AD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B373C8FC-2A40-40DC-9CBD-54AB0E3E7259} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B373C8FC-2A40-40DC-9CBD-54AB0E3E7259} => key removed successfully
    C:\Windows\System32\Tasks\{646A3B40-24AA-43D1-9068-0E7BDF369158} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{646A3B40-24AA-43D1-9068-0E7BDF369158} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA047E7A-DD8F-4FE6-A3F3-3709B7257740} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA047E7A-DD8F-4FE6-A3F3-3709B7257740} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFBE67F7-7AB0-447C-8D6C-B25F96F34EEF} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFBE67F7-7AB0-447C-8D6C-B25F96F34EEF} => key removed successfully
    C:\Windows\System32\Tasks\{D186FD19-A47D-4E5A-903B-5820D519AA62} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D186FD19-A47D-4E5A-903B-5820D519AA62} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C18077C7-1543-4663-8B75-46797E1A436F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C18077C7-1543-4663-8B75-46797E1A436F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA80646C-BCE3-4F1A-8670-184B7644F1BD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA80646C-BCE3-4F1A-8670-184B7644F1BD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC000D40-8537-4834-9F06-7F09749D8793} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC000D40-8537-4834-9F06-7F09749D8793} => key removed successfully
    C:\Windows\System32\Tasks\{1BF940F6-A9B6-45B1-862B-49A40E1CE5B9} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1BF940F6-A9B6-45B1-862B-49A40E1CE5B9} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D953EA11-F66A-42CD-A138-CF4F19F3B257} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D953EA11-F66A-42CD-A138-CF4F19F3B257} => key removed successfully
    C:\Windows\System32\Tasks\{304FE325-B2C6-4CEA-BCEE-478D306F12E8} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{304FE325-B2C6-4CEA-BCEE-478D306F12E8} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F52AFB60-6F34-4431-9984-99EE5E5AA982} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F52AFB60-6F34-4431-9984-99EE5E5AA982} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5D22763-B6BC-400B-886F-321BBD2DD224} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5D22763-B6BC-400B-886F-321BBD2DD224} => key removed successfully
    C:\Windows\System32\Tasks\{0E600EDF-77EA-4D2A-883C-120CCE397E8C} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E600EDF-77EA-4D2A-883C-120CCE397E8C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F69044FA-CE27-42FD-B792-DDD2E4D4C073} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F69044FA-CE27-42FD-B792-DDD2E4D4C073} => key removed successfully
    C:\Windows\System32\Tasks\{74B804BA-EE20-4B28-8980-DA08181CE808} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74B804BA-EE20-4B28-8980-DA08181CE808} => key removed successfully
    C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully

    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========


    ========= End of CMD: =========


    ==== End of Fixlog 14:07:50 ====


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP